[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Boot Virus



Steve Bowman <sbowman@frostwork.net> writes:

> On Fri, Sep 29, 2000 at 12:40:33AM -0400, Adam Di Carlo wrote:
> > "Christopher Dryburgh" <cdryburgh@grtech.net> writes:
> > 
> > > Thankyou Macan. I will look into it. Just some extra information. I only run
> > > into the single user shell and need to use fsck when booting from the hard
> > > drive. Booting using the floppy does not cause this to happen. There is
> > > something about booting from the hard drive that corrupts the file system.
> > > Other wise I would not need to use fsck when booting from hard drive. Just
> > > turning off the switch that monitors for boot viruses would not solve the
> > > problem if there is a virus.
> > 
> > I've run Linux since 1995 and I've never had a boot virus on a linux
> > box.  It's only single-users insecure operating systems which have
> > this problem.  The user is correct, disable the BIOS warning.
> > 
> > that may or may not fix your problem.  If not, I would look at the
> > partition tables again and make sure they are kosher.  But given the
> > boot from floppy vs boot from hd scenario, I'm quite sure your
> > overachieving BIOS is to blame.
> 
> Furthermore, the installation instructions tell you to turn off BIOS
> virus protection (section 3.3.4).  I assume there's a reason someone
> bothered to put it in the instructions.

First the Virus Protection in the bios should disable any write access
to the MBR and the bootblock by non authorized programms. (How should
that ever work :).

It also should detect any unusual mbr/bootblock on the drive and not
boot it, so that when a virus is present it is recognised and not
executet.

The Problem is that several old bios think that Linux (lilo) is a
virus and refuse to boot it or they prevent lilo from writing the mbr,
so linux is not bootable.

Any bootvirus present on the system will be disabled when starting
linux, unless its something as complex as vmware or plex. After that
lilo can overwrite the mbr and thereby delete the virus. When booting
the bootdisks no virus is startet at all and any boot virus on the
drive will get overwritten as well by the lilo installation.

Turn the Bios off for installation and turn it on if linux still boots
with it on (if you use some risky M$ OS).

MfG
        Goswin



Reply to: