-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2013-07-16 at 13:19 -0700, Lew Wolfgang wrote:
Of course one test would be to use fdisk to make sure there's no disk partition label, the presumption being that no label == no filesystem == no malware. You need a filesystem to run a "scan". But is this strictly true?
The scan software would refuse, but it is possible to have malware there. Just boot the disk, which reads the first sector, and if there is an MBR in there, all bets are off.
Could the "raw" device contain a filesystem that Windows would see? For example, instead of doing mkfs /dev/sda1, do mkfs /dev/sda. We can then "mount /dev/sda" in Linux, but what about Windows?
I believe you can. I would have to verify, though.
Also, could there be something bad in the MBR that could point to a filesystem not present in the partition table?
Yep. They may define their own filesystem.
Maybe the safest course is to zero both the MBR and the label with dd?
The safest is what Cristian recomended. Othewise, full dd. Both, I think, as the write to the entire "surface" would trigger write fault errors, which is an advantage with new disks (if they fail the test, return to dealer/manufacturer). - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlHmlDoACgkQtTMYHG2NR9U/mgCfbxxjq5Q8/2ptNddB+pvjyxzx 60wAn2x7aP61oPv9nB0NBX2ASa3aKf6W =6zE8 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org