|
|
|
|
|
|
| |
| |
|
|
From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:45:06
Message: <47d824b2$1@news.povray.org>
|
|
|
| |
| |
|
|
> That depends on what type of machine you bought. If you go out and
> purchase a brand-name computer, the OS is already installed.
>
> If you build your own, this is true, but most machines the OS is already
> pre-installed.
True. But I'd wager that MBR protection is probably turned off on most
machines out there.
(Similarly, most have a BIOS write-protect feature so malware can't
reflash the BIOS. And that's usually off. But then, any such malware
would only work for one brand of motherboard anyway since there's no
standard interface for that kind of thing...)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:46:20
Message: <47d824fc@news.povray.org>
|
|
|
| |
| |
|
|
Orchid XP v7 <voi### [at] devnull> wrote:
> True. But I'd wager that MBR protection is probably turned off on most
> machines out there.
What actually happens if some software (for example an OS installer)
tries to modify the MBR and it has been bios-protected?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:59:05
Message: <47d827f9$1@news.povray.org>
|
|
|
| |
| |
|
|
Warp wrote:
> Orchid XP v7 <voi### [at] devnull> wrote:
>> True. But I'd wager that MBR protection is probably turned off on most
>> machines out there.
>
> What actually happens if some software (for example an OS installer)
> tries to modify the MBR and it has been bios-protected?
Varies by BIOS.
I believe what it *actually* does is yell "hey, somebody changed this!"
rather than actually _prevent_ the change from happening. But again, it
depends on what the BIOS writer has programmed it to do. To be honest,
I've never tried it myself...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 15:37:22
Message: <47d83f02@news.povray.org>
|
|
|
| |
| |
|
|
Orchid XP v7 <voi### [at] devnull> wrote:
> I believe what it *actually* does is yell "hey, somebody changed this!"
How does it do that? The bios cannot have sufficient info about the
graphics card in order to show a message on screen, especially if the
graphics card is currently in non-vga mode.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 15:38:28
Message: <47d83f44$1@news.povray.org>
|
|
|
| |
| |
|
|
>> I believe what it *actually* does is yell "hey, somebody changed this!"
>
> How does it do that? The bios cannot have sufficient info about the
> graphics card in order to show a message on screen, especially if the
> graphics card is currently in non-vga mode.
No - it displays a message during the POST sequence. (And waits for a
keypress.)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 16:05:06
Message: <47d84582@news.povray.org>
|
|
|
| |
| |
|
|
Orchid XP v7 <voi### [at] devnull> wrote:
> No - it displays a message during the POST sequence. (And waits for a
> keypress.)
What's that?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 16:08:34
Message: <47d84652$1@news.povray.org>
|
|
|
| |
| |
|
|
Warp wrote:
> Orchid XP v7 <voi### [at] devnull> wrote:
>> No - it displays a message during the POST sequence. (And waits for a
>> keypress.)
>
> What's that?
Power On Self Test.
In other words, the text-mode screen that briefly flashes past when you
first power on the system. (That's why it waits for a confirmation
keypress - otherwise you'd never SEE the damn thing!)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 18:05:54
Message: <47d861d2@news.povray.org>
|
|
|
| |
| |
|
|
Orchid XP v7 <voi### [at] devnull> wrote:
> Warp wrote:
> > Orchid XP v7 <voi### [at] devnull> wrote:
> >> No - it displays a message during the POST sequence. (And waits for a
> >> keypress.)
> >
> > What's that?
> Power On Self Test.
And how would it detect at that stage if something modified the MBR?
And even if it did, wouldn't it be too late? The modification and thus
the damage already happened.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 18:55:11
Message: <47d86d5f@news.povray.org>
|
|
|
| |
| |
|
|
On Wed, 12 Mar 2008 18:45:07 +0000, Orchid XP v7 wrote:
>> That depends on what type of machine you bought. If you go out and
>> purchase a brand-name computer, the OS is already installed.
>>
>> If you build your own, this is true, but most machines the OS is
>> already pre-installed.
>
> True. But I'd wager that MBR protection is probably turned off on most
> machines out there.
Very likely.
> (Similarly, most have a BIOS write-protect feature so malware can't
> reflash the BIOS. And that's usually off. But then, any such malware
> would only work for one brand of motherboard anyway since there's no
> standard interface for that kind of thing...)
Actually, I don't think it'd be that hard - it wouldn't be a single brand
of motherboard - there's only 3 or 4 major BIOS brands out there these
days, if that.
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 18:56:08
Message: <47d86d98$1@news.povray.org>
|
|
|
| |
| |
|
|
On Wed, 12 Mar 2008 16:05:06 -0500, Warp wrote:
> Orchid XP v7 <voi### [at] devnull> wrote:
>> No - it displays a message during the POST sequence. (And waits for a
>> keypress.)
>
> What's that?
POST = Power On Self Test. I'm really surprised you don't know that,
it's a very common thing for people who work with computers to know.
<again, scnr>
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |