Warp wrote:
> Orchid XP v7 <voi### [at] devnull> wrote:
>> No - it displays a message during the POST sequence. (And waits for a 
>> keypress.)
> 
>   What's that?

Power On Self Test.

In other words, the text-mode screen that briefly flashes past when you 
first power on the system. (That's why it waits for a confirmation 
keypress - otherwise you'd never SEE the damn thing!)

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message

Orchid XP v7 <voi### [at] devnull> wrote:
> Warp wrote:
> > Orchid XP v7 <voi### [at] devnull> wrote:
> >> No - it displays a message during the POST sequence. (And waits for a 
> >> keypress.)
> > 
> >   What's that?

> Power On Self Test.

  And how would it detect at that stage if something modified the MBR?
And even if it did, wouldn't it be too late? The modification and thus
the damage already happened.

-- 
                                                          - Warp

Post a reply to this message

On Wed, 12 Mar 2008 18:45:07 +0000, Orchid XP v7 wrote:

>> That depends on what type of machine you bought.  If you go out and
>> purchase a brand-name computer, the OS is already installed.
>> 
>> If you build your own, this is true, but most machines the OS is
>> already pre-installed.
> 
> True. But I'd wager that MBR protection is probably turned off on most
> machines out there.

Very likely.

> (Similarly, most have a BIOS write-protect feature so malware can't
> reflash the BIOS. And that's usually off. But then, any such malware
> would only work for one brand of motherboard anyway since there's no
> standard interface for that kind of thing...)

Actually, I don't think it'd be that hard - it wouldn't be a single brand 
of motherboard - there's only 3 or 4 major BIOS brands out there these 
days, if that.

Jim

Post a reply to this message

On Wed, 12 Mar 2008 16:05:06 -0500, Warp wrote:

> Orchid XP v7 <voi### [at] devnull> wrote:
>> No - it displays a message during the POST sequence. (And waits for a
>> keypress.)
> 
>   What's that?

POST = Power On Self Test.  I'm really surprised you don't know that, 
it's a very common thing for people who work with computers to know. 

<again, scnr>

Jim

Post a reply to this message

"Warp" <war### [at] tagpovrayorg> wrote
> Orchid XP v7 <voi### [at] devnull> wrote:

> > No - it displays a message during the POST sequence. (And waits for a
> > keypress.)

>   What's that?

You push down on a key until it registers or bottoms out. There's usually an
audible click too.

Post a reply to this message

Invisible wrote:
> More interesting is that it can touch the MBR from Windoze in the first 
> place...

Why's that interesting? Run "diskpart" (which comes with Windows) and 
tell it to look at the MBR.  Or google mbrfix, and have a program 
that'll read *and* write.

Indeed, read the first 512 bytes from the file \\.\physicaldisk0 to look 
at your MBR.  I just couldn't get it to open for writing.

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."

Post a reply to this message

Warp wrote:
>   And how would it detect at that stage if something modified the MBR?

It stores in the CMOS the checksum of the previous MBR.

> And even if it did, wouldn't it be too late? The modification and thus
> the damage already happened.

MBRs are pretty standard. You know your system is hosed, so instead of 
continuing you boot the CD and rewrite the MBR. :-)

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."

Post a reply to this message

somebody wrote:
> "Warp" <war### [at] tagpovrayorg> wrote
>> Orchid XP v7 <voi### [at] devnull> wrote:
> 
>>> No - it displays a message during the POST sequence. (And waits for a
>>> keypress.)
> 
>>   What's that?
> 
> You push down on a key until it registers or bottoms out. There's usually an
> audible click too.

BURN!  :-)

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."

Post a reply to this message

scott wrote:
>> http://www.f-secure.com/weblog/archives/00001393.html
> 
> Don't most BIOSs have some "prevent write to MBR" function?  Would malware 
> like this be able to get around that?

This only applies to software that uses the BIOS for disk I/O. Basically
this means bootloaders and somtimes first-level bootstrap routines (DOS
also). Modern OS's always have their own hardware drivers for disks.

Basically anything that can gain supervisor privileges on a windows system
can do whatever it wants with the hardware, even bypassing the OS's own
driver if need be (the latter requires that it understand the hardware of
course).

Post a reply to this message

>> True. But I'd wager that MBR protection is probably turned off on most
>> machines out there.
>
>  What actually happens if some software (for example an OS installer)
> tries to modify the MBR and it has been bios-protected?

ON mine I get a blue screen alerting me that something is trying to 
overwrite the MBR, and do I want to allow the write or not.

Post a reply to this message