BootAble – FreeDOS boot testing freeware
To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.
GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.
The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.
You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.
(You may permanently close this reminder with the 'X' in the upper right.)
It’s been mentioned frequently on SecurityNow. It’s a good service.
But what is its value?It’s been mentioned frequently on SecurityNow. It’s a good service.
sigcheck.exe
installed, ideally copied to your :\Windows\system32
folder, you can hit CTRL+L in any file folder view, then enter cmd
into the address bar and hit enter. This will open a command prompt window already set to the same folder as your file, so you can type insigcheck -vt filename.ext
sigcheck -vt
you'll be prompted to agree to virustotal's terms of servicesigcheck -vt 18042772_210624_washingsymbols.pdf
VT detection: Unknown
. So next I typedsigcheck -vs 18042772_210624_washingsymbols.pdf
VT detection: Submitted
VT detection: 0/79
,I'm unsure about what you mean by 'MITM = "anti-malware software"' as MITM traditionally stands for 'Man In The Middle',
Upload questionable file attachments before opening them. Scan links before clicking to see if the site is considered malicious. In a corporate setting, there are often legitimate emails with attachments that appear to be questionable or malicious, but in fact are not. It is one more layer of precaution to take to make sure your A/V or anti-spam service didn't miss something.But what is its value?
My post was over-long, but buried in there WAS the text "...heinous AV or 'Internet Security' products which install their own certificate...". Also, and this shouldn't bug me, but it always does, 'software' is a mass-noun like sugar, so 'softwares' is almost always bad English. But YES!... I also know that most AV and/or 'Internet Security' software always WANTS to intercept data in and out, which is EXACTLY what installing their own certificate allows. AV/Internet-security products have for a long time now included upstream 'filtering', simply to be able to compete with all the other bloatware 'security' products. Steve Gibson commented a long time ago on how pointless such filtering is. I believe he gave the example of encrypting credit card details and sending it out as part of an innocuous looking dns query, easily done, and almost impossible to detect or filter. See GRC's old 2008 leaktest research at https://www.grc.com/lt/leaktest.htm, despite the age of this, there remains MANY undetectable ways to exfiltrate data, which IMO renders AV filtering tools far more trouble than real value. However, three points. First. It isn't necessary to install ANY third party AV software, and IMHO it only gives at best a false sense of security. MS's own (thankfully!) limited AV is generally adequate protection, taken along with strict safe practises, such as not blind-clicking unsolicited links and double-checking all downloads. I say 'false security' because no AV has 100% accurate heuristic detection of a never-before-seen new virus or malware threat, which any determined targetted attack would very likely employ along with social engineering. As for everyday typical threats, MS's product DOES block most of them. Second, I have in the past used Eset's Antivirus, it did at one time have good heuristic detection of novel threats, but I deliberately avoided their fuller 'Internet Security' product as that, like other products, included upstream filtering. The point is, whilst an AV product can perform 'MITM' filtering, many products allow this feature to be disabled and rely on filtering elsewhere, such as memory and file-access filtering. I would personally NEVER use any AV which didn't allow the disabling of certificate re-signing to perform filtering. I don't use any AV now other than MS's own, as all third-party AV deeply hooks operating systems on multiple levels, which inevitably leads to a less stable system and the potential for a 'crowdstrike' type of incident to occur. This has happened long before crowdstrike's mistake, and will again. Thirdly, finally, if you can't trust your AV as a potential MITM, then you just shouldn't be installing such software to start with. Good security software will never be manipulating the file hashes that services like virustotal rely on, so virustotal remains a very useful service. You can also give virustotal a full download URL so it can go check a potential file download before you even download the file. So, extending my previous example. The pdf file I looked at is still online @ https://media3.bosch-home.com/Documents/18042772_210624_washingsymbols.pdf. This entire link can be given to virustotal on the URL section and it will fetch and re-test that the file is still OK. Importantly on the virustotal report, under details, it gives the file's SHA-256 hash, which you can copy. Then, assuming the file report is good, after downloading the file you can right-click the download (BEFORE running or opening it!), select Hashes to open an OpenHashTab dialogue then paste the reported sha-256 hash into 'check against' to check that the file contains the same data that virustotal fetched, or just hit the virustotal flag to reverify with vt. There are numerous other hash checking tools, all of which should at least offer SHA-256 hash checking if you don't like OpenHashTab. I frequently check downloads against virustotal and submit unknowns, including utility company account pdf's... TNO is difficult these days. Subverting all this with MITM manipulation whilst theoretically feasible would not be easy and would mean you have far bigger issues to worry about.I know all AV softwares are intercepting/reviewing all data in/out of the endpoint, thus it's a volunteered MITM allowed on your system. #TNO
Whew! Lets see if I picked up what you laid down:My post was over-long, but buried in there WAS the text "...heinous AV or 'Internet Security' products which install their own certificate...". Also, and this shouldn't bug me, but it always does, 'software' is a mass-noun like sugar, so 'softwares' is almost always bad English. But YES!... I also know that most AV and/or 'Internet Security' software always WANTS to intercept data in and out, which is EXACTLY what installing their own certificate allows. AV/Internet-security products have for a long time now included upstream 'filtering', simply to be able to compete with all the other bloatware 'security' products. Steve Gibson commented a long time ago on how pointless such filtering is. I believe he gave the example of encrypting credit card details and sending it out as part of an innocuous looking dns query, easily done, and almost impossible to detect or filter. See GRC's old 2008 leaktest research at https://www.grc.com/lt/leaktest.htm, despite the age of this, there remains MANY undetectable ways to exfiltrate data, which IMO renders AV filtering tools far more trouble than real value. However, three points. First. It isn't necessary to install ANY third party AV software, and IMHO it only gives at best a false sense of security. MS's own (thankfully!) limited AV is generally adequate protection, taken along with strict safe practises, such as not blind-clicking unsolicited links and double-checking all downloads. I say 'false security' because no AV has 100% accurate heuristic detection of a never-before-seen new virus or malware threat, which any determined targetted attack would very likely employ along with social engineering. As for everyday typical threats, MS's product DOES block most of them. Second, I have in the past used Eset's Antivirus, it did at one time have good heuristic detection of novel threats, but I deliberately avoided their fuller 'Internet Security' product as that, like other products, included upstream filtering. The point is, whilst an AV product can perform 'MITM' filtering, many products allow this feature to be disabled and rely on filtering elsewhere, such as memory and file-access filtering. I would personally NEVER use any AV which didn't allow the disabling of certificate re-signing to perform filtering. I don't use any AV now other than MS's own, as all third-party AV deeply hooks operating systems on multiple levels, which inevitably leads to a less stable system and the potential for a 'crowdstrike' type of incident to occur. This has happened long before crowdstrike's mistake, and will again. Thirdly, finally, if you can't trust your AV as a potential MITM, then you just shouldn't be installing such software to start with. Good security software will never be manipulating the file hashes that services like virustotal rely on, so virustotal remains a very useful service. You can also give virustotal a full download URL so it can go check a potential file download before you even download the file. So, extending my previous example. The pdf file I looked at is still online @ https://media3.bosch-home.com/Documents/18042772_210624_washingsymbols.pdf. This entire link can be given to virustotal on the URL section and it will fetch and re-test that the file is still OK. Importantly on the virustotal report, under details, it gives the file's SHA-256 hash, which you can copy. Then, assuming the file report is good, after downloading the file you can right-click the download (BEFORE running or opening it!), select Hashes to open an OpenHashTab dialogue then paste the reported sha-256 hash into 'check against' to check that the file contains the same data that virustotal fetched, or just hit the virustotal flag to reverify with vt. There are numerous other hash checking tools, all of which should at least offer SHA-256 hash checking if you don't like OpenHashTab. I frequently check downloads against virustotal and submit unknowns, including utility company account pdf's... TNO is difficult these days. Subverting all this with MITM manipulation whilst theoretically feasible would not be easy and would mean you have far bigger issues to worry about.
Your summary is sadly pretty much correct, with a few caveats. Most glaring is I didn't and have never 'completely' trusted Microsoft's AV, it is simply the best choice in my opinion out of all the other options other than possibly running no AV at all. The reason I choose MS's AV is that I consider it the LEAST likely to destabilise my system, whilst hopefully detecting something nasty I may have overlooked, but I did make it clear that I don't trust ANY AV, including MS AV to detect all viruses. If already using Windows, using their AV isn't adding anyone else to mistrust. MS though have screwed up and caused system crashes too many times to count over the 40 plus years I have used their products, no one is perfect or even close. But I'm a pragmatist and like many others need to use Windows. I still remember how awful Windows 3.1, 3.11, windows 95 etc. was and switched to NT4 then Windows 2000 while most people were still using Windows 95/98/Me. I've also used some fairly terrible University mainframe systems which used to take hours or DAYS to even perform simple file transfers. I use Linux and FreeBSD also FwiW. As bad as things undeniably are, they are much better than they used to be, but there's no room for complacency. As for trust and the value of virustotal... You state of the AV vendors it cross checks against 'none of which should be trusted'. Yes taken literally, true, if only because a newly crafted unknown attack cannot ever be guaranteed to be detectable. BUT.. That isn't taking a balanced world view. Only a very small minority of people are ever directly targetted with novel attacks and I do believe that at least MANY of the AV companies that VT calls on CAN be trusted to provide a useful service in so far as flagging known malicious content, many flag crudware 'PUPs' also. So there is at least SOME value in using virustotal. It just isn't 'TOTALly' secure, nothing ever can be. Each individual needs to assess their own level of risk. Nobody is interested in me, so I take a pragmatic approach, I don't trust anything unknown, but I don't cut myself off either. I've not had any virus infect any of my systems since the early 1990s. Since then I've actually never had ANY AV product detect anything on my own systems that I wasn't already aware of and wanted (false positives, programming tools, password recovery tools etc.) So AV has mostly only been a nuisance to me, but with whitelisting things generally work. I've found plenty malware and viruses on other people's systems however over many years so I am familiar with how tenacious malware can be. I'm a cynic but believe that people are generally kind but also rather idle or incompetent, especially in groups. Also nobody wants to take responsibility for anything which IMO is the biggest increasing problem in the western world. The combination of these qualities to me best explains the world we live in, rather than that there is any prevalence of malicious intent. It's undeniably present, just not predominant. Companies and individuals under direct scrutiny or attack are likely always going to be in trouble even with a TNO approach, your global masses however are mostly unaware or asleep. So best wishes to all.Whew! Lets see if I picked up what you laid down:
- You don't trust AV 'softwares', but you do completely trust Microsoft Windows and its AV.
- You are aware the AV 'software' running on a machine are untrustworthy MITM's having an ability to do unseen actions [malicious or not] with data coming/going to/from the endpoint running it.
- And because VirusTotal is an aggregation of these "70 antivirus scanners and URL/domain blocklisting services", none of which should be trusted, its "value" is the 'false sense of security' it provides if one stops logically thinking and simply leans heavily on blind faith and the sincerity of a publicly professed intention. Got it!
I agree, and is it any wonder every industry (especially IT) across the board, have been compromised and "secured assets" unexpectedly seized. It seems obvious to me our current/past giant tech global infrastructure and the sentinels we rely can't/shouldn't be trusted, They've proven to SUCK at their endeavor again and again! The global masses have been punk'd!
Keep in mind paid subscribers get access to any file that is uploaded to the site. Suppose a software developer uses the site to test installs for malware flagging.. Bam! That developer just gave out free copies to any virus total subscriber that takes an interest in what they uploaded. Nothing nefarious about this, it's in their terms of service and it makes sense that some may want to investigate suspicious files for wholesome reasons, but I'll bet most casual users don't realize they are potentially sharing uploaded files with a lot of people. For many years I just assumed files where processed, rated, and deleted. Not so.
Worth knowing this. Thanks jeff2442. I had assumed that only the malware testers got the uploaded files. Always TNO... perhaps not surprising with VirusTotal being a Google company. Still good for testing freely downloadable content, but probably only upload self-creations and private items that you'd be happy to openly publish and have permission to publish if not your own...Keep in mind paid subscribers get access to any file that is uploaded to the site. Suppose a software developer uses the site to test installs for malware flagging.. Bam! That developer just gave out free copies to any virus total subscriber that takes an interest in what they uploaded. Nothing nefarious about this, it's in their terms of service and it makes sense that some may want to investigate suspicious files for wholesome reasons, but I'll bet most casual users don't realize they are potentially sharing uploaded files with a lot of people. For many years I just assumed files where processed, rated, and deleted. Not so.
Absolutely, another (and somewhat different) look can be had by checking things here as well: https://www.hybrid-analysis.com/
Personally, I will never trust anything Crowdstrike, for an election fraud conspiracy proves them nefarious in the least and most likely a complicit associateAbsolutely, another (and somewhat different) look can be had by checking things here as well: https://www.hybrid-analysis.com/
(run by crowdstrike)