Viruses That Infect Recovery Partitions on Windows Computers - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Viruses That Infect Recovery Partitions on Windows Computers

On Fri, 09 Aug 2013 10:45:46 -0500, Thane wrote:

Quoted text here. Click to load it

Sorry missed this.

+10.

Thane

Re: Viruses That Infect Recovery Partitions on Windows Computers

On Wed, 07 Aug 2013 15:20:19 -0400

Quoted text here. Click to load it

Does it matter? Are you asking if the "hidden" partition can be touched by malware?
  
Quoted text here. Click to load it
  
They likely cannot get 'infected', but they might get corrupted.

Quoted text here. Click to load it

Yes, then one need not worry about whether or not malware can touch it.

Re: Viruses That Infect Recovery Partitions on Windows Computers

FromTheRafters has written on 8/7/2013 6:43 PM:
Quoted text here. Click to load it

By an outside agency?

Re: Viruses That Infect Recovery Partitions on Windows Computers

On Wed, 07 Aug 2013 19:55:44 -0400

Quoted text here. Click to load it

The possibility exists, but it is unlikely that a malware author will bother to try. If he or she has the required permissions, there are much better things to do.

Re: Viruses That Infect Recovery Partitions on Windows Computers

FromTheRafters has written on 8/7/2013 8:20 PM:
Quoted text here. Click to load it

Such as?

Re: Viruses That Infect Recovery Partitions on Windows Computers

On Thu, 08 Aug 2013 12:34:17 -0400

Quoted text here. Click to load it

Just about anything. To assign a drive letter and access the partition would require admin or better privileges. The malware could make itself 'persistent' and 'stealthy' with those permissions. To virally "infect" programs on that formally hidden partition would require that it not be encrypted (or maybe even compressed) so that suitable host programs could be found. Corruption would probably be easy enough though.

Re: Viruses That Infect Recovery Partitions on Windows Computers

wrote:

Quoted text here. Click to load it

If you have exploited a system vulnerability such that you can access
a partition that is protected against access by even Administrator
(root) access privileges then you already "own" the machine and you
don't *need* to worry about that partition access because you can do
anything you want on the system. The only bonus would be that you can
access that recovery partition to re-infect the system if the real
owner decided to use it to restore their system. Of course, all that
effort would be for nothing if they used read-only media instead.

Re: Viruses That Infect Recovery Partitions on Windows Computers

Geoff has written on 8/9/2013 1:36 AM:
Quoted text here. Click to load it

For what?

Re: Viruses That Infect Recovery Partitions on Windows Computers

wrote:

Quoted text here. Click to load it

For restoring their system.

Re: Viruses That Infect Recovery Partitions on Windows Computers

Geoff has written on 8/9/2013 7:57 AM:
Quoted text here. Click to load it

Cool! How do I get a manufacturer to write their recovery partition on
read-only media? :-)

Re: Viruses That Infect Recovery Partitions on Windows Computers



Quoted text here. Click to load it

You can't unless the Recovery Software is provided on DVD media.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: Viruses That Infect Recovery Partitions on Windows Computers

David H. Lipman has written on 8/9/2013 11:18 AM:
Quoted text here. Click to load it

In which case, this entire question would not have arisen. :-)

Re: Viruses That Infect Recovery Partitions on Windows Computers

On Fri, 09 Aug 2013 11:34:58 -0400

Quoted text here. Click to load it

Indeed. If I were you (I really don't know what you are asking now) I wouldn't worry about the possibility that your (or somebody else's) restore data has been "infected" or "corrupted" as it is highly unlikely to happen even though it is possible. That being said, it doesn't mean that it is *not* a good idea to make your *own* recovery plans that don't include storing the recovery data/programs on the same machine that you hope to safeguard.

If you are confident in your *own* recovery plan, you can fee up some more storage space by reclaiming the storage area(s) that had been set aside for *their* recovery plan. The procedure for doing so for Win 8 is probably online somewhere as I doubt you are the only one asking these questions.

Re: Viruses That Infect Recovery Partitions on Windows Computers

wrote:

Quoted text here. Click to load it

I have a Gateway PC and there is a tool called Recovery Management for
creating a Factory Default Disk. This tool burns a DVD with the
as-delivered drive image on it that you can use to restore the hard
drive to the state it was in when the system shipped.

This is the way the manufacturers are doing it now. Ship the machine
with everything on the HD and let the customer spend the time and
effort making the DVD recovery set. They are running on margins so
slim now they don't even want to spend the $1.98 for a DVD set.

Re: Viruses That Infect Recovery Partitions on Windows Computers

On Tue, 06 Aug 2013 18:45:30 -0400

Quoted text here. Click to load it

It's the part that carries out the malware author's (bad?) intent such as installing a keylogger or a backdoor, the rest is just a vehicle to replicate/distrubute that payload. Viruses do it by 'infecting' other programs with themslves, and worms in ways not requiring infection.  
  
Quoted text here. Click to load it

Make some drive images and store them somewhere not accessible by the computer during normal operation.

Re: Viruses That Infect Recovery Partitions on Windows Computers

wrote:

Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it

Recovery partitions don't generally have drive letters. The Windows
file system can't access a partition that it can't assign to a drive.
I just tried a casual and by no means scientific attempt to assign a
drive letter to my Win7-64 recovery partition and the option doesn't
even exist as far as Disk Manager is concerned. An attacker would have
to elevate his process to some level where that capability exists and
then exploit it successfully.

Re: Viruses That Infect Recovery Partitions on Windows Computers

Geoff has written on 8/6/2013 8:43 PM:
Quoted text here. Click to load it

Thanks.

Site Timeline