program that checks bios for alterations?

Discussion in 'other anti-virus software' started by 875929982, Mar 9, 2015.

  1. 875929982

    875929982 Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    5
    I saw a program once that would save a copy of your bios memory and every time you boot your computer it will check the bios in the background to make sure it has not been altered. I don't recall if it was linux or windows and I'm not concerned by that detail. Does anyone know of anything that does this? Especially freeware?
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I assume you are talking about nasties like these:

    http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-"most"-any-compute/

    http://media.blackhat.com/us-13/us-13-Bulygin-A-Tale-of-One-Software-Bypass-of-Windows-8-Secure-Boot-Slides.pdf

    http://www.exfiltrated.com/research.php

    http://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/

    Most BIOS flashing programs have a feature to backup your existing BIOS. Always a good thing to do on a new PC. Also some motherboards contain a dual BIOS setup where a copy of the original BIOS is kept in the second BIOS area.

    I know of no software program that can protect any BIOS in existence.
     
    Last edited by a moderator: Mar 9, 2015
  3. 875929982

    875929982 Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    5
    Those are the things I want to protect from, but I don't see anything about comparing the running bios to a stored copy. I could probably glue together some programs to do it.

    Thanks for the info. If anyone else wants to post I'm still watching.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    A few more comments.

    Most security experts recommend replacing the EPROM chip on the motherboard once a BIOS infection occurs. It is the only sure way to get rid of the malware.

    Also if a re-flash is chosen instead, ensure that the flash file is properly signed and downloaded from the motherboard manufacture's web site.

    Most if not all BIOS malware is government sponsored and targeted at the same area. Such as the NSA's infamous DietyBounce: https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
     
Loading...