Results 1 to 6 of 6
  1. #1
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,842
    Thanks
    258
    Thanked 174 Times in 147 Posts

    Free tool protects PCs from master boot record attacks

    Hmmm, looks promising.
    http://www.csoonline.com/article/313...d-attacks.html

    The tool acts as a system driver and blocks ransomware and other malicious programs from injecting rogue code into the master boot record
    Cisco's Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.
    The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub.

  2. The Following 4 Users Say Thank You to lumpy95 For This Useful Post:

    BHarder (2016-10-21),Dick-Y (2016-10-21),Rick Corbett (2016-10-21),Slorm (2016-10-21)

  3. #2
    Star Lounger
    Join Date
    Dec 2009
    Location
    Carlisle UK
    Posts
    70
    Thanks
    20
    Thanked 9 Times in 7 Posts
    There's an article about it here as well http://www.bleepingcomputer.com/news...r-boot-record/

  4. The Following 3 Users Say Thank You to Slorm For This Useful Post:

    Dick-Y (2016-10-21),lumpy95 (2016-10-21),Rick Corbett (2016-10-21)

  5. #3
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,842
    Thanks
    258
    Thanked 174 Times in 147 Posts
    Bleepingcomputer is a bit more descriptive, thanks.

  6. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,176
    Thanks
    47
    Thanked 982 Times in 912 Posts
    Though not very common, Master Boot Record (MBR) encrypting or modifying ransomware can be disastrous when they hit.
    I'll stick to my tried and tested backup strategy then.

    cheers, Paul

  7. #5
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,842
    Thanks
    258
    Thanked 174 Times in 147 Posts
    I'll stick to my tried and tested backup strategy then.
    That's my current strategy also but the MBRFilter would be an extra shield.

  8. #6
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,842
    Thanks
    258
    Thanked 174 Times in 147 Posts
    Here is a review with some misgivings about MBRFilter.
    Stop ransomware infecting your MBR with MBRFilter

    http://www.pcauthority.com.au/News/4...atest+Articles

    One potentially big catch, if you’re not paying attention, is that installing the wrong version (32-bit on 64-bit Windows) may prevent your system from booting. At all. And because MBRFilter works at the driver level, none of the usual Safe Mode, /fixmbr or other repair tricks will work.

    A more minor hassle is that you might legitimately need to rewrite an MBR to initialize a new drive, or maybe set up an operating system. MBRFilter prompts you to try the operation again in Safe Mode, and Talos offers more thoughts in the Readme:

    “This can cause an issue when initializing a new disk in the Disk Management application. Hit ‘Cancel’ when it asks you to write to the MBR/GPT and it should work as expected. Alternatively, if OK was clicked, then quitting and restarting the application will allow partitioning/formatting.”

    Another issue is that MBRFilter has no interface, no temporary “disable” feature or bundled “uninstall”. The only way to remove the filter is to go to HKLM\System\CurrentControlSet\Control\Class\{4d36e 967-e325-11ce-bfc1-08002be10318} and remove it from the UpperFilters key.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •