MBSA shortcoming - suggestion to Microsoft

Discussion in 'Computer Security' started by =?Utf-8?B?SkVmcm9tQ2FuYWRh?=, Jul 22, 2006.

  1. I own a computer that came factory installed with a virtual drive containing
    a ghost image of the factory settings. Because Ghost is a DOS-based system,
    the virtual drive was created as a FAT32 partition.

    MBSA identifies this partition as a security risk (scored with a red "X").
    I have no choice but to leave this partition as FAT32, but I believe it
    should not be scored as a risk. Does Microsoft have a means of identifying
    such partitions as "Ghost" partitions, and exclude them from the security
    analysis?

    ----------------
    This post is a suggestion for Microsoft, and Microsoft responds to the
    suggestions with the most votes. To vote for this suggestion, click the "I
    Agree" button in the message pane. If you do not see the button, follow this
    link to open the suggestion in the Microsoft Web-based Newsreader and then
    click "I Agree" in the message pane.

    http://www.microsoft.com/athome/security/support/newsgroups/default.mspx?mid=9b283afc-c83a-4d9a-9e3e-af22b3460f49&dg=microsoft.public.security.homeusers
     
    =?Utf-8?B?SkVmcm9tQ2FuYWRh?=, Jul 22, 2006
    #1
    1. Advertisements

  2. =?Utf-8?B?SkVmcm9tQ2FuYWRh?=

    Robert Moir Guest

    If they did, what would you propose to do should "real" malware learn this
    trick and either just hide in ghost partitions when it finds them, or even
    worse, create its own partition on any disk and mark them with whatever
    secret sauce you suggest is used for ghost?

    --
    --
    Rob Moir, Microsoft MVP for Security
    Blog Site - http://www.robertmoir.com
    Virtual PC 2004 FAQ -
    http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
    I'm always surprised at "professionals" who STILL have to be asked:
    "Have you checked (event viewer / syslog)".
     
    Robert Moir, Jul 23, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.