Kaspersky Lab Presents World’s First Anti-Malware Product for UEFI

Discussion in 'other anti-virus software' started by zfactor, Apr 17, 2013.

Thread Status:
Not open for further replies.
  1. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    not sure if already posted but as much as im not a huge fan thought this was interesting...

    Kaspersky Lab today announced the release of a groundbreaking new product – Kaspersky Anti-Virus for UEFI (KUEFI) – an anti-malware solution which can protect the user’s PC before the operating system even starts loading.

    UEFI, or "Unified Extensible Firmware Interface", has been developed by Unified EFI Forum. It is a new model for the interface between personal-computer operating systems and platform firmware. Hailed as the ‘spiritual successor’ to BIOS (Basic Input/Output System), UEFI offers support for new technologies, improved development, and enhanced customer experience during the time after the computer is turned on but before the operating system loads. Across multiple interfaces, the Specification supports a more secure system, a faster boot time, improved performance, platform feature innovation, and a quicker, more cost-effective time-to-market product shipment.

    Among its other features, the UEFI specification makes it possible to embed a security solution ‘on the chip’. Kaspersky Lab seized this opportunity to develop the World’s first – and, at the moment, only – UEFI-compliant anti-malware product, which will be able to to scan selected system files and memory addresses before the operating system even starts loading. The advantages of such an approach cannot be overstated. Previously, rootkits and bootkits could embed themselves deeply into the system and load before any conventional anti-malware solution, thus hiding their activity from the anti-virus, or even preventing it from loading altogether.

    But now, by loading from a ROM chip that is guaranteed to be clear of bugs, KUEFI will be able to scan system files before they are loaded and detect any malware that might be lurking there. Based on Kaspersky Lab’s cutting-edge technologies and the award-winning Kaspersky Anti-Virus core, the solution offers flexible scan settings to reach the desired ‘performance vs. detection rate’ tradeoff and achieve the exact performance level each user needs. Depending on the usage mode, once a threat is detected, KUEFI can either alert the user or completely block the system boot-up until a qualified specialist resolves the issue.

    "I’m incredibly excited by this announcement – the release of KUEFI might just grant us the leverage we’ve been looking for so long in our struggle against malware,” says Nikolay Grebennikov, CTO of Kaspersky Lab. “Previously, our enemies always had the advantage – they were the first to find loopholes, weaknesses, or zero-day vulnerabilities, and we had to find a cure after the fact. But now they simply won’t be able to hide their malicious stuff anymore, as KUEFI will run at the lowest level possible and make sure that your system is clean and safe."

    The solution is designed to be used in organizations with the most stringent IT security requirements, such as state agencies, military organizations, power plants, industrial companies, and any other entities where the malware-related data loss, data leakage or corruption poses the greatest threat.


    source: http://www.kaspersky.com/about/news...ts-worlds-first-anti-valware-product-for-uefi
     
  2. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Isn't UEFI itself preventing any unsigned or modified kernel from booting in the first place? Which means, if a bootkit modified the OS kernel, then the OS will refuse to boot. So why the hassle?
    Only if the OS can not detect if there is boot sector modification. I am confused.
     
  3. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,510
    Location:
    USA - Back in a real State in time for a real Pres
    UEFI is just a veiled way to keep only MS OS's installed.
     
  4. javagreen

    javagreen Registered Member

    Joined:
    May 2, 2005
    Posts:
    96
    That's utter nonsense, seems you're one of those who've fallen for the BS propaganda propagated by a few Linux vendors. I'm a Linux user myself too, by the way.
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    If antivirus can do that, so can rootkits...
     
  6. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    What? Installing a ROM chip in your computer?
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Either it'll have to be writable and supported by all or it will simply fail miserably.
    How likely do you think a hardware vendor will lock a product to a single antivirus vendor just to make a completely custom design? I doubt it...
     
  8. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    101
  9. Wait... This is a UEFI plugin? A firmware component? And it is also an antivirus that deliberately interacts with malware code?

    Is it just me or is that outright bonkers?
     
  10. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    never mind, it's the secure boot feature that prevent unsigned/modified kernel form booting. so it's important to enable windows 8 secure boot.

     
  11. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Not the case anymore.

    Since the release of Windows 8, new machines with Windows usually come with Secure Boot enabled, because "UEFI Secure Boot is required for Windows 8 certification for client machines..." ~ http://msdn.microsoft.com/en-us/library/windows/desktop/hh848062(v=vs.85).aspx
     
Loading...
Thread Status:
Not open for further replies.