I saw a program once that would save a copy of your bios memory and every time you boot your computer it will check the bios in the background to make sure it has not been altered. I don't recall if it was linux or windows and I'm not concerned by that detail. Does anyone know of anything that does this? Especially freeware?
I assume you are talking about nasties like these: http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-"most"-any-compute/ http://media.blackhat.com/us-13/us-13-Bulygin-A-Tale-of-One-Software-Bypass-of-Windows-8-Secure-Boot-Slides.pdf http://www.exfiltrated.com/research.php http://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/ Most BIOS flashing programs have a feature to backup your existing BIOS. Always a good thing to do on a new PC. Also some motherboards contain a dual BIOS setup where a copy of the original BIOS is kept in the second BIOS area. I know of no software program that can protect any BIOS in existence.
Those are the things I want to protect from, but I don't see anything about comparing the running bios to a stored copy. I could probably glue together some programs to do it. Thanks for the info. If anyone else wants to post I'm still watching.
Here is something to check out: http://www.mitre.org/capabilities/c...og/copernicus-question-your-assumptions-about
A few more comments. Most security experts recommend replacing the EPROM chip on the motherboard once a BIOS infection occurs. It is the only sure way to get rid of the malware. Also if a re-flash is chosen instead, ensure that the flash file is properly signed and downloaded from the motherboard manufacture's web site. Most if not all BIOS malware is government sponsored and targeted at the same area. Such as the NSA's infamous DietyBounce: https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
