The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.
← Previous pageNext page →

    What happen when virus strike dual hdd computer ?

    Discussion in 'Security and Anti-Virus Software' started by fantomasz, Jan 1, 2010.

  1. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Sorry but there are bios virus out there. I was only pointing something out. There was no need for all that. I was being polite with my response.
     
  2. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    i was polite, too, not?

    i'm just saying that the op wanted to know if that could happen, sort of. and no, it won't. even while it could, it never will.


    edit: and btw, no, there aren't any bios viruses out for ACTUAL systems. as they're much harder to infect that deeply to be able to modify the bios, as it was back in the 90ies..
     
  3. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
  4. Bog

    Bog Losing it...

    Reputations:
    4,018
    Messages:
    6,046
    Likes Received:
    7
    Trophy Points:
    206
    As others have pointed out, there are far more worrisome security threats for any network administrator to worry about. This kind of threat not only requires maximum privileges as a prerequisite to installing the rootkit, it also requires a non-password protected BIOS.

    So far you've pointed out that its possible, but this says nothing about how often it occurs or how insignificant this type of threat is to relative to more common security issues.
     
  5. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
  6. Hep!

    Hep! sees beauty in everything

    Reputations:
    1,806
    Messages:
    5,921
    Likes Received:
    1
    Trophy Points:
    206
    Why is everyone ganging up on UniqueQ? He's not saying it's something to be seriously concerned about that, and I didn't see him say that at any point.
    All I saw was him saying that it is possible. You guys said it's unlikely and there are bigger things to worry about, and he didn't deny it. But you can't be like "it's unlikely so it's impossible." Well, it's unlikely that I'll ever get mugged, but I acknowledge it's a possibility.

    He isn't fear mongering, he is educating.
     
  7. Bog

    Bog Losing it...

    Reputations:
    4,018
    Messages:
    6,046
    Likes Received:
    7
    Trophy Points:
    206
    I am not saying that he is fear mongering, merely that it is unlikely.
     
  8. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Correct. Thank you. :)
     
  9. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    anything's possible. it's possible a big portal opens up and leads you to pandora right now.

    we all acknowledge it could be made possible, and still it's not possible that it hits you. amongst the millions or billions of computer users on this world, it's just not happening.

    and why? because it would not make any sense.

    if you would be in some form of mafia, and the fbi or someone want to get rid of you, then, yeah, it could be a possibility. but a home user is so absolutely 0 target for such a thing, it's probability is so close to 0, one can consider it non-existing.

    yes, it's still possible, no, it still isn't possible to happen.

    i never disagreed with him. i just said the op gets crazy if he gets a simple reply "yeah, possible, could happen". the op got created in some form of panic or fear of that danger, so the most important thing is to not support that fear, but to get him down to realism: it won't happen.

    if his hdd dies, it's another reason.

    again, unique, it was not an attack against you per se. it's just not the answer one should give to the OP.
     
  10. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15

    Then there is a danager of a false sense of security. The first time a new virus infects doesnt mean that it is unlikely just because it has never been seen before. It could be the first of a new epidemic. Not that anyone should worry.

    I dont dispute what you say about ecomonics of the modern day virus. However I appreciate evolution of the virus: how it will change over time, there could be people out there that get a 'kick' out of hardware damage and the challenge of frying hardware.

    Irrespective of the frequency, there are known virus out there that damage hardware and there is active research that demonstrates what is possible. It was only my intension to point out that this is not necessary true (in a 16 word post). :)
     
  11. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    and respective of the frequency of real world happenings based on this on ACTUAL systems, i stated it's impossible to have one around and kill your system.

    and with impossible, i mean, realistically, impossible. not technically.

    you know i agreed with you.
     
  12. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    I am not sure what you mean by this statement. After reviewing all posts, that doesnt make sense to me.
     
  13. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    because you don't get that i want to make a difference between theoretical possibilities, and actual possibilities of something really happening, or being a cause.

    if someone comes over to you and tells you his hdd got killed, do you ever consider it to have been a virus? why not? because there isn't the slightest change that was it. he dropped his laptop, most likely. or the disk just failed, as they sometimes do.

    but a virus? no way. it wasn't that.

    yes, technically, if i know exactly what hw you have, i could write up somehow a way to kill your system. if i wanted to do that, it would be less work to just get over to you, and drop a grenade trough your window..

    a general attack to any hw won't exist, it always has to be configuration specific. so while it could be doable with tons of work, it will not be done.


    so while i agree that it could be possible, it still isn't possible that it could ever happen to you, to the op, to me, or about anyone else. if you're osama bin laden, then you might take care you don't get a special kill-osamas-hdd virus from the cia or something.
     
  14. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    The virus could have a time delay to infect/kill on a future date. For example, the computer is initially infected on 03 Jan 2010. The virus then lies dormant, only infecting other computers. Then on 01 Apr 2010 the virus becomes active and kills hardware. The virus can propagate and kill hardware at the same time.
     
  15. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    it could. but it doesn't. there's no gain in killing hw. erasing user data is much easier and just the same harm for an end user. and if it works on one machine it works on all machines.

    why should one bother attacking hw? it makes no sense.
     
  16. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Maybe so. But there are bios virus out there that kill hardware.
     
  17. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    no. there WHERE bios viruses out there that did this. back in the 90ies.. why back then? because then, internet viruses, spyware and such didn't made sense yet. but spreading a virus by floppy did. and a floppy, as you might know, can get full system access if you boot from it (which most pcs defaulted to).
    floppy viruses where a standard attack back then, as floppies where the main way to actually share anything.

    nowadays, they are nonexistant anymore.
     
  18. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Read the previous links and you will see there are bios virus out there.
     
  19. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    read it, doesn't change any of my statements..
     
  20. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Its not intended to change your mind. You are entitled to believe whatever you like. :)
     
  21. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    which is why i agreed to you. i just consider it bad to formulate it in a way that people with paranoia get support. and the op sure sounds a bit like that.

    which is why i always stated it's not worth considering it to happen, as it won't.

    and just because those are things that get into bios doesn't yet mean it's something that kills a hdd :) getting a virus into a bios to survive any deletion makes sense. killing a hdd, still, doesn't.

    except if you do this as the one who sold the pc, so you can sell more hw, that is :)
     
  22. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    And a great way to get it into bios, survive, propagate and kill hardware is above.

    Irrespective of sense or not, there could be a virus out there or someone could be working on one now.
     
  23. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    yes. and exactly such phrases create huge paranoia over nothing. just because it could doesn't mean one should even consider it...

    but tell your mom when she uses the computer "someone could write a virus that could nuke your laptop at first april" and she never touches that laptop again in fear of just that possibility.


    edit: and then try to tell her it won't happen to her.. she'll continuously think of it, asking herself (and you, most likely) "then why did you tell me in the first place".
     
  24. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    You don't seem to understand my point and the point of my 16 word initial post.
     
  25. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    i do. you don't seem to understand mine:

    technical possibility: possible even if it won't even exist, just out of physical measurements, possible.
    ^^ this is what you think of

    human possibility: the chance that it actually means it could possibly happen to myself (a.k.a. the reader). that means, a chance of .. maybe 1 in 10, or something.
    ^^ this is what most readers think of

    i always try to reply in a way that i can state the truth, but in a way that the reader doesn't missinterpret stuff into it.
     
  26. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15

    Do you have any web links you can direct me to that discusses the 1 in 10 statistics. :)

    My 16 words are not misleading.
     
  27. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    no the 1 in 10 is just random.


    the trick is that: if you say "it's possible" people always think "omg, it could HAPPEN TO ME!!!!".

    and it's very important to learn that default behaviour, and to try to not feed them with useless panic.

    as i said, they're not missleading per se. but they WILL GET MISINTERPRETED. they just will. read how others reacted on the post.
     
  28. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    You mean like your 1 in 10 statistics.
     
  29. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    no. that was just based on "it could happen to me". with me being myself, or one of my closest friends.
     
  30. DetlevCM

    DetlevCM Notebook Nobel Laureate

    Reputations:
    4,843
    Messages:
    8,389
    Likes Received:
    1
    Trophy Points:
    205
    ...over how many pages has this been going on now?

    To and fro, to and fro...
     
  31. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    So there are no web site links that discuss their research then on the 1 in 10 statistics? This is a figure plucked out of thin air? I can see how this can be misleading for the average reader.
     
  32. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    it looks like I'm hard to understand..

    I'm still waiting for him to tell his mom that her hdd could explode any time, even while unlikely, it's possible. and then trying to get the fear out of her again.

    :)
     
  33. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    My intention was only to point out there could be a virus out there. Not to propagate fear.
     
  34. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    You've posted links to a 10 year old article, to an article on a POC, presented at a BlackHat conference some 3 years ago and a recent article on a POC.
    All that stuff might be interesting but only if you can put it into perspective.
    The POC (proof of concept) in your link might give the impression that it is simple to go from a POC towards an actual virus.
    This is not so.
    Read what Joanna Rutkowska (one of the most respected experts in the Ring -3-0 field (that's not ring 0 to ring 3 but ring minus 3 to ring 0!)) had to say recently about the presentation by those two Core guys, you linked to;

    "...
    Question:Can any vector currently re-flash the BIOS?
    Joanna: No! There has been lots of confusion about it in the recent months. Some people thought that SMM attacks allow automatically to re-flash the BIOS. This is not true. Also, there was a bit unfortunate presentation at CanSecWest earlier this year by two researchers from Core, who presented on "Persistent BIOS Infection." I saw their slides and they made it look like if they found a generic way of re-flashing any BIOS and that there is hardly any way to protect against their attacks. Nothing could have been further from the truth, in fact.

    First, they chose to attack two low-end, dated BIOSes: an Award BIOS and also VMWare's BIOS (that itself doesn't even count, as it's not a real BIOS). Those two BIOSes didn't require firmware updates to be digitally signed by the vendors. So, no big deal that it was possible to inject some malicious code there. On the other hand, most of the currently used BIOSes (Intel or Phoenix BIOSes) allow only signed firmware updates to be re-flashed. This mechanism has been used for years, and it has nothing to do with TPM or any of the Trusted Computing technologies.

    This situation is especially not very comfortable for us, because next month at Black Hat, Rafal and Alex will be presenting on the real attacks on BIOS re-flashing, that would involve getting around Intel BIOS re-flash protection. So, Rafal and Alex will show how to re-flash a secure Intel BIOS, despite the fact that it normally only allows signed updates. This is going to be a really hardcore talk, and the actual exploit is really a masterpiece. I doubt, however, that malware would start using any similar attacks--they are just too complex and too much BIOS-specific. Yet, from the research point of view, the attack is extremely valuable with potential impact being more then just persistent BIOS infections. More on this next month, though.
    "

    Source: TomsHardware.com interview with Joanna Rutkowska link

    Moral of my post; While there are brilliant BIOS POC's presented every year, making use of them in actual malware is extremely hard to accomplish.
    Spreading this malware on a scale as we are 'used' to as with other malware, is virtually impossible.
    A BIOS POC ≠ malware, it's that simple.
     
  35. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Who is to say which research is true. There could be a virus out there. Technology changes fast. Bios virus does currently exist. I was only making a simple 16 word post.

    http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html

    http://blogs.microsoft.nl/blogs/tonykrijnen/archive/2007/05/20/11720.aspx

    http://www.symantec.com/press/2000/n001219c.html

    http://www.pcpro.co.uk/news/security/18955/christmas-virus-woe
     
  36. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    and you even got support by those who think the post is not useful in it's way, like me. but it takes you much more than 16 words to actually understand our reasons why we wanted to correct your statement.. well, anyways. i leave you in your 16 words. as i said, you're right, anything's possible. i could be a rockstar in 2 days, it could happen. it won't, but it could.
     
  37. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    If you start posting on a specific topic and you post links to support your claim, then you better know which sources to trust above other sources.
    What's the use otherwise in posting those links if you can't tell who is right and who is wrong?

    You can't go around posting links and then refute the value of other linked articles if you haven't got a clue who is the expert and who is the striving-to-be-an-expert.
    Damned! Man up, for God's sake.
     
  38. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    You havent corrected my 16 words. Read my links in above post.
     
  39. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    he doesn't refute value. he just says one link sais this so it's possible, even if another sais it isn't.

    and problem is, he will always be right. he can just close his ears and eyes and cry lalalallaala.

    it always is possible that maybe it could be true that possibly in any form in some universe at some time he's right, and even while not, no one can disprove it, so it still is possible, sort of.

    that, sort of, is his point.
     
  40. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    You're right.
    I concede.
     
  41. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    i did correct them. i stated while it's possible it's so unlikely that you can consider it, in reality, to not happen. thus not consider it possible, even while it might, techically, be. i stated this very often, and i stated the reason why you should reconsider your statement. as, it will be interpreted as "omg, it can happen to me, anytime", as it time and time again got proven in the history of mankind, that people react that way.
     
  42. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Maybe so. But there could be a virus out there that kills hardware.
     
  43. DetlevCM

    DetlevCM Notebook Nobel Laureate

    Reputations:
    4,843
    Messages:
    8,389
    Likes Received:
    1
    Trophy Points:
    205
    Just a note to UniqueQ - Baserk is out resident malware and security expert here on NBR :)
     
  44. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    doesn't matter. there could be a virus killing hw, you know.. :)

    you should take care about your hw, btw detlev. it could happen to you :)
     
  45. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Thank you for the information.

    No reflection on you but again, maybe so. I have also provided 4 website links. If security companies could predict virus and virus/criminal technology, then no one would ever get infected because they would have already anticipated it and provided a solution.

    There could be a virus out there that kills hardware. Bios virus do exist.
     
  46. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    well :) way for a great start into the forums, not?

    other than that, as he stated, most bios only allow updates trough signed data. and each bios wants it different.

    so a bios virus for a specific bios could exist, but not a "virus for all bios".

    and there are hundreds or thousands or more different bios configs out in the world.

    how should a virus know them all? or a virus programmer? and find flaws in each and every signed-update-technology?

    and then find flaws in all hdd communication protocolls to somehow kill them? each of them?

    that virus sure would be gigabytes big.

    technically, possible. in reality, not so.

    which was my original point, again and again. but have fun restating your phrase, which will mean much fun for the readers.. :)
     
  47. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    The 4 website links I have previously providied tell it how it is. One link is a link to current security company (a big company). They have a definition update for a Bios virus. So bios virus do exist.

    Bios virus do exist

    http://www.symantec.com/press/2000/n001219c.html
     
  48. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    no, sir, they DID exist.

    which i stated before. BIOSes of today are aware of such attacks and made in a form to prevent that.
     
  49. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    The web links provided say something different.
     
  50. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,788
    Likes Received:
    0
    Trophy Points:
    205
    the web link provides states a virus existed in 2000, that tried to flash bioses, sometimes (SOMETIMES) successfully. that was back in a land where no bios actually prevented getting flashed randomly.

    and it didn't kill hw. espencially not hdds. you might had to flash the bios again, or the chip could get bricked (put into non-reflashable mode). then you needed a new bios chip. but the hw itself did NOT get damaged.


    and just to inform you: that is TEN YEARS BACK. you don't think stuff evolved since then? ..
     
← Previous pageNext page →