|
|
|
|
|
|
| |
| |
|
|
From: Warp
Subject: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 07:18:05
Message: <47d7c9fc@news.povray.org>
|
|
|
| |
| |
|
|
http://www.f-secure.com/weblog/archives/00001393.html
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: scott
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 07:56:32
Message: <47d7d300@news.povray.org>
|
|
|
| |
| |
|
|
> http://www.f-secure.com/weblog/archives/00001393.html
Don't most BIOSs have some "prevent write to MBR" function? Would malware
like this be able to get around that?
Post a reply to this message
|
|
| |
| |
|
|
From: Invisible
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 08:02:29
Message: <47d7d465$1@news.povray.org>
|
|
|
| |
| |
|
|
scott wrote:
> Don't most BIOSs have some "prevent write to MBR" function?
Ususally, yes. And usually, it's "off" by default. (When you unpack a
brand new PC, what's the first thing you do? Install an OS.)
> Would malware like this be able to get around that?
Unlikely. But this measure isn't commonly enabled.
More interesting is that it can touch the MBR from Windoze in the first
place...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:21:07
Message: <47d81f13$1@news.povray.org>
|
|
|
| |
| |
|
|
On Wed, 12 Mar 2008 13:02:28 +0000, Invisible wrote:
> Ususally, yes. And usually, it's "off" by default. (When you unpack a
> brand new PC, what's the first thing you do? Install an OS.)
That depends on what type of machine you bought. If you go out and
purchase a brand-name computer, the OS is already installed.
If you build your own, this is true, but most machines the OS is already
pre-installed.
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:45:06
Message: <47d824b2$1@news.povray.org>
|
|
|
| |
| |
|
|
> That depends on what type of machine you bought. If you go out and
> purchase a brand-name computer, the OS is already installed.
>
> If you build your own, this is true, but most machines the OS is already
> pre-installed.
True. But I'd wager that MBR protection is probably turned off on most
machines out there.
(Similarly, most have a BIOS write-protect feature so malware can't
reflash the BIOS. And that's usually off. But then, any such malware
would only work for one brand of motherboard anyway since there's no
standard interface for that kind of thing...)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:46:20
Message: <47d824fc@news.povray.org>
|
|
|
| |
| |
|
|
Orchid XP v7 <voi### [at] devnull> wrote:
> True. But I'd wager that MBR protection is probably turned off on most
> machines out there.
What actually happens if some software (for example an OS installer)
tries to modify the MBR and it has been bios-protected?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:59:05
Message: <47d827f9$1@news.povray.org>
|
|
|
| |
| |
|
|
Warp wrote:
> Orchid XP v7 <voi### [at] devnull> wrote:
>> True. But I'd wager that MBR protection is probably turned off on most
>> machines out there.
>
> What actually happens if some software (for example an OS installer)
> tries to modify the MBR and it has been bios-protected?
Varies by BIOS.
I believe what it *actually* does is yell "hey, somebody changed this!"
rather than actually _prevent_ the change from happening. But again, it
depends on what the BIOS writer has programmed it to do. To be honest,
I've never tried it myself...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 15:37:22
Message: <47d83f02@news.povray.org>
|
|
|
| |
| |
|
|
Orchid XP v7 <voi### [at] devnull> wrote:
> I believe what it *actually* does is yell "hey, somebody changed this!"
How does it do that? The bios cannot have sufficient info about the
graphics card in order to show a message on screen, especially if the
graphics card is currently in non-vga mode.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 15:38:28
Message: <47d83f44$1@news.povray.org>
|
|
|
| |
| |
|
|
>> I believe what it *actually* does is yell "hey, somebody changed this!"
>
> How does it do that? The bios cannot have sufficient info about the
> graphics card in order to show a message on screen, especially if the
> graphics card is currently in non-vga mode.
No - it displays a message during the POST sequence. (And waits for a
keypress.)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 16:05:06
Message: <47d84582@news.povray.org>
|
|
|
| |
| |
|
|
Orchid XP v7 <voi### [at] devnull> wrote:
> No - it displays a message during the POST sequence. (And waits for a
> keypress.)
What's that?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |