Kaspersky Lab Presents World’s First Anti-Malware Product for UEFI

not sure if already posted but as much as im not a huge fan thought this was interesting...

Kaspersky Lab today announced the release of a groundbreaking new product – Kaspersky Anti-Virus for UEFI (KUEFI) – an anti-malware solution which can protect the user’s PC before the operating system even starts loading.

UEFI, or "Unified Extensible Firmware Interface", has been developed by Unified EFI Forum. It is a new model for the interface between personal-computer operating systems and platform firmware. Hailed as the ‘spiritual successor’ to BIOS (Basic Input/Output System), UEFI offers support for new technologies, improved development, and enhanced customer experience during the time after the computer is turned on but before the operating system loads. Across multiple interfaces, the Specification supports a more secure system, a faster boot time, improved performance, platform feature innovation, and a quicker, more cost-effective time-to-market product shipment.

Among its other features, the UEFI specification makes it possible to embed a security solution ‘on the chip’. Kaspersky Lab seized this opportunity to develop the World’s first – and, at the moment, only – UEFI-compliant anti-malware product, which will be able to to scan selected system files and memory addresses before the operating system even starts loading. The advantages of such an approach cannot be overstated. Previously, rootkits and bootkits could embed themselves deeply into the system and load before any conventional anti-malware solution, thus hiding their activity from the anti-virus, or even preventing it from loading altogether.

But now, by loading from a ROM chip that is guaranteed to be clear of bugs, KUEFI will be able to scan system files before they are loaded and detect any malware that might be lurking there. Based on Kaspersky Lab’s cutting-edge technologies and the award-winning Kaspersky Anti-Virus core, the solution offers flexible scan settings to reach the desired ‘performance vs. detection rate’ tradeoff and achieve the exact performance level each user needs. Depending on the usage mode, once a threat is detected, KUEFI can either alert the user or completely block the system boot-up until a qualified specialist resolves the issue.

"I’m incredibly excited by this announcement – the release of KUEFI might just grant us the leverage we’ve been looking for so long in our struggle against malware,” says Nikolay Grebennikov, CTO of Kaspersky Lab. “Previously, our enemies always had the advantage – they were the first to find loopholes, weaknesses, or zero-day vulnerabilities, and we had to find a cure after the fact. But now they simply won’t be able to hide their malicious stuff anymore, as KUEFI will run at the lowest level possible and make sure that your system is clean and safe."

The solution is designed to be used in organizations with the most stringent IT security requirements, such as state agencies, military organizations, power plants, industrial companies, and any other entities where the malware-related data loss, data leakage or corruption poses the greatest threat.


source: http://www.kaspersky.com/about/news...ts-worlds-first-anti-valware-product-for-uefi

 

Isn't UEFI itself preventing any unsigned or modified kernel from booting in the first place? Which means, if a bootkit modified the OS kernel, then the OS will refuse to boot. So why the hassle?
Only if the OS can not detect if there is boot sector modification. I am confused.

 

UEFI is just a veiled way to keep only MS OS's installed.

 

That's utter nonsense, seems you're one of those who've fallen for the BS propaganda propagated by a few Linux vendors. I'm a Linux user myself too, by the way.

 

If antivirus can do that, so can rootkits...

 

What? Installing a ROM chip in your computer?

 

Either it'll have to be writable and supported by all or it will simply fail miserably.
How likely do you think a hardware vendor will lock a product to a single antivirus vendor just to make a completely custom design? I doubt it...

 

New vicious UEFI bootkit found for Windows 8

secureboot can be effective against many such methods but it is usually disabled by default because it severely limits user choices.

 

Wait... This is a UEFI plugin? A firmware component? And it is also an antivirus that deliberately interacts with malware code?

Is it just me or is that outright bonkers?

 

never mind, it's the secure boot feature that prevent unsigned/modified kernel form booting. so it's important to enable windows 8 secure boot.

 

Not the case anymore.

Since the release of Windows 8, new machines with Windows usually come with Secure Boot enabled, because "UEFI Secure Boot is required for Windows 8 certification for client machines..." ~ http://msdn.microsoft.com/en-us/library/windows/desktop/hh848062(v=vs.85).aspx