TIP: Click on subject to list as thread! ANSI
echo: alt-comp-anti-virus
to: ALL
from: WOLF K
date: 2014-08-05 01:18:00
subject: Re: Registry-infecting re
On 2014-08-05 9:58 AM, FromTheRafters wrote:
> Wolf K explained on 8/5/2014 :
>> On 2014-08-04 8:29 PM, FromTheRafters wrote:
>>> David W. Hodgins submitted this idea :
>>>> On Mon, 04 Aug 2014 10:46:04 -0400, FromTheRafters
>>>>  wrote:
>>>>
>>>>> Virus Guy wrote on 8/4/2014 :
>>>
>>> No, I wrote that.
>>>
>>>>> Isn't a Microsoft Word document a file?
>>>>
>>>> Yes
>>>>
>>>>> Is a bootsector a file?
>>>>
>>>> No. It's the first sector of the drive being booted from, though
>>>> many boot loaders will also use additional sectors, up to the 64th
>>>> sector, as that was the standard location for starting the first
>>>> partition on old ata hard drives.
>>
>> Semantics. The boot sector contains a file. The data in the file
>> points to the location of the program that loads the OS, but, as you
>> well know, you can start all kinds of things before loading the OS. Etc.
>>
>>>>> Is BIOS a file?
>>>>
>>>> No. It's usually an eprom chip on the motherboard, that is used
>>>> during startup to find the hard drive to boot from, and then load
>>>> the boots ector from that drive, and then transfer control to the
>>>> code from that boot sector. I say usually, as some older mother
>>>> boards used a prom, so a bios update required replacing the chip.
>>
>> BIOS is a file (data and program) that starts the boot process. Where
>> and how BIOS is stored is irrelevant. It's still a file. Eg, PROM vs
>> EEPROM makes no difference. In very early micro-computers, as you may
>> recall, BIOS was a configuration of switches on the front panel. In
>> later computers, much of what we now consider BIOS was on the external
>> storage media from which the OS was loaded. For that matter, a
>> universal bootloader could be included in BIOS, if the industry agreed
>> on a standard. Etc. Think of BIOS as a minimal OS.
>>
>>> Exactly so. My point to VG was, malware start method persistence not
>>> based on a file is nothing new.
>>>
>>> Granted, the approach being used is interesting. I wonder if Virus Guy's
>>> modified Win98 still has the decoder - he might have eradicated it. I
>>> don't think it is strictly necessary, looks like just obfuscation
>>> related.
>>
>> Start method persistence is impossible without some data stored
>> somewhere. IOW, sure, there's a file. You just have to figure out
>> where it is.
>>
>> Have a good day,
>
> I disagree with this usage when in this context. These entities exist
> and are accessed before there is a file system extant to access true files.

"True" files????

-- 
Best,
Wolf K
kirkwood40.blogspot.ca
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.