Can a virus kill a drive?

[PsychicStickleBrick]

Is it possible for a software virus to cause irrevocable damage to a hard
drive?

I.e. not just corrupt or wipe data, but actually cause a drive to become
unusable (even after reformatting)?

 

[Carl Farrington]

Is it possible for a software virus to cause irrevocable damage to a
hard drive?

I.e. not just corrupt or wipe data, but actually cause a drive to
become unusable (even after reformatting)?

nope.

 

[Eric Gisin]

Is it possible for a software virus to cause irrevocable damage to a hard
drive?

Only if it modifies firmware.

I.e. not just corrupt or wipe data, but actually cause a drive to become
unusable (even after reformatting)?

Run diagnostics (don't reformat) if you suspect a drive is damaged.

 

[Jim James]

Is it possible for a software virus to cause
irrevocable damage to a hard drive?

I.e. not just corrupt or wipe data, but actually cause
a drive to become unusable (even after reformatting)?

Its certainly theoretically possible with a drive
that can have the firmware flashed from the PC
to scribble all over the firmware deliberately.

But thats been possible with motherboard bios for a
long time and you dont see much of that done and drive
firmware updates are much more drive model specific.

 

[mike3]

Is it possible for a software virus to cause irrevocable damage to a hard
drive?

I.e. not just corrupt or wipe data, but actually cause a drive to become
unusable (even after reformatting)?

It can't do that, but it can reflash the BIOS, making it impossible to
use the computer. You would probably have to toss out the computer and
get a new one, or at least replace the motherboard.

 

[Rod Speed]

It can't do that,

That is possible, tho very drive model specific.

but it can reflash the BIOS,

Not always, some bios have a jumper that prevents that.

making it impossible to use the computer. You
would probably have to toss out the computer and
get a new one, or at least replace the motherboard.

Utterly mangled all over again. Its normally possible
to reflash the bios even if it has been wiped.

 

[Folkert Rienstra]

Its certainly theoretically possible with a drive
that can have the firmware flashed from the PC
to scribble all over the firmware deliberately.

Very perceptive of you, Rodney. You thought that up all by your self?

 

[J. Clarke]

Is it possible for a software virus to cause irrevocable damage to a hard
drive?

I.e. not just corrupt or wipe data, but actually cause a drive to become
unusable (even after reformatting)?

In principle if it was designed to work with a specific brand and model of
drive and if the drive had reflashable firmware, it might be able to
reflash the firmware with something that would render the drive unusable
until the ROM was replaced or that could overwrite the servo tracks and
render the drive unusable until overhauled by a shop with the right
equipment, usually the drive manufacturer. They're not generally that
narrowly targetted though.

 

[Leo]

In principle if it was designed to work with a specific brand and model of
drive

Security Set Password command is universal. It is not a damage, but
with random data in both passwords...

or that could overwrite the servo tracks and

Servo data can't be overwritten by software way, because it is
hardware protected, by the servo decoder design.

Leonid

 

[Folkert Rienstra]

Security Set Password command is universal. It is not a damage, but
with random data in both passwords...

.... it would nonetheless be dead.

Servo data can't be overwritten by software way,

Oh? Isn't that how the password is recorded?

 

[Arno Wagner]

Is it possible for a software virus to cause irrevocable damage to a hard
drive?

I.e. not just corrupt or wipe data, but actually cause a drive to become
unusable (even after reformatting)?

There is one real possibility that was not mentioned in the
discussion: The virus can put the drive under heavy load for an
extended time. If nobody notices this and the cooling is only
enough for normal operation, the drive can get quite hot and die
early. A sophisticated version of this attack would monitor drive
temperature (via SMART) and determine the drive failure point. The
first failure would usually be just temporary and be cured by
cool-down and maybe reboot. After this the drive could be heated
to just below the failure point and kept there.

Depending on previous drive health such an attack could possibly
kill a drive in hours to weeks.

Regards,
Arno

 

[Jim James]

There is one real possibility that was not mentioned in the
discussion: The virus can put the drive under heavy load for an
extended time. If nobody notices this and the cooling is only
enough for normal operation, the drive can get quite hot and die
early. A sophisticated version of this attack would monitor drive
temperature (via SMART) and determine the drive failure point. The
first failure would usually be just temporary and be cured by
cool-down and maybe reboot. After this the drive could be heated
to just below the failure point and kept there.

Depending on previous drive health such an attack could possibly
kill a drive in hours to weeks.

Someone's gunna notice all that drive activity and the
sluggish performance, stupid. Long before the drive dies.

 

[Arno Wagner]

Someone's gunna notice all that drive activity and the
sluggish performance, stupid. Long before the drive dies.

As I said above, "...If nobody notices this...".
Ever thought of a server? Ever thought what happens if this is not
the disk most work is being done on? Ever considerd that today's
disks are silent enough, that the activity might not be noticed?
Ever thought of a PC that is running through the night and an attack
that first checks whether the user is present, e.g. by looking
at screensaver activity? Ever thought that this could be limited to
times when the disk queue is empty?

Strong words from a weak mind, I would call your comment. And your
iinsult is entirely uncalled for.

Arno

 

[Leo]

Oh? Isn't that how the password is recorded?

Servo data are a records for heads positioning and motor speed
control, stored in servo areas in fixed places on disk. Heads are
switched to read state by servo decoder IC in this area. Only one way
to rewrite it is a special servo write mode, used to prepare disk by
manufacturer's serwowriter machine. This mode is device specific for
each write channel IC, and may require a additional hardware
connections, etc.
Passwords are stored in system data area with other firmware data. It
stored like a user data, in data sectors. Data sectors are written
over the servo format, with skipping of servo frame areas.

Leonid

 

[Arno Wagner]

Servo data are a records for heads positioning and motor speed
control, stored in servo areas in fixed places on disk. Heads are
switched to read state by servo decoder IC in this area. Only one way
to rewrite it is a special servo write mode, used to prepare disk by
manufacturer's serwowriter machine. This mode is device specific for
each write channel IC, and may require a additional hardware
connections, etc.

Actually I believe it requires special heads. Ever noticed the small
windows on the drive sides that are covered with stickers? That is
where the formatting heads go in to write the servo info. I once
saw a picture of a HDD surface with the servo info. the servo
tracks where smaller than the ordinary data track. And, yes, no
data where the servo info is, otherwise the servo information would
be weakened on writes and the disk would become unusable.
A hdd might overwrite servo info, AFAIK, but it cannot create it.
And the overwrite might need a patched firmware, since it destroys
the disk.

Passwords are stored in system data area with other firmware data. It
stored like a user data, in data sectors. Data sectors are written
over the servo format, with skipping of servo frame areas.

Exactly. And there is no need at all for some magically different
storage mechanism. Just exclude some sectors from the outside
sector addressing scheme and you get space for the firmware, the
defective sector list and the current setting (including the
password).

Arno

 

[J. Clarke]

Actually I believe it requires special heads. Ever noticed the small
windows on the drive sides that are covered with stickers? That is
where the formatting heads go in to write the servo info. I once
saw a picture of a HDD surface with the servo info. the servo
tracks where smaller than the ordinary data track. And, yes, no
data where the servo info is, otherwise the servo information would
be weakened on writes and the disk would become unusable.
A hdd might overwrite servo info, AFAIK, but it cannot create it.
And the overwrite might need a patched firmware, since it destroys
the disk.

Since the servo information is used to position the heads, the servo
information has to be in the location at which the heads reside when they
are reading and writing. It used to be that one surface of the drive was
reserved for the servo tracks--I'm not sure how they do it today.

 

[J. Clarke]

As I said above, "...If nobody notices this...".
Ever thought of a server?

Not much of a server if continuous drive access overheats the drive. The
cooling on any server should be adequate for 24/7 100% utilization.

Ever thought what happens if this is not
the disk most work is being done on? Ever considerd that today's
disks are silent enough, that the activity might not be noticed?
Ever thought of a PC that is running through the night and an attack
that first checks whether the user is present, e.g. by looking
at screensaver activity? Ever thought that this could be limited to
times when the disk queue is empty?

While it might be possibly to damage an inadequately cooled drive that way,
the likelihood of it happening is so small that I doubt that any virus
writer would bother making the effort.

 

[Jim James]

As I said above, "...If nobody notices this...".
Ever thought of a server? Ever thought what happens if this is not
the disk most work is being done on? Ever considerd that today's
disks are silent enough, that the activity might not be noticed?

Mindlessly silly writing a virus that will only succeed in
those situations. In spades when those systems are much
less likely to end up with a virus infection in the first place.

Ever thought of a PC that is running through the night
and an attack that first checks whether the user is present,
e.g. by looking at screensaver activity? Ever thought that
this could be limited to times when the disk queue is empty?

You're very unlikely to be able to kill a drive in one night that
way. And if it only thrashes the drive when its not being used,
it will cool down again when it is being used normally.

Strong words from a weak mind, I would call your comment.

More fool you.

And your iinsult is entirely uncalled for.

Corse you never ever do anything like that yourself, eh ?

 

[Folkert Rienstra]

Servo data are a records for heads positioning and motor speed
control, stored in servo areas in fixed places on disk. Heads are
switched to read state by servo decoder IC in this area.

Only one way to rewrite it is a special
servo write mode, used to prepare disk

by manufacturer's serwowriter machine.

A capability drives with self-timing servowrite technology may
well have by themselfs.

This mode is device specific for each write channel IC,
and may require a additional hardware connections, etc.
Passwords are stored in system data area with other
firmware data. It stored like a user data, in data sectors.

So how come Nortek overwrite the servotracks to remove the
passwords? http://www.nortek.on.ca/hdd_pw.html#HDD

 

[Shailesh Humbad]

This is just a theory, but in a even more sophisticated attack, the
virus writer could make the disk head flip back and forth at a very
high, but controlled frequency. At a very specific frequency, the
vibrations of the drive casing, bearings, and platters could cause an
irrevocable failure in some part that was not designed to tolerate
harmonic-induced loads. This attack would have to be tailored to a
specific model drive, or the virus would have do some kind of search
for the right frequency. The only reason I thought of this is because
I have heard about failures in multi-drive arrays caused by the
harmonics of the casing.

Another theory, from the shocks to the metal disk armature caused by
flipping the disk head back and forth, it will become magnetized, and
then suck up all the iron from the disk platters, rendering the drive
useless. Just kidding The armature is probably aluminum or some
other non-magnetizable alloy.