A Host Protected Area (HPA), also known as a hidden protected area, is a small hidden memory space on your hard drive. Except through special commands or programs, the operating system (OS) will not be able to see, interact with, or manipulate the protected area of the host. The HPA has various purposes, some helping the user, some helping security agencies, and some helping hackers. Programs that are known to be HPA-compliant can use HPA during startup, but if the user’s computer does not include compatible programs, HPA will help everyone except the user.
A protected host area is a hidden space on a computer’s hard drive.
On all modern computers as of 2011, the main storage area is the hard drive component. Most of the memory on this hardware is free and open, allowing users to store multiple files. There is a reserved section, called the host sandbox, which stores a small version of everything that passes through it. It’s like an advanced cache, except the information stays in the HPA much longer.
When the computer is brought into a repair shop because it has been hacked, the technician usually goes to the HPA to fix the computer.
For the user, the host sandbox helps during boot and recovery operations. If the user has an HPA-compliant basic input/output system (BIOS), the BIOS can use the HPA to help boot the computer and for diagnostic purposes. Some computer manufacturers may also store a preloaded operating system on the HPA. When the computer is brought into a repair shop because it has been hacked, the technician usually goes to the HPA to fix the computer.
Government security and law enforcement teams can also access the protected area of the host to see what the user was doing with the computer, in case any wrongdoing is suspected. The HPA keeps a record of everything that comes in and out of the computer, so it will show if the user had or used any illegal files or programs. This computer forensic information can be incriminating and helps security teams know if the person is really doing something illegal with your computer.
Hackers can also manipulate the protected area of the host to make rootkit viruses permanent on the computer. Normally, if an antivirus program finds a rootkit, a virus that allows access to a victim’s computer, it removes it. If the rootkit is hidden in the HPA, antivirus and even antirootkit programs may not be able to find it.
The host sandbox contains sensitive information, such as boot information, so it is designed to be hidden so that users do not accidentally delete the HPA. There are some special command lines and programs that can read and manipulate the HPA, usually to delete the information or decrease the size of the HPA. This can have far-reaching effects, such as preventing the computer from starting up and powering up effectively, so the HPA is best left alone.