Although I don't fully understand some of this, it still sound worrying.
Although I don't fully understand some of this, it still sound worrying.
Yeah, I heard about this. Read something briefly about it, that ACPI has some scripting language (I never knew) and that it can script a rookit. Sounds pretty scary.
Be afraid, be very afraid.
so basically if you use *nix or windows, it doesnt matter? that just sucks.
However, the ability to flash the memory depends on whether the motherboard allows the BIOS to be changed by default or if a jumper or setting in the machine setup program has to be changed.
I imagine this will probably become a motherboard standard pretty soon, if these BIOS rootkits really do take off.
so basically if you use *nix or windows, it doesnt matter? that just sucks.
There could probably go around viruses and worms on Windows that use this.
On *nix systems however, it is different, it is much less prone to viruses and worms.
Now even if it came a virus or worm for it, it probably would not be able to write to the BIOS/ACPI unless the user was running as root, which he probably do not.
So you're much better off in terms of security with *nix.
I personally don't see what is stopping an antivirus writer from downloading a free harddisk eraser program like d-ban from sourceforge, changing a few scripts, making a silent executable with say (Win Rar?) that will run automatically at reboot and destroy all data on your drive.
Or making a "BIOS" update that really isn't and "flash" your motherboard with a series of attempts, trying all of the major vendors till it (usually) hits one that works and fries your pc.
I don't see what is stopping them from using a command to delete the whole C: tree on reboot.
Yeah, I suppose they can do many of that stuff. Deltree should be enough, they dont really need to use something like d-ban or eraser that securerly erases data. Deltree will cause enough trouble for most users.
But I dont see why virus writers would want to ruin someone elses computer or data.
I can understand that maybe virus writers they a kick out of seeing how fast, far and many their virus can spread to, but there is nothing cool about destroying other peoples computers and data.
I wouldnt ever write a virus, but if I would, it would not be an evil one, it would be one that dont delete anything, just popups messages and jokes with the user. Example;
* "I got infected with a virus and it's your fault you retard!"
* "I got infected with a virus, why didnt you lookout for me?"
* "Hi my name is Chewbacca, now you probably wonder how the hell I got into your computer..."
* (Eject CD/DVD tray), "I am hungry, please put some carrots into the DVD" or "I am hungry, please feed me."
etc
Yeah, well, I was just saying.... If it's possible, they will probably do it... Eventually...
---------------------------------------------------------------------------------------------------------
Is there a way to stop this potentially hazardous loophole to keep someone from making
an undetectable silently executed automatic virus from slamming a machine? What if
they made it always use different names + change how it works each time? How would
antivirus vendors stop it, especially if they used the 4096 bit encryption?
---------------------------------------------------------------------------------------------------------
Peace