multiple partitions are safer in virus infection?

[strutsng]

In terms of virus infection, having multiple partitions
are safer than single partition?

For example, if the machine has drive C, D, and E.
Drive C is the windows operating system, and drive D and E are
data files drives. If drive C is infected, will it infect
drive D and E also?

Please advise. thanks!!

 

[Bob I]

It depends entirely on the virus. If the virus is set to infect all
"jpg" files, then jpg file on D and E are at risk. If exe files are the
target then if only data(no exe on D and E) then no infection of D and E.

 

[David H. Lipman]

From: <[email protected]>

| In terms of virus infection, having multiple partitions
| are safer than single partition?
|
| For example, if the machine has drive C, D, and E.
| Drive C is the windows operating system, and drive D and E are
| data files drives. If drive C is infected, will it infect
| drive D and E also?
|
| Please advise. thanks!!

In short NO.

The number of drive letters or partitions has no bearing on being safer in terms of viruses.
A true virus will seek out anything and everything its payload is designed for.

 

[Art]

In terms of virus infection, having multiple partitions
are safer than single partition?

For example, if the machine has drive C, D, and E.
Drive C is the windows operating system, and drive D and E are
data files drives. If drive C is infected, will it infect
drive D and E also?

A virus might spread to other drives and partitions. Data
should be backed up on removeable media. I use a drive
tray so backup drives can be removed from the machine.

Art

http://home.epix.net/~artnpeg

 

[Malke]

In terms of virus infection, having multiple partitions
are safer than single partition?

For example, if the machine has drive C, D, and E.
Drive C is the windows operating system, and drive D and E are
data files drives. If drive C is infected, will it infect
drive D and E also?

Please advise. thanks!!

It depends on the virus or worm. The safest thing to do is to have a
current version (not earlier than 2004) full-featured av installed
using updated definitions, practice Safe Hex, and do regular backups.

http://www.claymania.com/safe-hex.html

Malke

 

[Ken Blake]

In

In terms of virus infection, having multiple partitions
are safer than single partition?

No.



For example, if the machine has drive C, D, and E.
Drive C is the windows operating system, and drive D and E are
data files drives. If drive C is infected, will it infect
drive D and E also?

Viruses don't normally infect drives or partitions, and it's not
drive C: that gets infected. Viruses infect files. Some viruses
infect particular files and they will usually look for and find
those files, regardless of what drive or partitions they are on.
Other viruses infect files of a particular type, and they too
will look for and find files of those types.

Having multiple partitions or drives affords you no extra
protection.

 

[Plato]

In terms of virus infection, having multiple partitions
are safer than single partition?

Probably less safe. For example, viruses often infect files on all drive
letters. So, lets say the person has to call a friend to help them with
their pc. They may forget to ask you about additional drive letters, or
perhaps the person even forgot they setup
additional drive letters as perhaps their kid uses a partition for
storage. So, lets say you kill the virus in the windows folder and think
its gone. Then your kid runs their program and wala, you got it back.

 

[Leythos]

Probably less safe. For example, viruses often infect files on all drive
letters. So, lets say the person has to call a friend to help them with
their pc. They may forget to ask you about additional drive letters, or
perhaps the person even forgot they setup
additional drive letters as perhaps their kid uses a partition for
storage. So, lets say you kill the virus in the windows folder and think
its gone. Then your kid runs their program and wala, you got it back.

while not specific to viruses, I've taken to setting up my web servers
on IIS such that IIS is no a driver letter other than C or D - most
reviews of the logs show attempts to hack the C/D drive and looking for
COMMAND or CMD on the C or D drives.

 

[Yves Leclerc]

Unless you get a virus in a Windows version that can not access NTFS
partitions, NO.

In Windows 9x/ME, All NT, 2000, XP, or 2003 NTFS partitions should not be
infected.

In NT 4, 2000, Xp, and 2003, all partitions are vulnerable!

 

[Lil' Dave]

Depends on the virus and its intended payload.
As a standalone statement without this, the answer is no.

 

[Thierry]

In terms of virus infection, having multiple partitions
are safer than single partition?

No, they aren't.
Virus and other trojan are as smart as you or almost ; even after a complete
reformatting there are always there hidden in the dark side... :-((
Curently I have a full protection quite efficient (I think) including XP,
SP2 with its software firewall and goggle blocker, and kaspersky AV.
I had a c: HD plus 2 usb external drive (a large for archive, a small stick
for mobile operations).

Two consecutive days KAV6 beta found a same trojan at the same location on
my large ext.USB disk. So it is even not an other local partition, but right
on an external port !

Thierry

 

[David H. Lipman]

From: "Thierry" <->


| No, they aren't.
| Virus and other trojan are as smart as you or almost ; even after a complete
| reformatting there are always there hidden in the dark side... :-((
| Curently I have a full protection quite efficient (I think) including XP,
| SP2 with its software firewall and goggle blocker, and kaspersky AV.
| I had a c: HD plus 2 usb external drive (a large for archive, a small stick
| for mobile operations).
|
| Two consecutive days KAV6 beta found a same trojan at the same location on
| my large ext.USB disk. So it is even not an other local partition, but right
| on an external port !
|
| Thierry
|

No true.

Only Boot Sector Infectors will survive "...complete reformatting..." and all are "true
viruses".
Please don't provide mis-information while you are dealing with your own infection problem
in another thread.

What you are infected with; Trojan-Downloader.Win32.lstBar.lu, Backdoor.Win32.codbot.at and
Backdoor.Win32.Rbot.gen are not Boot Sector infectors.

Example Boot Sector Infectors (and there are many more)...

Form -- http://vil.nai.com/vil/content/v_473.htm
NYB -- http://vil.nai.com/vil/content/v_880.htm
Stoned.June 4 -- http://vil.nai.com/vil/content/v_212.htm
EDV -- http://vil.nai.com/vil/content/v_408.htm
Horse Boot -- http://vil.nai.com/vil/content/v_576.htm
AntiEXE.A -- http://vil.nai.com/vil/content/v_10238.htm
Chaos -- http://vil.nai.com/vil/content/v_98063.htm
INTCE -- http://vil.nai.com/vil/content/v_98038.htm
Stealth Boot.H -- http://vil.nai.com/vil/content/v_3342.htm
AntiCMOS -- http://vil.nai.com/vil/content/v_98045.htm


An excellent tool to remove Boot Secor infectors is Zvi Netiv's IVINIT at Invircible.Com
http://www.invircible.com/iv_tools.php#Ivinit

 

[Guest]

Multiple partions is bad when it comes to viruses...

If windows gets so badly messed up(due to something YOU did, not a virus),
then just reformat C, and everything else survives (but might need
re-registering in the registry before it works again)

if however, a virus forces you to reformat C and re-install windows,
reformat all drives, and save only what you have to - without wiping all
drives, your virus will still be there, forcing you to reformat once every
couple of days (worst possible scenario)... Before assuming you've saved all
of the critical stuff thus it being safe to reformat everything, first, virus
scan your saved data to reduce the chance of taking the virus with you...

 

[David H. Lipman]

From: "SimSmall" <[email protected]>

| Multiple partions is bad when it comes to viruses...
|
| If windows gets so badly messed up(due to something YOU did, not a virus),
| then just reformat C, and everything else survives (but might need
| re-registering in the registry before it works again)
|
| if however, a virus forces you to reformat C and re-install windows,
| reformat all drives, and save only what you have to - without wiping all
| drives, your virus will still be there, forcing you to reformat once every
| couple of days (worst possible scenario)... Before assuming you've saved all
| of the critical stuff thus it being safe to reformat everything, first, virus
| scan your saved data to reduce the chance of taking the virus with you...
| --
| Given another 10 years. I'd have found the answer myself...

Only if it is a Boot Sector Infector is on the computer. If IVINIT is used to remove it,
what you suggest would NOT be needed.

 

[Shane]

think its gone. Then your kid runs their program and wala, you got it

back.

Do you mean 'voila!'?


Shane

 

[Roger Wilco]

It depends entirely on the virus. If the virus is set to infect all
"jpg" files, then jpg file on D and E are at risk. If exe files are the
target then if only data(no exe on D and E) then no infection of D and

E.

Jpg files aren't infectable - they're data files, only programs can be
infected. Also, every partition contains a program - although, as you
state, if only exe files are targeted then partitions without any exe
files won't have infected programs because of the lack of infectable
programs (as defined by the virus in question).

The OP would be better served by asking about the payload of any malware
having affect on multiple partitions rather than viruses specifically.
There was a 'so-called' virus posted to usenet not long ago that
converted MP3 files (data files) into do-nothing executables and then
'infected' those executables with a copy of itself. This so-called
virus, according to the purported author, would 'infect' a called MP3
and all MP3s in the directory path destination the one was called from.
The end result being mp3 data files (perhaps in data partitions) having
been converted into droppers of the malware.

No.

Drives don't get infected, programs do. But as above, data can be
converted or otherwise modified by the payload of malware so that where
you thought only data files existed - you now have executable malware
droppers.

Having multiple partitions as you suggest is 'good housekeeping'
generally (part of a good data backup plan for instance) but affords
little if any "protection" against malware you allow to execute on your
machine.

 

[Leythos]

Jpg files aren't infectable - they're data files, only programs can be
infected.

Wrong, JPG files can carry a payload that is executed by IE and some
other Windows apps - take a BATCH file, rename it to mypicture.jpg,
double click on it - it will run.

 

[David H. Lipman]

From: "Roger Wilco" <[email protected]>


|
| Jpg files aren't infectable - they're data files, only programs can be
| infected. Also, every partition contains a program - although, as you
| state, if only exe files are targeted then partitions without any exe
| files won't have infected programs because of the lack of infectable
| programs (as defined by the virus in question).
|
| The OP would be better served by asking about the payload of any malware
| having affect on multiple partitions rather than viruses specifically.
| There was a 'so-called' virus posted to usenet not long ago that
| converted MP3 files (data files) into do-nothing executables and then
| 'infected' those executables with a copy of itself. This so-called
| virus, according to the purported author, would 'infect' a called MP3
| and all MP3s in the directory path destination the one was called from.
| The end result being mp3 data files (perhaps in data partitions) having
| been converted into droppers of the malware.
||
| No.
||
| Drives don't get infected, programs do. But as above, data can be
| converted or otherwise modified by the payload of malware so that where
| you thought only data files existed - you now have executable malware
| droppers.
||
| Having multiple partitions as you suggest is 'good housekeeping'
| generally (part of a good data backup plan for instance) but affords
| little if any "protection" against malware you allow to execute on your
| machine.
|

Well that's not entirely true... ;-)

There have been demonstration viruses which can code a virus in a JPEG but it requires a
"helper" program to be pre-installed on the destination platform to remove the virus and run
it. It is just easier to have the "helper" application be the actual infector. Albeit,
maybe said application could receive a "plug-in" to add additional functionality to the
infector. I know that there have been viruses using UseNet to obtain plug-ins to add
functionality.

W32/Perrun -- http://vil.nai.com/vil/content/v_99522.htm

"This appending virus is the first reported JPEG infector. It is multi-component in nature,
requiring an extractor file to extract (and execute) the virus body from infected JPEG
files.

Infected JPEGs are unable to replicate on non-infected machines - ie. machines without the
extractor component installed (hooked in the Registry)."

The other problem is that a specialy crafted JPEG, GIF or other image file may cause a
buffer overflow condition in the Microsoft GDI+ rendering engine and thus could be
exploited.
http://vil.nai.com/vil/content/v_128356.htm

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

 

[David H. Lipman]

From: "Leythos" <[email protected]>


|
| Wrong, JPG files can carry a payload that is executed by IE and some
| other Windows apps - take a BATCH file, rename it to mypicture.jpg,
| double click on it - it will run.
|
| --
|
| (e-mail address removed)
| remove 999 in order to email me

Leythos.

We went through this exercise only a week or so ago.

Take a BATCH file, rename it to mypicture.jpg and double click on it - and you'll get an
invalid JPEG error message.

In fact I tested this, again, for this thread.

 

[Shane]

Leythos.

We went through this exercise only a week or so ago.

Take a BATCH file, rename it to mypicture.jpg and double click on it
- and you'll get an invalid JPEG error message.

In fact I tested this, again, for this thread.

I was in ME when I saw that. I didn't expect it to work on 9x (and it
didn't) - but wasn't sure about XP. For instance, I renamed NT4's CMD.EXE to
CMD.NT4 for running from a batch in XP. However, while neither a .bat file
or the aforementioned CMD.EXE run in my XP if renamed as a .jpg, I don't get
an error message, I get Windows Picture and Fax Viewer open to an empty
window (In ME, Image Preview).

Do you have image files associated with, say, Irfanview?


Shane