Posted on 12/30/2009 8:33:14 PM PST by wendy1946
In many worst case scenarios, a hard drive wipe is the final solution to ridding a system of an infection. But the absolute worst case scenario is if a virus attacks the BIOS, making detection and cleaning an incredible challenge.
Viruses that target the BIOS aren’t new, but often they are specific to a type of hardware. Researchers have now demonstrated a new type of attack that could install a rootkit on the BIOS of common systems, making it very lethal and effective.
Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies released a presentation detailing the exploit of this “persistent BIOS infection.” Through the use of a 100-line piece of code written in Python, a rootkit could be flashed into the BIOS and be run completely independent of the operating system.
"We tested the system on the most common types of Bios," said Ortega in a vunet story. "There is the possibility that newer types of Extensible Firmware Interface Bios may be resistant to the attack, but more testing is needed."
Flashing a system’s BIOS requires administrative control, but that could first be obtained through a more ‘innocent’ virus that could reside on the hard disk drive. Once an attacker has admin rights, the rootkit could be flashed onto the BIOS and would remain effective even if the original virus on the hard disk were removed. Even a complete format wouldn’t rid the system of the virus.
"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."
There is defense against such an attack, however, as the researchers say that a password or physical lock against BIOS flashes could block the install of the rootkit.
"The best approach is preventing the virus from flashing onto the Bios," said Sacco. "You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard."
Original slideshow presentation by the researchers here. (PDF)
Anybody on FR know anything about this or have any ideas as to the feasibility of blocking access to the BIOS chips on common kinds of laptops, possibly via some motherboard jumper?
Ping.
Anybody on FR know anything about this or have any ideas as to the feasibility of blocking access to the BIOS chips on common kinds of laptops, possibly via some motherboard jumper?
I'm having to help a cousin (an older lady who just got a Windows laptop for a present) set up and maintain her computer.
I'm a Mac guy and I hate Windows... LOL... but I'll help out relatives when they need help. It's the latest operating system from Microsoft (since it's a brand new computer). About two years ago, I helped another cousin set up and maintain a Windows Vista computer...
It sure makes me very, very appreciative of the Mac OS X system and Apple's computers. They're wonderful in comparison.... :-)
But, I'll be interested in finding out about this malady for Windows, as I'll probably have to help her there, too (in order to prevent something going wrong there) -- but at least I don't have to worry about my Macintosh computer that way...
Personally like the idea to block BIOS access without physical access to system. Makes life miserable for network admins, but is good practice.
In reality, the best BIOS virii are written by government agencies who must not be named, both ours and the bad guys’ agencies.
This family of viruses infects the BIOS. It’s active and infectious regardless of what OS is installed on the machine. Why do you believe your Mac is immune to this?
Anybody with some familiarity with computer systems would know that such a virus, were it to exist, would be independent of the operating system. This is especially true as Macs and many Windows machines run on the same hardware.
Also, you could look at their presentation; buried all the way on page 3 is the bullet point that such a virus would be OS-independent. Their presentation mentions attacks on both Windows-based and Unix-based machines.
The important thing to note is that BIOS attacks are at least a decade old (if not older) and are very difficult to execute. This is because you need physical access to the machine (or the ability to install programs at root level). Most BIOSes these days are write-protected, meaning you need to explicitly allow writing before any such attack would work.
I guess the important thing to note is that no hacker would bother with this when they can easily and quickly fool hundreds of thousands of people into installing malware on their systems. BIOS attacks are interesting from an academic or theoretical standpoint but it’s important to note that they are not new and there is very little (almost zero) risk of being affected by one.
Anybody with some familiarity with computer systems would know that such a virus, were it to exist, would be independent of the operating system. This is especially true as Macs and many Windows machines run on the same hardware.
I'm familiar with the theoretical concept -- and I'm also familiar with the actual results that those sorts of security problems (and other similar security problems) don't happen on the Macintosh computers... :-)
And so..., in practice, and about a decade of the operating system that it is using (Mac OS X) -- it simply has no problems with viruses or a whole multitude of other exploits and/or security problems... it just doesn't happen and hasn't happen in over that long length of time and is not even increasing and/or "happening more" -- it's simply "non-existent"... on Macintosh...
You are free to bury your head in the sand. I will not argue with you. Reality be damned, it seems.
I guess I should say you are free to keep your head buried, as it’s long been there anyway.
Why do you believe your Mac is immune to this?
Because security problems like these and/or the over 100,000 viruses simply don't happen on the Macintosh... :-)
You can ask, also, Swordmaker, which is a good resource for information like this about the vastly and drastically reduced and "non-existence" of these types of problems on the Macintosh computers...
No buried heads... “nothing is happening” with the Macintosh computers and it hasn’t happened in the last decade... with this Mac OS X — no matter how much you wish it was happening... LOL...
Please see Post #8 just above.
If you forget that, please see again Post #8 above.
You’ll notice that I was replying to post #8 ... LOL...
Just because you want to ignore the facts of the matter doesn’t mean that it’s not your own head stuck up somewhere... :-)
Please see Post #8 above.
When one’s head is up there, you end up being caught in an infinite loop.... so just “pull it out” and you’ll be okay... :-)
Please see Post #8 above.
I believe that I mentioned I will not argue with you. There isn’t more I can say than I’ve already said as to why.
No arguing..., just trying to help you get out of that infinite loop, that’s all... life will be better for it... :-)
I just drive to the store and buy what I need with cash. Same with banking. My bankers know what I look like....and know my name..
Possibly due to the means of flashing the bios? The attack program to install the bios virus may be windows specific...
No BIOS... for one thing.
Macs are EFI machines. Extensible Firmware Interface is a specification that defines a software interface between an operating system and platform firmware. EFI is a much larger, more complex, OS-like replacement for the older BIOS firmware interface present in all IBM PC-compatible personal computers. The EFI specification was originally developed by Intel, and is now managed by the Unified EFI Forum.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.