Author Topic: Can a Windows 8.1 recovery partition be infected with a rootkit? (Read 896 times)

shad0wingfir3 · « **on:** September 09, 2014, 08:15:10 am »

I know I will get flack for using Windows, let alone 8.1, but I game and Linux sucks when it comes to triple A releases, so beat it (

)

Anyway, my question is if 'hypothetically' your windows machine was infected with malware, and specifically got rooted, can the perpetrator infect the recovery partitions that come with a standard OEM install? Or does a factory reset legitimately destroy problems like that?

Pak_Track · « **Reply #1 on:** September 09, 2014, 11:51:43 am »

Windows 8 is crap for gaming, too. It hogs your RAM and renderring also has issues. If anything, go with xp or 7.

chapp · « **Reply #2 on:** September 09, 2014, 01:45:08 pm »

The recovery partition is just as the name suggests a small partition with an OEM image usually placed at the beginning of your partition table. This can be overwritten at will with only system privileges.

If your uefi does hash checks on the image an attacker would need further privileges, but you are not target for such an escalation attack and then recovery image wouldn't help much either as your hardware is owned anyway.

Not going into the whole Windows version war

EvilZone

News:

Author Topic: Can a Windows 8.1 recovery partition be infected with a rootkit? (Read 896 times)

shad0wingfir3

Can a Windows 8.1 recovery partition be infected with a rootkit?

Pak_Track

Re: Can a Windows 8.1 recovery partition be infected with a rootkit?

chapp

Re: Can a Windows 8.1 recovery partition be infected with a rootkit?