Firmware infecting malware?How about it?

Before the rootkit can do all of these things, it has to get on the system. From the attack vectors Heasman lists, the rootkit can be blocked as can any other rootkit malware.

Your reference to the keyboard logger assumes the computer was compromised by a browser exploit. What if the browser exploit were blocked? Then, no compromise. Doesn't Heasman make that clear in his statement on Prevention that I quoted?

Sinister as these descriptions of the rootkit's capabilities are, a great many assumptions are made as to it's implementation.

----
rich

 

I have just one question.

How do most people (95%) learn that they need to implement better computing security methods?

 

I can speak only for those I've been in contact with over many years:

1. a person gets infected and decides she/he needs better security methods
   
   Often, it is a matter of policies and practices and not more security products.
   
   
2. a person reads an article on security and starts asking questions and realizes a need for better security methods

 

I noticed that AHCI SATA bios is executed before the original bios, during
init procedure you are unable to use the keyboard. If I try e.g. to start vista 64 in ahci mode I get a stop 7 check for viruses without ahci boot works usual. The only difference on this system is that using IDE HD with OCd Bios and WinXP works seamless when I make a cold boot but with S-ATA the dualbios resets itself three times to non OCd default CPU speed until I am able to boot Vista. Probably this AHCI mode is not really practicable.

BTW I don´t know if someone mentioned it already, most firmware is flashable even via usermode if one owns SeTcbPriviledge then you need no driver so a persistent hotpatch would be likely.

 

Some news for the linux freaks:

Never underestimate the viciousness of packet radios. BTW if someone has a foolproofed way to disable all radio abilities of a motherboard (except destruction of ethernet, soundcard, usb, bluetooth and other related microchips) leave a comment here.

 

Place in a Faraday cage? Copper mesh?

As to motherboard phoning home ET, I leave that to movie failures like Swordfish. In fact, the plausibility of hacking in that movie almost parallels this thread.

Mrk