Would installing an OS on an external ssd and booting into that to run pirated software while blocking access to other drives in your system or physically unplugging them be one way?

Or are there better ways to isolate the software you run and use as much as possible?

  • yum13241@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Trojans that install themselves into the MBR will just screw up your boot process on a UEFI system and vice versa. Also, if you don’t use a default bootloader, you’ll definitely notice something on a UEFI system if it tries to delete all other bootloaders.

    On BIOS systems however, it gets a little tricky, since it just blindly reads the first few sectors, without respect to what you “set” as the default, so that Trojan could just add itself and move everything over a bit, and you can’t tell. See the Michelangelo MBR virus. It wiped your drive on March 6 of any year.

    On a UEFI system, the best it could do is replace the Microsoft bootloader, and that would trip Secure Boot, which is enabled by default. Even then you don’t need to directly modify sectors or format your drive, you can just replace the bootloader.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Agreed it’s rare. But it exists, Moon bounce, Mosaic regressor, so if you’re trying to segment things you should just remove the drives and not worry about it.