Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can viruses attack disabled drives?


  • Please log in to reply
2 replies to this topic

#1 RB_Kandy

RB_Kandy

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 04 December 2012 - 09:36 PM

I was wondering, if I disable a couple of hard drives from within BIOS, but keep them plugged in, can a virus, or any malware infect those disabled drives?

I ask this because at first thought, I would assume they couldn't since read and write access is not possible. But one day I was using a partitioning program that was able to access a drive I had disabled from BIOS. So I was wondering, is it possible a virus could also do this?

i realize the safest thing if I am going to activate a program I suspect to be a virus, would be to physically disconnect all other drives, and to physically turn off the network card to prevent internet access. But it would be a lot easier just to disable the drives from BIOS.

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:54 AM

Posted 05 December 2012 - 04:06 AM

Can you provide details how exactly you disable a drive in your BIOS? Is it a toggle called disable, or something else?
And what BIOS do you use?

And that partitioning program, what could it do exactly with this drive? Did it just list it in the overview, or could it also change partitions?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 RB_Kandy

RB_Kandy
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 December 2012 - 03:26 PM

Oh boy this was a few years ago on a different computer.
Um, I believe I went to some part of the bios where it displayed every piece of hardware "device" the motherboard could except. Example, it had 6 SATA ports, thus it gave you a list of what was on each SATA port. You could then adjust device type such as "ATAPI, IDE, SATA, SCSI, Disable."
To be honest, I never understood why it gave you the option to tell the BIOS an IDE was plugged into the SATA port.
If a device was actually plugged in, it would tell you the type of connection, and the type of device i.e. (SATA, HDD). When selecting it, you'd get the manufacturer, the model, and a few drive options such as Primary and Secondary Slave and Master, LBA, and RAID options.
I never understood half the options the stuff in BIOS gave me. I always had the "If it's not broke don't fix it" mentality.

I recall the reason I even messed with these options was I cloned my drive, and thus had 2 HDD's with active primary boot partition containing the exact same OS. Problem was it would boot from the wrong drive, no matter what boot order I set things too.
So I just went to BIOS and disabled that drive.
I remember having a Ubuntu live CD, the only way it would boot into that was to disable my HDD's so that it would boot from the media on the CD. Same with trying to boot from a floppy disk. Had to disable everything except the exact device I wanted to boot from. Because setting boot priority did nothing in this BIOS.

As for what I could do with the disabled drive in that partitioning program (which was either partition magic or paragon partitioner), I could read that the drive was there, it's manufacturer, see the partitions, primary, hidden, extended, active, unallocated space, and used and free space on all volumes, and see the cluster size too. I honestly don't remember if it showed volume label.

I don't believe I ever attempted to alter any of the partitions. I just remember thinking to myself "But this drive has been disabled from BIOS, how can any piece of software recognize something the BIOS is set to dismiss and ignore?"

Of course that same eerie feeling came over me on that motherboard when I looked at its overclocking software that was installed on Windows. Apparently, using a software program, after boot, you can do things like set the multiplier and voltage for various parts of the Mobo.
First thing that went through my mind was "just wait until some malware decides to lay dormant for a few minutes after boot, and then out of the blue double your CPU voltage and blow your CPU."
Or think of this: some hacker dude gets onto your machine via MSN assistance exploit, loads up that piece of software, sets your voltage for something too high, and can physically kill your computer... that's spooky.
I just don't like the idea that things on my BIOS can be switched on and off by a piece of software outside the BIOS.

Speaking of BIOS, call me old fashioned, but I don't like these new BIOS's with graphics, and mouse support. BIOS screens ain't meant to point and click. It ain't supposed to look pretty and user friendly. They are supposed to be black and white text, keyboard navigated. It's supposed to look cold and unfriendly to let dum dums know "if you don't know what you're doing, you don't need to be here".
Windows LOL! Back in my day we had DOS, and there was no pointing or clicking. And back in my day we didn't have touch screens; we had 120 lbs monitors that flickered orange text on black backgrounds until we had migraines and seizures, and no one touched their screens! There was no drag and drop! It was all command line. And we didn't stripe our SSD's, we used 5.25 inch floppy disks that were actually floppy! And our computer speakers didn't play rock and roll MP3's, all they did was beep at you when you did something wrong!
Come to think of it, the good ol' days of computers weren't that great. But hey, BIOS should still be black and white text navigated from the keyboard, and "disabled" ought to really mean disabled!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users