Boot-sector - Master Boot Record (MBR)

[ErikAlbert]

Hello,

 

Is Boot-sector the same as MBR or is it something else ?

It doesn't really matter, but it's very confusing to me.

 

Everybody knows that the boot-sector can be infected by viruses.

Is it possible to protect the boot-sector against viruses without using AV-scanners ?

For example :

Is it possible to replace a (infected) boot-sector with a valid boot-sector BEFORE reboot

or at any other time automatically ?

Is there some DOS-command that fixes an infected boot-sector during each reboot ?

Is there some software that is specialized in protecting the boot-sector against viruses ?

Is encrypting a boot-sector possible ?

 

I'm just guessing. What is really possible ?

Thanks in advance.

Edited September 13, 2010 by ErikAlbert

[RandyL]

Is there some software that is specialized in protecting the boot-sector against viruses ?

 

Yes. A good AV will do that. For the most part the answer to the rest of your questions is No.

[ErikAlbert]

Yes. A good AV will do that. For the most part the answer to the rest of your questions is No.

 

All existing AV/AS/AT/...-scanners are based on blacklists, which means

1. they never remove known viruses, that aren't listed on their blacklist.

2. they never remove unknown viruses.

3. they only remove known viruses, that are listed on their blacklist.

So in 2 cases of 3, any existing AV-scanner fails to do its job.

 

I can't give such an important job, like protecting the boot-sector, to an incomplete AV-scanner. That's the same as welcoming boot-sector-viruses.

 

There must be a much better solution after so many years of fighting against viruses.

Are you sure your knowledge is up-to-date ?

[Goku]

Hello Erik. Most BIOS today have an option of protecting against boot sector viruses. Antiviruses usually aren't very effective against boot sector viruses as they are loaded after POST, at the very earliest. You can try searching in the BIOS for the boot protection option but please don't change any settings there unless you know what they do.

 

I can't give such an important job, like protecting the boot-sector, to an incomplete AV-scanner. That's the same as welcoming boot-sector-viruses.

There are now much more advanced forms of protection available Erik. I can list them for you if you would like but the problem with them is that they can do worse damage than a virus if gone awry or corrupted.

 

Hope that helps. :)

 

-- Goku

[ErikAlbert]

Dear Goku,

I'm relieved to hear there is at least something else than AV-scanners.

I will look into the BIOS and check it without doing anything unless I know what I'm doing.

 

And yes, I would like to know about the more advanced forms of protection against boot-sector-viruses, if possible and I will be very careful. Staying out of trouble is my best talent.

I have already a good security, but I missed that one and I don't know much about it either. So any information about this subject is welcome.

At least, I will have some tips, to continue my research.

Thank you in advance.

[Goku]

And yes, I would like to know about the more advanced forms of protection against boot-sector-viruses, if possible and I will be very careful. Staying out of trouble is my best talent.

I have already a good security, but I missed that one and I don't know much about it either. So any information about this subject is welcome.

At least, I will have some tips, to continue my research.

As you wish Erik. :)

 

The softwares which provide almost a blanket security against any threat (including zero day ones) are listed below. I know only two but there might be more:

• Deep Freeze
  
• Returnil
  

Essentially these programs freeze the state of the computer it is in. After their security is activated, any changes made manually or automatically, programs installed (legitimately or illegitimately) etc. are undone after a reboot. This can be both advantageous and disadvantageous. Have your pick if you think you need that kind of security.

 

On the other hand, a more flexible and efficient solution can be Sandboxie. It basically does the same thing as the above listed programs but the only difference is that it does it for programs only you say it should. For example, if you receive a suspicious file, you can run it in a sandbox and see what changes does it make. All the changes are lost once the sandbox is closed. So your system is never harmed. And the best part about Sandboxie is that it's free. :)

 

In my opinion, having Sandboxie with a good security suite and safe browsing habits should keep nearly every known threat out. In the end, it's your choice. So customize your options as per your need.

 

Hope that helps.

 

-- Goku

[ErikAlbert]

Dear Goku,

 

Thanks for the additional information. The funny thing is, that I know these softwares already and they are really good.

I'm not using DeepFreeze or Returnil, I use FirstDefense-ISR (FD). Unfortunately FD isn't available anymore and the development has been stopped, because it wasn't a commercial success. The maintaince and support however continues, nevertheless I keep on using it.

FD is the king of all "Immediate System Recovery"-softwares and you can do alot more with it than DeepFreeze and Returnil.

FD's frozen snapshot = DeepFreeze or Returnil Virtual System, but a frozen snapshot is just an additional function of FD.

Nevertheless, you mentioned the best alternatives for FD and one day I have to drop FD and then I have to use one of them. I can use FD for many years, because it's compatible with "Windows 7".

 

I also use the payed version of "Sandboxie" (SB) to put Internet Explorer and Firefox in a sandbox and to protect my partition-D (data), while I'm surfing on the internet.

A sandbox collects every object, that is caused by my actions on the internet : clicking, downloading, whatever and once in the sandbox it can't hurt the rest of my system, at least that's the theory.

Sandboxie was nothing in the beginning, not userfriendly and full of bugs, but Ronen Tzur, a very hardworking programmer continued to improve it and the lastest versions are much better.

 

On top of that I use Anti-Executable (AE), which whitelists first every executable on my computer. After that any other executable is killed immediately without even asking "Yes" or "No", it's always "No".

AE recognizes more than 80 executables of several programming languages (EXE,MSI,DLL,SRN,OCX,...).

AE doesn't allow any change in whitelisted executables and has a quintuple control.

Once I unzipped a .zip-file, which contained executables, AE killed them immediately before my eyes.

That's what I call security.

 

My assumption is that the combination FD + AE + SB are the main reason, why I still don't have viruses in my boot-sector/MBR.

I don't use any scanners anymore during the last 5 years and I still have to find the first scanner, that beats my system, they don't find any malware, except false positives, which I verified.

Also my HijackThis Log was checked by specialized malware-removers in a Malware Forum and they couldn't find anything either.

I never spend anytime on malware and it's seems to work during 5 years already.

I can run any scanner right now, I know the results already : no malware found.

 

I'm glad you mentioned all these softwares, which proves my choices were right 5 years ago.

During the last 5 years, I have a trouble-free system, that cleans and repairs itself automatically during EACH reboot in 2 minutes. I remove every known and unknown malware on my computer during the same reboot.

My computer became a paradise and I'm enjoying it every day, you have no idea how much time I save. :)

Edited September 13, 2010 by ErikAlbert

[ErikAlbert]

The trouble is nobody believes me, when I'm telling this to other users.

They call me a "troll" and tell me to keep my mouth shut.

That's OK with me, let them waste their time on running scanners, HijackThis logs.

Making a mess of their computer by installing/uninstalling softwares.

 

I can install all Norton softwares on my computer and remove them without a trace. Try that with a classical installed computer.