Here we have another example of Slashdot taking non-news, making it sound very sensational, giving it some anti-Microsoft spin, and then passing it off as something newsworthy. Could you imagine how horribly skewed your perception of the world would be if you took every story and description on Slashdot as truth? Today’s example:

Boot Record Rootkit Threatens Vista, XP, NT
Paul sends us word on a new exploit seen in the wild that attacks Windows systems completely outside of the control of the OS. “Unfortunately, all the Windows NT family (including Vista) still have the same security flaw — MBR [Master Boot Record] can be modified from usermode. Nevertheless, MS blocked write-access to disk sectors from userland code on VISTA after the pagefile attack, however, the first sectors of disk are still unprotected… At the end of 2007 stealth MBR rootkit was discovered by MR Team members (thanks to Tammy & MJ) and it looks like this way of affecting NT systems could be more common in near future if MBR stays unprotected.”

ZOMG?!?!, all Windows machines are vulnerable to this new attack because stupid Microsoft made the MBR writable from usermode! Unfortunately for all the sensationalists out there, this is completely and utterly wrong for the following reasons:

1. You need admin privileges to do this. In which case you can delete all users on the box, format the hard drive, or install a more classic virus. This is no different than having root on a *nix machine.
2. You can do this from any operating system that allows raw access to the disk. That means that almost all operating systems, including Linux, Mac OS, BeOS, etc., are ‘vulnerable’.
3. Without this ability updating the MBR would require a reboot.
4. This isn’t even new. Blue Pill can do this and significantly cooler stuff.

Hey Slashdot, MS-DOS 1.1 called. They want their news story back.

Share This