Does SecureDoc Protect Against RootKits?
SecureDoc has some features that help protect against rootkits but cannot guarantee prevention of them. The fact that the drive is encrypted with SecureDoc helps prevent malware injection into the Windows part and counts as one of the protections.
For Legacy devices:
- Our V4 boot code has a checksum which is checked before executing our boot logon.
- Our V5 boot logon checks to see if our boot code is signed by WinMagic.
From within the OS, we have what is called the Virtual MBR, which displays a copy of the original MBR from before the boot logon, to the OS and other applications/utilities that need access to the MBR.
Finally we have our MBR Access Mode:
This defines the level of access 3rd party utilities have to the MBR and partition tables.
The settings are 0 through 3:
0 – No changes allowed
1 – Changes allowed
2 – Changes are allowed, but not committed
3 – Allowed Partition Table Changes
The default setting for Virtual MBR is On, and MBR Access Mode is 0.
For UEFI devices:
We also rely on Secure Boot, which prevents unsigned EFI applications from being executed.
With this being said, the storage controller drivers can be utilized to write to the hard disk directly circumventing our drivers, or by removing the hard disk and modifying the MBR.