Posted on 12/04/2020 8:35:07 AM PST by BenLurkin
A combined team of security experts from Advanced Intelligence and Eclypsium has announced that the Trickbot trojan malware now has the ability to modify a computer's Unified Extensible Firmware Interface—the interface between the firmware on a computer motherboard and the computer's operating system—in this case, Microsoft Windows.
Trickbot has been in the news of late due to its advanced capabilities. It has a modular design and is notable for its ability to gain administrative capabilities on infected computers. The entities behind the creation of the trojan are believed to be criminals in Russia and North Korea, and they have used it to target telecoms, health care firms, education institutions and even infrastructure operators (quite often in the form of ransomware).
When a computer boots up, the UEFI and firmware work together to bring up the operating system—if nefarious code has been embedded in the firmware, it can load its own software modules or even modify the operating system as it loads. Such modules would then go undetected by conventional antivirus software and would not be overcome, even if the hard drive were wiped clean or replaced altogether.
(Excerpt) Read more at techxplore.com ...
“in this case, Microsoft Windows.”
Of course it’s a Windows virus.
Unix, which had been around a couple of decades before MS-Dos was first developed, had robust security features. Microsoft ignored that history and put out an OS that was essentially a security hole on a floppy, and never looked back.
Apple’s OS is based on Unix. Linux is based on Unix. They both include Unix’s security approach.
Android is also based on Unix (Linux), but my gut tells me they have toned down the security features.
I don’t know what Apple’s phone OS is based on.
I used Microsoft’s OS for decades, but I’m completely off of it now. Security being one of my big concerns with Microsoft.
“I knew way back when they switched to update-able ROM for the OS this would happen.”
The problem with that is that software developers would have to test their stuff before they committed it to ROM, and that would take too much time and cost too much money. You could have a jumper or something that physically disables writing, but big organizations that outsourced their IT to Elbonia would balk. And besides a good social engineer could talk some user into enabling it, so that is a bust. Let’s face it: computer security is an arms race and we are losing.
Much of the world is moving away from desktop/laptop computers.
The most used computer OS in Africa, India, & Asia is: Android.
Add a bluetooth keyboard and a pad is suitable for 90% of people’s computing needs.
A decade ago, desktop computers were still common. They are now all but dead (save for backend server use)—replaced by laptops.
A decade from now the laptop will be dead. Replaced by pads with keyboards.
Laptops have already been removing functionality (drives, ports) and becoming thinner and smaller. How long will people continue to purchase both a laptop and a pad? Eventually, it will make sense to just put all the money into a larger, more powerful pad that’s can double as a desktop with a few accessories.
“I use Linux a lot more for internet stuff.”
I do, too, but I think the only reason we don’t have problems like this is that there aren’t enough of us to bother with.
“Much of the world is moving away from desktop/laptop computers.”
I’ve had a couple of tablets, and they are OK but I prefer a bigger screen and also not being joined at the hip with either Google or Apple.
Disc boot OS is close.
I still think firmware BIOS is better. But nobody asked me.
“Obscurity is security.”
Yes, I try to practice that too.
Agreed.
I’m liking Ubuntu a lot.
What operating system? WINDOWS
aka Bill Gates bug magnet.
“We have a nation of morons, largely due to the internet.”
Don’t overlook TV and Hollywood.
“I’ve had a couple of tablets, and they are OK but I prefer a bigger screen and also not being joined at the hip with either Google or Apple.”
A pad can be connected to a larger screen just as a laptop can.
Most people (at least in my work world) when using a laptop at a desk, plug one or two monitors into the laptop and use a bluetooth mouse and keyboard. Often they work with the laptop close.
A pad could work the same way. And it has the advantage of being more portable when away from the desk.
I don’t know if someone will come up with a generic pad hardware platform that will run Linux, but I don’t see why it won’t eventually won’t happen.
I always thought Bill Gates inability and unwillingness to keep Windows from being a virus/malware plague is what led him to becoming a minor James Bond Villan hell bent on using vaccines to sterilize people and rule the world.
He is Evil.
He does not make good software.
I don’t think gates has touched a programming keyboard in decades.
I’m sure he has not.
Even his first version of DOS was bought from outside.
His company writer very crappy bloated stuff.
#5 that would a rubber like device.... you slip over the hard drive.
Maybe you need a Trojan to protect against trojans....
Remember when Mom said:
1) Don’t talk to strangers.
2) Don’t get in a car with a stranger.
3) Don’t trust everyone you meet online.
With Uber, you can now dial up a random stranger online for the purpose of getting in a car with them.
I do cybersecurity for a large military organization. 56,000 devices. Mostly Windows desktops and laptops. Those are the real business hardware. There is a separate support structure for mobile devices with Android and iOS.
bkmk
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.