每天都有一个新的恶意软件准备好入侵您的计算机。随着这些恶意软件的风险越来越大,我们需要加强安全性并确保我们受到保护。这篇文章是关于保护计算机的MBR的,我们将借助一个名为MBR Filter的小而强大的驱动程序软件。使用此工具保护您的计算机免受MBR恶意软件和勒索软件的侵害。
什么是 MBR 和 MFT
MBR或主引导记录(Master Boot Record)是磁盘上分配的小空间,用于存储有关磁盘分区和文件系统配置的信息。简而言之,MBR负责启动您的操作系统并存储和检索为此必不可少的数据。MBR还维护一个名为“主分区表(Master Partition Table)”的表,用于标识硬盘上的分区。MBR通常存储在硬盘的第一个扇区,或者换句话说,存储在硬盘中所有其他数据的前面。
还有另一个名为MFT或Master File Table的数据库。MFT是一个数据库,用于存储有关系统上每个文件或目录的信息。保护MBR和MFT是非常必要的。
恶意软件,通常是Rootkits可以尝试覆盖引导加载程序并篡改计算机。Petya是当今最流行的勒索软件,它试图加密MFT,然后强迫受害者进行比特币(Bitcoin)支付以重新获得访问权限。随着这些 rootkit 和Ransomware的进步,我们需要保护引导加载程序。
MBR 过滤器
MBR Filter是一个小型驱动程序,用于解决对引导记录的攻击。它由“Cisco Talos”开发并在开源许可下免费发布。您可以下载源代码、进行更改并自行编译,也可以下载预编译版本。MBR 过滤器(MBR Filter)可以防止任何恶意软件、勒索软件或 rootkit 篡改启动记录并进行更改。
保护主引导记录
MBR 过滤器(MBR Filter)所做的是触发安全设置并要求系统以安全模式启动以对第一个扇区或启动记录进行任何更改。使用此驱动程序,您可以减少大多数恶意软件对MBR和MFT的访问。(MFT)一旦您在计算机上安装了MBR 过滤器(Filter),他们的所有尝试都将毫无用处。
如何安装 MBR 过滤器
(How to install MBR Filter)
安装MBR 过滤器(MBR Filter)非常简单。转到MBR 过滤器(MBR Filter)网站并下载与您的系统架构相对应的变体。提取 zip 文件的内容,将有两个文件可用。
右键单击“MBRFilter.inf”并选择安装。安装将很快完成,您需要重新启动计算机才能进行更改。
MBR 过滤器(MBR Filter)故意难以删除,因此恶意软件无法将其删除并获得对MBR的访问权限。如果你想测试MBR 过滤器(MBR Filter)是否工作,你可以下载AccessMBR。它将读取物理(Physical)驱动器 0 上的扇区“0”并写回该扇区,检查MBR 过滤器(MBR Filter)是否正常工作。
结束语(Closing Words)
(Make)如果您想完全防御像Petya这样的勒索软件,(Petya)请确保安装MBR 过滤器(MBR Filter)。如果您想自己更改MBR,可以将计算机启动到安全模式并执行此操作。
单击此处(here)(here)下载MBR 过滤器(MBR Filter)。谨慎(caution)使用此工具——最好首先在测试环境中使用,因为它会带来严重的后果。
您可能感兴趣的读物:(Reads that may interest you:)
- 如何备份和恢复主引导记录(How to backup & restore Master Boot Record)
- HDHacker帮助您 备份(Backup)和恢复引导扇区(Restore Boot Sector)和MBR
- 如何修复主引导记录(How to repair Master Boot Record)。
Protect your computer's Master Boot Record with MBR Filter
Everу day a new malware iѕ ready to take on yoυr computer. With the increasіng riѕks of these malicious software, we need to tighten up our security and make sure we are protеcted. This post is all about protecting the MBR of a cоmрuter, and we will be taking the help of a small but powerful driver software called MBR Filter. Use this tool to protect your computer against MBR malware & ransomware.
What is MBR & MFT
MBR or Master Boot Record is the small allocated space on disk which stores the information about disk partitions and file system configuration. In simpler words, MBR is responsible for booting up your operating system and storing and retrieving data essential for that. MBR also maintains a table called “Master Partition Table” that identifies partitions made on a hard disk. MBR is generally stored in the first sector or in other words at the front of every other data in the hard disk.
There is another database called MFT or Master File Table. MFT is a database that stores information about each and every file or directory on your system. Protecting both MBR and MFT is very much necessary.
Malicious software, usually Rootkits can try to override the bootloader and tamper with the computer. Petya, the most prevalent ransomware these days tries to encrypt the MFT and then force victims into Bitcoin payments for regaining access. With the advancement of these rootkits and Ransomware, we need to protect the boot loader.
MBR Filter
MBR Filter is a small driver written to tackle the attacks on the boot record. It is developed by ‘Cisco Talos’ and released for free under an open-source license. You can download the source code, make changes, and compile it yourself or you can download the precompiled version. MBR Filter can prevent any malware, ransomware, or rootkit from tampering with boot records and making changes.
Protect Master Boot Record
What MBR Filter does is triggers security settings and require the system to boot in Safe Mode to make any changes to the first sector or the boot record. Using this driver, you can cut down the access to MBR and MFT for most of the malicious software. All their attempts will go useless once you have MBR Filter installed on your computer.
How to install MBR Filter
Installing MBR Filter is pretty simple. Go to the MBR Filter website and download the variant corresponding to your system’s architecture. Extract the contents of the zip file, and there will be two files available.
Right-click ‘MBRFilter.inf’ and select install. The installation will finish quickly and you will need to restart your computer for the changes to take place.
MBR Filter is intentionally difficult to remove so that malware cannot remove it and gain access to MBR. If you want to test if MBR Filter is working or not, you can download AccessMBR. It will read sector ‘0’ on Physical drive 0 and write that sector back checking if MBR Filter is working properly or not.
Closing Words
Make sure you install MBR Filter if you want complete protection against ransomware like Petya. If you ever want to make changes to MBR yourself, you can boot your computer to safe mode and do it.
Click here to download MBR Filter. Use this tool with caution – preferably in a testing environment first, as it comes with serious consequences.
Reads that may interest you: