Hacker News new | past | comments | ask | show | jobs | submit login

Certainly more destructive for the 99.9% of owners who don't know what MBR or GPT is.

I don't get it, really, IF data can be recovered through a procedure (that BTW is not particularly difficult or new, even if the owners don't know what a MBR or a GPT is, any technician can recover a disk where only the first 10 sectors were filled with junk) the procedure is NOT destructive at all while encrypted files, particularly if encrypted with a "good enough" and "random" key are not recoverable at all.

Of course it may provoke delays/problems/whatever, but data is still there.

If the sequence is:

1) encrypt user files

2) get admin access and crypt MBR (in such a way that is not decryptable)

3) reboot

the "destructive part" is #1, the MBR can be rebuilt from scratch just fine (and possibly if the reboot is somehow prevented the encryption key may be recovered from RAM as it happened in some cases for Wannacry, in which case it is #3 that creates more damage).

The doubt is when the "Kaspersky vendetta happens", if it goes:

1) encrypt user files

2) get admin access and crypt MBR and 24 more sectors(in such a way that is not decryptable) OR check the presence of Kaspersky and write junk to first 10 sectors of disk

3) reboot

It doesn't anyway change anything, there is no real difference between rebuilding a MBR (or GPT) because it was crypted and rebuilding it because it was overwritten by junk data, but once you have rebuilt it, if the files are encrypted you have lost them all the same.

x2. Someone on the team probably had beef with Kaspersky and decided to hose the partition table of anyone using it. Hosing the partition table is a pretty poor way of minimizing damage because as you point out, 99.9% of people affected will be more affected if the partition table is hosed.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact