Every day, new malware is ready to attack your computer. With the increasing risks of this malicious software, we need to tighten up our security and make sure we are protected. This post is all about protecting a computer’s MBR, and we will use a small but powerful driver software called MBR Filter. Use this tool to protect your computer against MBR malware and ransomware.
What is MBR & MFT
MBR or Master Boot Record is the small allocated space on disk that stores the information about disk partitions and file system configuration. In simpler words, MBR is responsible for booting up your operating system and storing and retrieving essential data. MBR also maintains a table called “Master Partition Table” that identifies partitions made on a hard disk. MBR is generally stored in the first sector or in other words at the front of every other data in the hard disk.
There is another database called MFT, or Master File Table. MFT stores information about each file or directory on your system. Protecting both MBR and MFT is necessary.
Malicious software, usually Rootkits can try to override the bootloader and tamper with the computer. Petya, the most prevalent ransomware these days tries to encrypt the MFT and then force victims into Bitcoin payments for regaining access. With the advancement of these rootkits and Ransomware, we need to protect the boot loader.
MBR Filter for Windows systems
MBR Filter is a small driver written to tackle attacks on the boot record. It was developed by Cisco Talos and released for free under an open-source license. You can download the source code, make changes, and compile it yourself, or you can download the precompiled version. MBR Filter can prevent any malware, ransomware, or rootkit from tampering with boot records and making changes.
Protect Master Boot Record
What MBR Filter does is triggers security settings and require the system to boot in Safe Mode to make any changes to the first sector or the boot record. Using this driver, you can cut down the access to MBR and MFT for most malicious software. All their attempts will go useless once you have MBR Filter installed on your computer.
How to install MBR Filter
Installing MBR Filter is pretty simple. Go to the MBR Filter website and download the variant corresponding to your system’s architecture. Extract the contents of the zip file, and two files will be available.
Right-click ‘MBRFilter.inf’ and select install. The installation will finish quickly and you will need to restart your computer for the changes to occur.
The MBR Filter is intentionally difficult to remove, so malware cannot remove it and gain access to MBR. If you want to test whether the MBR Filter is working, you can download AccessMBR. It will read sector ‘0’ on Physical drive 0 and write that sector back, checking whether the MBR Filter is working properly or not.
Caution
Click here to visit the MBR Filter website. Use this tool with caution – preferably in a testing environment first, as it comes with serious consequences. Install an MBR Filter for complete protection against ransomware. If you want to change the MBR, you can boot your computer into safe mode.
Reads that may interest you:
- How to backup & restore Master Boot Record
- HDHacker helps you Backup & Restore Boot Sector & MBR
- How to repair Master Boot Record.