Re: Protecting the Operating System

Sebastian Gottschalk wrote:

Regarding point 1, it takes a fair level of technical skill to write one's
own MBR to splice into the chain.

No, it's trivial.

Let's just assume for a second that your fantasy bears some small
resemblance to reality, and you're really not just a bag of wind. If
it's "trivial" to code and install a custom MBR, then it's an order of
magnitude more trivial to simply replace it with a good one. Your
"threat" is so easily countered it's pointless and insignificant.

That obvious fact aside, have you ever actually tried replacing
bootstrap code on an encrypted drive, or are you talking out your ass
as usual? Would you be real shocked to find out that there's no
mainstream whole disk encryption software available today that doesn't
do a considerable amount of integrity- and self-testing? Doesn't take
great pains to safeguard what little there is left out in the open.

I suggest you actually *try* your hair brained theory before you make
yourself look any more foolish. You're in for a rude awakening.

Moreover, unless the modified MBR can do
wnhat it wishes *as well as return control to the original encrypted boot
process* all within one track, then it will have to put its malware
elsewhere on the HD.

You just need one little modification of the original boot program, that is
to store the entered password or the derived key somewhere. Just due to the
512 Byte alignment, you usually already have enough space available. And
what about optimizing the original program to reduce its size? Trivial.

Riiiiiight.... that's why boot sector viruses are still so prevalent
today. Because it's so much more easy to hide things in an MBR than
poke holes in networking protocols and software. That's why boot sector
viruses were never detected or anything, huh?