1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News NIST proposes BIOS protection measures

Discussion in 'Article Discussion' started by Gareth Halfacree, 24 Aug 2012.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,153
    Likes Received:
    1,674
  2. towelie

    towelie How do I Internet!!

    Joined:
    1 Sep 2011
    Posts:
    399
    Likes Received:
    10
    This is going to be one for Burnout21 to read, after he spent a very long time fighting a UEFI/Bios virus which even survived BIOS Flashing, very worrying stuff,read the thread for more Information.

    http://forums.bit-tech.net/showthread.php?t=233635
     
  3. schmidtbag

    schmidtbag New Member

    Joined:
    30 Jul 2010
    Posts:
    1,082
    Likes Received:
    10
    I had a BIOS virus once, a pretty nasty one too. It would infect every hard drive by corrupting NTLDR, even after reinstalling windows. While updating and resetting BIOS's settings (even using the jumpers) didn't seem to do anything, I bought a new motherboard. Unfortunately, even with a fresh new install of windows, the virus was still in the hard drive and infected the new motherboard. At that point I was getting a bit worried because I'd basically have to lose my personal data, the hard drive, and 2 motherboards. As a last ditch effort, I was able to boot up a Knoppix (linux live CD) and I managed to copy my personal files while formatting the drive completely. I shut down the computer, removed the hard drive, and found out I that removing the CMOS battery had a further effect that the jumpers don't do. So, I removed it and the virus was gone. By the time I found out about that, I already trashed my old board, but oh well. I was probably 16 years old at the time.
     
  4. SlowMotionSuicide

    SlowMotionSuicide Come Hell or High Water

    Joined:
    16 May 2009
    Posts:
    835
    Likes Received:
    20
    I might've been living under a rock, but I don't think I have yet seen any third-party BIOS updates worth of notice. Maybe it's got more to do with motherboards I've used. I think it (Regenscheid's second suggestion) would be a fair trade-off for increased BIOS security, seeing how even pretty computer adept people get their machines infected every now and then.
     
  5. Alecto

    Alecto Member

    Joined:
    20 Apr 2012
    Posts:
    134
    Likes Received:
    1
    So many things in this story are totally disconnected with reality.
     
  6. schmidtbag

    schmidtbag New Member

    Joined:
    30 Jul 2010
    Posts:
    1,082
    Likes Received:
    10
    ...mind explaining? That's a pretty harsh accusation with nothing to back that up. This article was discussing ways to protect BIOS from malware. BIOS viruses are, IMO, about as common as getting a virus on a Mac, so I thought I'd share my story to show what to do in case someone else gets the same problem I did. I'm not sure how that disconnects me from reality in any way.
     
  7. azrael-

    azrael- I'm special...

    Joined:
    18 May 2008
    Posts:
    3,846
    Likes Received:
    124
    The virus/malware that Burnout21 fought against didn't hijack or modify the BIOS/UEFI. It "merely" abused some legitimate functionality therein (Computrace; although that may count as a virus in itself :p). The virus itself most probably has hidden itself in the HPA of the HDD.

    The proposal from NIST is a two-edged sword. It's what lies at the foundation for Microsoft's Secure Boot feature/requirement. It'll most certainly be implemented only for UEFI as that is where the main problem lies. UEFI is almost like a tiny OS unto itself. It's quite powerful, yet not very protected against tampering, which makes potential UEFI malware so dangerous.

    Standard BIOSes are full of exploitable holes as well, but the code is so esoteric and there is such a myriad of different versions that it doesn't make sense to target any BIOS with malware.
     

Share This Page