Security Center

Learn about the latest cyber threats and how to protect yourself.

Security Center / Definitions / Boot Record Protection

Boot Record Protection (Wiper Attack Protection)

Boot Record Protection

For malware authors, your boot record is a “golden ticket” around many of your computer’s defenses, and a nearly perfect way to cause massive damage. So you need Boot Record Protection. That sounds technical, but it’s easy to understand.

Ever think about how your computer “comes to life” when you turn it on? One of the first things it does is look for disks so it can find your computer’s files – especially the operating system that makes it work (think: Windows, macOS, or Linux).

For decades, computers have typically started by searching for your master boot record (MBR): a small program stored in the first sector of your hard disk drive. What’s in there? Only all the information your computer needs about how your disk is organized, which area of your drive contains the operating system you want to use, and how to load that operating system. Once your MBR loads, it figures out where your operating system is, and hands control to a volume boot record (VBR) on that partition, which in turn triggers your operating system to load. 

It’s easy to see that your MBR and VBR are important little programs – for you, and for cybercriminals. If they can infect or replace these programs, they can keep your computer from working at all – it won’t know where to find anything.

That’s not all. Since the infected MBR runs before your operating system and your antivirus software, it’s great at hiding from them. And if it can hide, it can give control of your computer to a cybercriminal, who can track your keystrokes, encrypt your files, or do virtually anything else. What’s more, these forms of malware can be very hard to exterminate: even if you format your hard drive and reinstall Windows, they’re still there, ready to perform the same attacks over again. And when this malware is active on your computer, it may sit in temporary memory where it leaves fewer traces for anti-malware software to uncover it.

Variants of 2017’s highly destructive Petya ransomware attacks encrypted computers’ MBRs and the master file table (MFT) databases containing essential information about every file and folder on a victim’s computer – and in many cases, offered no practical way to decrypt these crucial files, even if a victim was willing to pay a ransom.

So far we’ve told you only bad news. But there’s some good news.

First, many (but not all) newer Windows 10 and Windows 8 computers have stronger protections against MBR viruses. For example, many (but not all) come with Secure Boot, a security standard that prevents software from running during the boot process unless its cryptographic digital signature passes inspection and is “trusted.” In addition, most newer computers don’t have an MBR – they’ve replaced it with a GUID partition table (GPT) that’s stored in multiple copies, with data that can be checked to make sure it isn’t corrupted. This may make GPT systems more resilient in the event of either accidental or deliberate damage.

As we’ve said, not all modern computers have these safeguards built in. And most older computers can’t use them, including millions of older computers that have been upgraded to Windows 10. Moreover, while these safeguards are valuable, they aren’t foolproof. Fortunately, sophisticated anti-malware software like Sophos Home Premium has a strong record of detecting boot record viruses before they can burrow into your system and start damaging you. That’s Boot Record Protection you can count on.

Some forms of malware and ransomware attempt to inflect maximum damage by destroying the boot record of a computer, thus preventing a successful reboot or restart. These master boot record attacks are sometimes called “wiper” attacks because they essentially destroy your ability to use your computer. Sophos Home protects against these types of attacks by protecting the boot record and preventing attackers from rendering your computer useless.

Sophos Home Free includes a free 30-day trial of Premium plus an immediate Advanced Malware Removal to thoroughly clean your computer of any current malware infections.

Download Free Edition