boot disk, root kits, & bios oh my

November 27, 2010 at 09:39:02
Specs: Windows XP sp3, raina x3
I guess boot disks are good to make in case the boot sector gets corrupted - I have looked on the MS site how to make one with the xp cd -
I suppose I dont quite get the concept of it totally from what I've gathered the boot sector is on the harddrive in a different partition and then theres also what drivers windows boots for the os etc and video drivers and network drivers etc etc a rootkit hides in the bootsector (rootkit is probably bad it is a name for a virus in other words) so if this gets corrupted I would not want to boot from the boot sector on the hd I would want to boot from the boot sector from a floppy or cd or dvd
so I would want to make a boot sector that has all the drivers and etc not just the default ones -

for example if I am confident the boot sector I now have is good I want to make a back up of that soon -

question - and I know these are probably been asked - however maybe this will be usefully explained for me and others - also with external hdd enclosures now and new software there maybe better ways to handle such questions

1 - can I copy the existing boot sector exactly like is onto a bootable drive and use that so all my devices will be bootable not just the default ones [via taking the OS hdd and putting it into and ext enclosure to another pc and copying that sector onto a floppy or cd/dvd)?

2 - once that is copied wouldnt it be easy to reformat the boot sector and reinstall a good copy of it once its reformatted?

3 - can viruses survive a reformat?

4 - is there a way to disable writing to a boot sector partition only? and help prevent infecting such infections and re-enabling writing to it [if new devices are to be installed later and then re disabling writing or enabling write protection, but just to that sector]

5 - besides the above possiblities - if doing the more traditional boot disk copy is there a way to make it so it has all the drivers and everything needed to boot all the devices installed and not just preselect ones and a way to modify it so if more hard/software is added later

6 - also besides the hardrive including boot sector - bios - cmos is there anything else that can be corrupted via viruses trojans and worms? ie memory sticks or anything else like video cards etc??

7 - I do know that bios is generally not often corrupted but I am sure there will be something that does sometime and I want to be prepared for it and also dealing with traditional viruses are alot easier (and I am not really concerned with those too much anywho) than the ones that can get into boot sectors and bios so any ideas on write protecting bios besides getting a motherboard that has those capabilities would be cool to discuss here also

I personally have a few pcs - one has a custom sata switch (on off on) want to make sure if one hdd gets infected it doesnt corrupt the other - even though the other is completely off - through the vid card, memory or bios etc but also that is not the limit of this discussion - there are 7 questions up there and some might be usefull to others and me and I personally would think it should be possible to clone the boot sector via ext hdd encl with another pc - so I hope this actually brings on a lot of discussion and brainstorming for things I have even yet to consider - so please if this interests you let me read your thoughts here

See More: boot disk, root kits, & bios oh my

Report •

November 29, 2010 at 13:36:09
the answers to some of the questions - in order asked

1 - yes I can - esp with the help of software that is spec designed to copy partitions or sectors & also that can boot in DOS (though might not read ext enclosures depends on bios and mb) - also I can copy mbr or just make a startup boot disk - mbr can be copied with many softwares avail, incl disksave (designed for nt and 03 but seems will work for xp also) however if trying to fix or restore mbr can also do via xp cd - so theres many options avail - if the xp cd doesnt work than a back up copy of mbr (if one is made would be good to have) and if that doesnt work than booting from startup floppy or like and if that doesnt probably would need to get new hdd or try reformat

2 - the boot sector is not on a diff partition just at the beginning of the active so to say partition so my guess is not unless one wants to reformat the entire partition,
* I wonder if that sector can be defragmented or if it ever needs to be though

3 - yes - less likely if it is 0 filled also

4 - maybe - there are boot disks like some OS that are read only from cd that might not have this vulnerability - what I was thinking is more like a jumper for the hardrive - again its not a diff partition * however I am wondering if just that sector could be like pgp'd and if the bios could ask for password when booted - I dunno - there are also mbr floppy boot disks systems that also could have some uses

5 - the drivers and reg are all booted after a startup disk, if using one - * but was thinking along the lines of like to have a startup disk that can more customize which drivers to load also

6 - yes - ram does get infected but supposedly lose all memory once the power is turned off - anything that is considered firmware and can be flashed can get infected - ie some routers - dvd players - graphic cards - what if a virus changed the bios so that when you think you turned off the computer the ram is still on ie a susp mode - I suppose you could unplug it - anything that can be written to or flashed can get infected and recently I saw an article that a processor can have a virus - however probably would need to be done at the factory - * however there are probably many backdoors we dont know about - I always feel like someone is watching me . . . lol just singing the song I am sure we all do to some degree, paranoia wont destroy ya, it'll prepare ya

7 - the only ways I can see besides someone physically altering hardware that two hdd that are connected to the same mb with an on-off-on switch [meaning when one is on the other doesnt even get power] could get infected if the other does is through firmware like the bios or router - so far

Report •
Related Solutions

Ask Question