Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: AV Users cleansing computers - You are being ILLOGICAL

05 May 2010   #11
noyb

XP MCE .... XP Pro 64 .... W7 U x64
 
 

I have a neighbor who is a security Guru ..
(used to be his job in a room that could self destruct)

I'm going to ask him about this ...
The problem will be that I can only understand about 1% of what he tells me.

One day, I watched his Laptop hack into a typically secured wireless network in under 3 minutes.
Luckily .. He can be trusted

He said the only really secure network was a Sneaker Net .. (think tennis shoe)

Anyway ..
He was telling me that the next problem will be rootkits that can embed themselves into the BIOS.
I hope Ya'll aren't paranoid.


My System SpecsSystem Spec
.
05 May 2010   #12
Zepher

Windows 7 Ultimate 64bit
 
 

So, if I get infected, I will have to write 0/1's on all 14 of my hard drives?
My System SpecsSystem Spec
05 May 2010   #13
zzz2496

Windows7 Ultimate 64bit
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Hi there
Nicely written and a good read -- BUT and here's the But -- until the kernel is properly loaded and running there isn't a "Ring 0" to start with.

The 2nd part of the bootstrap is just loading a CHUNK OF CODE from a Disk sector pointed to from the initial ist part of the bootstrap into memory and then starts executing the loaded code at the memory address the code was loaded in to.

Until the device drivers and Kernel have been fully loaded and initialised there isn't ANY Kernel protection -- it's just code being executed.

Now this code can do ANYTHING it likes at ANY privilege level it wants so it's very difficult if not impossible for the OS to ascertain whether anything untoward has been loaded or even executed before the kernel is fully operational.

For example the code could alter files on your disk so it would infect applications that the OS won't know anything about etc etc.

Remember at this point the "Bootstrap" has access to all physical sectors on every disk so it's only a matter of reading and patching the disk sectors-- you would need to understand something about the "File system" to do this -- but this isn't exactly Programming 101 stuff.

It's not a trivial matter to design these types of programs but they DO exist.

If people think deep erasing a disk is over the top that's just fine -- but since I can restore an entire W7 image within 10 Mins after wiping a disk then I'm quite happy to fully wipe an infected disk before even THINKING of using it again.

Anyway I enjoyed the discussion.

(Although we've drifted a bit - the essence of the discussion was was that if no Virus detection program is 100% accurate then no Virus eradicator program is 100% accurate or complete either).

Cheers
jimbo
Hi jim,

Very true, before the kernel properly loaded, there is no "Ring 0". Here's the thing, you forgot about "Real mode" and the "handing off" process to "Protected mode". BIOS works in "Real mode", it can only access the first 504MB of ANY disk. Any virus/whatever can't load BEFORE the kernel loads. It simply can't access the disk. Before moving to "Protected mode", the disk is just a jumble of nonsense (if it can access it - it can't), not to mention - you need a "kernel" that at least have the proper device driver that understand the LBA structure before continuing the "wreak havoc" process. LBA = logical block address table, it's a "translation table" for BIOS so that it can roughly estimates the disk's size.
Quote:
Remember at this point the "Bootstrap" has access to all physical sectors on every disk so it's only a matter of reading and patching the disk sectors-- you would need to understand something about the "File system" to do this -- but this isn't exactly Programming 101 stuff.
No, the bootstrap can't access everything at this time - it only have access to the MBR. When BIOS is still in charge, the whole system is running in 16 bit "Real mode", a very limited runtime mode, it's like back in the DOS days. It can only read the first 504MB disk space. Once it moves to at least 16 bit "Protected mode" and load the proper drivers, the it got more disk spaces to access.

And yes, there is no 100% virus protection (yeah, we drifted a bit. Sorry...). In my book, it's too much to do a deep delete just to cleanse an infected machine, the logic is just isn't there IMHO.

Btw, I really enjoy this discussion very much, it's fun to have a friend to pick brains with

zzz2496
My System SpecsSystem Spec
.

05 May 2010   #14
zzz2496

Windows7 Ultimate 64bit
 
 

Quote   Quote: Originally Posted by Zepher View Post
So, if I get infected, I will have to write 0/1's on all 14 of my hard drives?
Zepher, writing 0's all over means destroying EVERYTHING you have... I do hope you understand that part...

zzz2496
My System SpecsSystem Spec
Reply

 AV Users cleansing computers - You are being ILLOGICAL




Thread Tools




Similar help and support threads
Thread Forum
Custom built PC, illogical fails
Hey guys, so, my PC is custom built, I built it myself after carefully learning about which components would match and such. This was about four years ago. After a while, about one year ago, it started acting up, random shutdowns, blue screens, freezes. I thought it was due to overheating (As...
PC Custom Builds and Overclocking
C:\Users\All Users\Start Menu - Access Denied !!!
How do I add custom items to the above folder ? I need to add shortcuts for our corporate ERP application.
Installation & Setup
sharing with specific users/computers in the network
Okay, i have a desktop and a laptop: desktop: user: alex password: password laptop: user: alex password: password
Network & Sharing
Sharing between users on different computers
My roommates and I decided to set up sharing between the computers on the wireless network. So I managed to stumble my way through it and get the correct setup using a user profile with the same name and password. Everything works fine on other computers, but I managed to click something to the...
Network & Sharing
Detecting Users from remote Computers/Machines
Hey guys I'm having trouble setting up my home network. What I'm trying to do is to add my remote PC' s User(myLaptop-Kevin) to the folder permission settings.. Tidbits: 1. myLaptop is detected in my Network. So I guess the physical connection is good. See picture. ...
Network & Sharing
Hiding Users' files from Guest Users
As Administrator, Iíve created my own folders for my documents. These are located in the D: partition of my hard drive; and they are shown in the Library section of the contents of the computer, on the left. Now, when opening the computer from the Guest Account, my own folders do not appear...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 13:55.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App