Discussion in 'other security issues & news' started by MrBrian, Dec 23, 2011.
A more appropriate title would be this lol :
"Legit bootkits in Instant System Recovery/Restore Software"
Anyway, it was a very interesting read that is quite revealing, although a few details have been quite known here (although in simplified terms) such as partition editing tools are not to be used in conjunction and most (if not all) ISR software fails again malware that tries to modify/infect the MBR. LUA can help to defend against this but for processes running with administrative privileges (either through privilege escalation or mistaken trust and execution by admin), they would benefit from something like MBRGuard. Just take note that MBRGuard is no longer offered as a stand-alone program by BlueRidge and is incorporated into AppGuard instead. X86 users who has a copy of MBRGuard can make use of it
Separate names with a comma.