I know its just a registry editor but it makes it so much easier to do some of the tasks I need to do like autologin.
I wanted to know about how I go about verifying the program I am downloading and that it is from whom it says its from.
I know tweakui pops up that it is a microsoft signed program but others are not so obvious. And thats only after I try and run it.
Example: I had been reading about malware being in the Master Boot Record and wanted to explore how I would verify that my MBR was infected or not. I found word of mbrcheck.exe and downloaded this program. It seems good but how do I know mbrcheck.exe is not infecting me? I'm doubting it is infected because it says my MBR was written from Dell when I was expecting it to say something about microsoft written mbr meaning it gave a lot of information that was more correct than I was expecting. I was hoping I could read somewhere on the net to look at the MBR in more detail without any third party program. I am good with linux commands and was hoping there was a way to verify the MBR using dd to copy just the MBR and verify what was in the MBR that way. I didn't find anything about patterns to match good or bad so I went with mbrcheck.exe I only see a version number for mbrcheck.exe I don't see any contact info or company info I have no clue as to where its from or if it itself hasn't been infected. In linux we have checksums and if a developer is smart they have a pgp signed statement stating the md5 checksum and maybe sha1 checksum. Thus you have the persons pgp public key to verify and you know overtime that some of these can be trusted. At that point you can trust the md5sum and then verify the executable with that. I see nothing like this in the windows world and it scares the bejesus out of me.
I'd like to know the official site for mbrcheck.exe if anyone can help?
I'd like to know how to verify I have an uninfected binary.
MBRCheck.exe version 1.2.3 has
-----BEGIN PGP SIGNED MESSAGE-----
md5sum cb2d120a4b72422a8141192831b1f500 *mbrcheck.exe
sha1sum 4f384c8d798dd0ee6c7ff12046db64e6cc05ccf0 *mbrcheck.exe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
-----END PGP SIGNATURE-----
my signature is from my jeff.sadowski at gmail.com pgp key.
if someone can verify that please. Thanks.
also some other information as I was trying to figure out what mbrcheck.exe was doing to check things
I figured out using cygwin and dd that it is
comparing an sha1 hash of the first 440 bytes of the disk
in cygwin I did a
dd if=/dev/sda of=test.raw bs=440 count=1 sha1sum.exe test.rawto get the same sha1 hash that was displayed
Also FYI mbrcheck claims
is a Dell Inspiron MBR code
if that helps anyone out.