Anything For Preventing Firmware Rootkits?

Discussion in 'other anti-malware software' started by RoamMaster, Sep 4, 2012.

Thread Status:
Not open for further replies.
  1. RoamMaster

    RoamMaster Registered Member

    Joined:
    Oct 1, 2006
    Posts:
    50
    It's been a good five years since the PoC rootkits were circulating around the black hat community. Has anyone stepped up and made an anti-malware program that prevents fake hypervisors from running or being installed?

    I had read that Trusted Platform Module in modern hardware should prevent it, but doesn't necessarily do so in practice.
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
  3. Dr Web says it can detect BIOS rootkits, how true is that I don't know. Firmware? Not sure either.
     
  4. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I'm not sure why motherboard manufacturers stopped implementing the built-in protection against malicious BIOS mods that was commonplace some years ago :doubt:
     
  5. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    as always signature based detection for bios rootkit is useless
    those firmware attacks useually are aganist GOV or high end companies :)

    BTW companies won't devolop anything before it goes publicly wide and infects a lot of computers
    they will keep denying it existance same for the MAC malware

    "it wont get infected or it has no viruses ..blah blah blah "
    till it got infected by the flashback trojan then all companies started pushing ads and discount for their mac AV
    BTW we already know that AV way of security is useless >> so in future another trojan wil be made in the news and people going to start
    screaming > they will push their Internet security for mac

    it's just a way to make money AV companies don't care about you security they care about your money
     
    Last edited: Sep 5, 2012
  6. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Sadly these attacks aren't usually are against GOV or high end companies -that isn't the case at all. A number of Rootkits have their origin at the manufacturing level for consumer devices, although recently in the wild Niwa!mem (similar to Mebromi) has been found which targets consumer grade motherboards using the Award BIOS.

    Both Mcafee and Symantec were developing tools that would specifically scan firmware prior to installation, but the last time I heard them discussed was a conference early last year, so I don't know if they will ever be available.
     
  7. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    BIOS malware is very old since 2000 or something
    there was malware that destroyed MB
    they devoloped a 1 cent solution Called " Firmware protection by using a jumper " :)
    simple and very effective

    after a while after that threat went away
    they removed this Protection jumper > now pushing a new dual bios that is good in recovering bios but not protecting

    anyway if Firmware where protected by jumpers we wouldn't have this problem
    but after all they won't devolop anything if there is no paying for it
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.