BIOS rootkits- reality or fiction?

Thread is open to all!

 

I wasn´t the creator of this russian phantom myth, ask them.

 

Hello,
I don't need to ask anyone anything. Some things are self-evident.
To run something on a PC, it must have a code. Period. No magic.
Mrk

 

And that code needs to be stored somewhere.

 

May be a code executing in memory only, from the web!

 

Like SQL Slammer?
A reboot and it's gone.

 

Yes, SQL slammer worm!

Going with reboot? Not sure?

 

Hello,
Before it gets into the memory:
1. It travels in packets to the machine, in whichever form.
2. Locally, it does whatever it does - in the form of a file, which might persist later or not, it does not matter.
3. Only then it might become active in the memory.
Mrk

 

SQL Slammer doesn't create a file. It's only a packet which is injected into the SQL process.

How is it going to survive in RAM without power?

 

Hello,
lucas, I was saying in general - that packet is a file, for that matter, the actual bit of info needed to get things started. But there ain't no juice without an orange, what I meant.
Mrk

 

Oh, I understand it now

 

Not sayinga bout this worm but was thinking about the sci-fi rootkits mentioned by SystemJunkie.

 

I'd like to see a sample/PoC of that

 

May be sometime, somewhere, in future!

 

I think that malware using firmware as storage will be only seen in high-profile corporate spying.

 

Good idea and probably if a packet/code or file is deployed then surely in temp directory to become restricted user mode friendly

I don´t think so, do you trust in
hardware industry? Somewhere between the process of your hardware order/built-to-order and the arrival to your home could be a unknown interruption. Maybe even early at creation process??!

I don´t agree with your theory, a packet is not a file I agree with this

 

LinuxBIOS could help here.

 

Have not read ur link but Linux already has rootkits.

 

aigle, admins can install rootkits, drivers, they can optionally delete core utilities and kernel modules and not boot again, or compile a new kernel (!).
What i'm interested in is if i don't give admin privileges to something, that something can still do those things.

And LinuxBIOS is an attempt to build a BIOS on free software, based on the Linux kernel.

 

I was answering SystemJunkie's concerns about the trustworthiness of the hardware industry. What's better that having free software at the lowest software level (firmware)?

Yep, gaining root privileges from an user account is really serious. Defensive programming is one way to prevent this.

 

Linux ask for root password during manipulation of the OS, so asking password for a driver install can,t be a dummy proof solution for BIOS rootkits. Only hardware jumper or something like this will be OK.

I wonder why one should care for a free software based BIOS. Does BIOS really costs anything? It comes as port of hardware.

 

The problem is you're mixing things without knowing. One thing is the OS, the other BIOS, then rootkits. Now you bring cost too
Free software ain't about price.

 

Current BIOS = closed source.
LinuxBIOS = open (i.e. you can see/modify/audit it) source.

Why I should see a prompt for root password if I'm opening a spreadsheet?
Why I should install untrusted/unknown software?
Safe hex/common sense/user education works alongside secure by design software and quick response to discovered vulnerabilities.
These are the key differences between Unix and Windows:
- Secure by design OS.
- The community audits the code.
- The developers are usually responsive to security bugs.
- The users know what they are doing (for the most part).

 

That might mean more easier for malware writers to write a malicious code.

You are not practical here. Sofar I have used linux very little( started few weeks back). I installed Ubuntu and installed some 3rd party applications like Opera etc. It gave me a warning that it can,t be trusted and I ofcourse allowed it to be installed. Now think of an ordinary user who installs frequently. He will be used to to click allow on such prompts.

How secure is linux when it goes to masses and is used by ordinary user( not geeks), we have yet to see.

 

BIOS and OS are two partners. Can u use either of them( without the other one)?

Cost is one part of free software. May be not for you but for many others especially in third world countries where nobody can afford insanely high and rather unjustified prices of software.( Only option there may be to use pirated stuff or free stuff- nothing inbetween).

I see it happening around me like a norm.