Every day a new malware is ready to take on your computer. With increasing risks of these malicious software, we need to tighten up our security and make sure we are protected. This post is all about protecting the MBR of a computer, and we will be taking help of a small but powerful driver software called MBR Filter. Use this tool to protect your computer against MBR malware & ransomware.
What is MBR & MFT
MBR or Master Boot Record is the small allocated space on disk which stores the information about disk partitions and file system configuration. In simpler words, MBR is responsible for booting up your operating system and storing and retrieving data essential for that. MBR also maintains a table called “Master Partition Table” that identifies partitions made on a hard disk. MBR is generally stored in the first sector or in other words at the front of every other data in the hard disk.
There is another database called MFT or Master File Table. MFT is a database which stores information about each and every file or directory on your system. Protecting both MBR and MFT is very much necessary.
Malicious software, usually Rootkits can try to override the bootloader and tamper with the computer. Petya, the most prevalent ransomware these days tries to encrypt the MFT and then force victims into Bitcoin payments for regaining the access. With the advancement of these rootkits and Ransomware, we need to protect the boot loader.
MBR Filter is a small driver written to tackle the attacks on the boot record. It is developed by ‘Cisco Talos’ and released for free under open source license. You can download the source code, make changes and compile it yourself or you can download the precompiled version. MBR Filter can prevent any malware, ransomware or rootkit from tampering with boot records and making changes.
Protect Master Boot Record
What MBR Filter does is triggers security settings and requires the system to boot in Safe Mode to make any changes to the first sector or the boot record. Using this driver, you can cut down the access to MBR and MFT for most of the malicious software. All their attempts will go useless once you have MBR Filter installed on your computer.
How to install MBR Filter
Installing MBR Filter is pretty simple. Go the MBR Filter website and download the variant corresponding to your system’s architecture. Extract the contents of the zip file, and there will be two files available.
Right click ‘MBRFilter.inf’ and select install. The installation will finish quickly and you will need to restart your computer for the changes to take place.
MBR Filter is intentionally difficult to remove so that malware cannot remove it and gain access to MBR. If you want to test if MBR Filter is working or not, you can download AccessMBR. It will read sector ‘0’ on Physical drive 0 and write that sector back checking if MBR Filter is working properly or not.
Make sure you install MBR Filter if you want complete protection against ransomware like Petya. If you ever want to make changes to MBR yourself, you can boot your computer to safe mode and do it.
Click here to download MBR Filter. Use this tool with caution – preferably in a testing environment first, as it comes with serious consequences.
Reads that may interest you: