What happen when virus strike dual hdd computer ?

Sorry but there are bios virus out there. I was only pointing something out. There was no need for all that. I was being polite with my response.

 

i was polite, too, not?

i'm just saying that the op wanted to know if that could happen, sort of. and no, it won't. even while it could, it never will.


edit: and btw, no, there aren't any bios viruses out for ACTUAL systems. as they're much harder to infect that deeply to be able to modify the bios, as it was back in the 90ies..

 

Details of Bios Virus: New BIOS Virus Withstands HDD Wipes

http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html

http://www.pcpro.co.uk/news/security/18955/christmas-virus-woe

 

As others have pointed out, there are far more worrisome security threats for any network administrator to worry about. This kind of threat not only requires maximum privileges as a prerequisite to installing the rootkit, it also requires a non-password protected BIOS.

So far you've pointed out that its possible, but this says nothing about how often it occurs or how insignificant this type of threat is to relative to more common security issues.

 

e-mail to MICROSOFT Mark Russinovich: Black Hat conference

http://blogs.microsoft.nl/blogs/tonykrijnen/archive/2007/05/20/11720.aspx

 

Why is everyone ganging up on UniqueQ? He's not saying it's something to be seriously concerned about that, and I didn't see him say that at any point.
All I saw was him saying that it is possible. You guys said it's unlikely and there are bigger things to worry about, and he didn't deny it. But you can't be like "it's unlikely so it's impossible." Well, it's unlikely that I'll ever get mugged, but I acknowledge it's a possibility.

He isn't fear mongering, he is educating.

 

I am not saying that he is fear mongering, merely that it is unlikely.

 

Correct. Thank you.

 

anything's possible. it's possible a big portal opens up and leads you to pandora right now.

we all acknowledge it could be made possible, and still it's not possible that it hits you. amongst the millions or billions of computer users on this world, it's just not happening.

and why? because it would not make any sense.

if you would be in some form of mafia, and the fbi or someone want to get rid of you, then, yeah, it could be a possibility. but a home user is so absolutely 0 target for such a thing, it's probability is so close to 0, one can consider it non-existing.

yes, it's still possible, no, it still isn't possible to happen.

i never disagreed with him. i just said the op gets crazy if he gets a simple reply "yeah, possible, could happen". the op got created in some form of panic or fear of that danger, so the most important thing is to not support that fear, but to get him down to realism: it won't happen.

if his hdd dies, it's another reason.

again, unique, it was not an attack against you per se. it's just not the answer one should give to the OP.

 

Then there is a danager of a false sense of security. The first time a new virus infects doesnt mean that it is unlikely just because it has never been seen before. It could be the first of a new epidemic. Not that anyone should worry.

I dont dispute what you say about ecomonics of the modern day virus. However I appreciate evolution of the virus: how it will change over time, there could be people out there that get a 'kick' out of hardware damage and the challenge of frying hardware.

Irrespective of the frequency, there are known virus out there that damage hardware and there is active research that demonstrates what is possible. It was only my intension to point out that this is not necessary true (in a 16 word post).

 

and respective of the frequency of real world happenings based on this on ACTUAL systems, i stated it's impossible to have one around and kill your system.

and with impossible, i mean, realistically, impossible. not technically.

you know i agreed with you.

 

I am not sure what you mean by this statement. After reviewing all posts, that doesnt make sense to me.

 

because you don't get that i want to make a difference between theoretical possibilities, and actual possibilities of something really happening, or being a cause.

if someone comes over to you and tells you his hdd got killed, do you ever consider it to have been a virus? why not? because there isn't the slightest change that was it. he dropped his laptop, most likely. or the disk just failed, as they sometimes do.

but a virus? no way. it wasn't that.

yes, technically, if i know exactly what hw you have, i could write up somehow a way to kill your system. if i wanted to do that, it would be less work to just get over to you, and drop a grenade trough your window..

a general attack to any hw won't exist, it always has to be configuration specific. so while it could be doable with tons of work, it will not be done.


so while i agree that it could be possible, it still isn't possible that it could ever happen to you, to the op, to me, or about anyone else. if you're osama bin laden, then you might take care you don't get a special kill-osamas-hdd virus from the cia or something.

 

The virus could have a time delay to infect/kill on a future date. For example, the computer is initially infected on 03 Jan 2010. The virus then lies dormant, only infecting other computers. Then on 01 Apr 2010 the virus becomes active and kills hardware. The virus can propagate and kill hardware at the same time.

 

it could. but it doesn't. there's no gain in killing hw. erasing user data is much easier and just the same harm for an end user. and if it works on one machine it works on all machines.

why should one bother attacking hw? it makes no sense.

 

Maybe so. But there are bios virus out there that kill hardware.

 

no. there WHERE bios viruses out there that did this. back in the 90ies.. why back then? because then, internet viruses, spyware and such didn't made sense yet. but spreading a virus by floppy did. and a floppy, as you might know, can get full system access if you boot from it (which most pcs defaulted to).
floppy viruses where a standard attack back then, as floppies where the main way to actually share anything.

nowadays, they are nonexistant anymore.

 

Read the previous links and you will see there are bios virus out there.

 

read it, doesn't change any of my statements..

 

Its not intended to change your mind. You are entitled to believe whatever you like.

 

which is why i agreed to you. i just consider it bad to formulate it in a way that people with paranoia get support. and the op sure sounds a bit like that.

which is why i always stated it's not worth considering it to happen, as it won't.

and just because those are things that get into bios doesn't yet mean it's something that kills a hdd getting a virus into a bios to survive any deletion makes sense. killing a hdd, still, doesn't.

except if you do this as the one who sold the pc, so you can sell more hw, that is

 

And a great way to get it into bios, survive, propagate and kill hardware is above.

Irrespective of sense or not, there could be a virus out there or someone could be working on one now.

 

yes. and exactly such phrases create huge paranoia over nothing. just because it could doesn't mean one should even consider it...

but tell your mom when she uses the computer "someone could write a virus that could nuke your laptop at first april" and she never touches that laptop again in fear of just that possibility.


edit: and then try to tell her it won't happen to her.. she'll continuously think of it, asking herself (and you, most likely) "then why did you tell me in the first place".

 

You don't seem to understand my point and the point of my 16 word initial post.

 

i do. you don't seem to understand mine:

technical possibility: possible even if it won't even exist, just out of physical measurements, possible.
^^ this is what you think of

human possibility: the chance that it actually means it could possibly happen to myself (a.k.a. the reader). that means, a chance of .. maybe 1 in 10, or something.
^^ this is what most readers think of

i always try to reply in a way that i can state the truth, but in a way that the reader doesn't missinterpret stuff into it.

 

Do you have any web links you can direct me to that discusses the 1 in 10 statistics.

My 16 words are not misleading.

 

no the 1 in 10 is just random.


the trick is that: if you say "it's possible" people always think "omg, it could HAPPEN TO ME!!!!".

and it's very important to learn that default behaviour, and to try to not feed them with useless panic.

as i said, they're not missleading per se. but they WILL GET MISINTERPRETED. they just will. read how others reacted on the post.

 

You mean like your 1 in 10 statistics.

 

no. that was just based on "it could happen to me". with me being myself, or one of my closest friends.

 

...over how many pages has this been going on now?

To and fro, to and fro...

 

So there are no web site links that discuss their research then on the 1 in 10 statistics? This is a figure plucked out of thin air? I can see how this can be misleading for the average reader.

 

it looks like I'm hard to understand..

I'm still waiting for him to tell his mom that her hdd could explode any time, even while unlikely, it's possible. and then trying to get the fear out of her again.

 

My intention was only to point out there could be a virus out there. Not to propagate fear.

 

You've posted links to a 10 year old article, to an article on a POC, presented at a BlackHat conference some 3 years ago and a recent article on a POC.
All that stuff might be interesting but only if you can put it into perspective.
The POC (proof of concept) in your link might give the impression that it is simple to go from a POC towards an actual virus.
This is not so.
Read what Joanna Rutkowska (one of the most respected experts in the Ring -3-0 field (that's not ring 0 to ring 3 but ring minus 3 to ring 0!)) had to say recently about the presentation by those two Core guys, you linked to;

"...
Question:Can any vector currently re-flash the BIOS?
Joanna: No! There has been lots of confusion about it in the recent months. Some people thought that SMM attacks allow automatically to re-flash the BIOS. This is not true. Also, there was a bit unfortunate presentation at CanSecWest earlier this year by two researchers from Core, who presented on "Persistent BIOS Infection." I saw their slides and they made it look like if they found a generic way of re-flashing any BIOS and that there is hardly any way to protect against their attacks. Nothing could have been further from the truth, in fact.

First, they chose to attack two low-end, dated BIOSes: an Award BIOS and also VMWare's BIOS (that itself doesn't even count, as it's not a real BIOS). Those two BIOSes didn't require firmware updates to be digitally signed by the vendors. So, no big deal that it was possible to inject some malicious code there. On the other hand, most of the currently used BIOSes (Intel or Phoenix BIOSes) allow only signed firmware updates to be re-flashed. This mechanism has been used for years, and it has nothing to do with TPM or any of the Trusted Computing technologies.

This situation is especially not very comfortable for us, because next month at Black Hat, Rafal and Alex will be presenting on the real attacks on BIOS re-flashing, that would involve getting around Intel BIOS re-flash protection. So, Rafal and Alex will show how to re-flash a secure Intel BIOS, despite the fact that it normally only allows signed updates. This is going to be a really hardcore talk, and the actual exploit is really a masterpiece. I doubt, however, that malware would start using any similar attacks--they are just too complex and too much BIOS-specific. Yet, from the research point of view, the attack is extremely valuable with potential impact being more then just persistent BIOS infections. More on this next month, though. "

Source: TomsHardware.com interview with Joanna Rutkowska link

Moral of my post; While there are brilliant BIOS POC's presented every year, making use of them in actual malware is extremely hard to accomplish.
Spreading this malware on a scale as we are 'used' to as with other malware, is virtually impossible.
A BIOS POC ≠ malware, it's that simple.

 

Who is to say which research is true. There could be a virus out there. Technology changes fast. Bios virus does currently exist. I was only making a simple 16 word post.

http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html

http://blogs.microsoft.nl/blogs/tonykrijnen/archive/2007/05/20/11720.aspx

http://www.symantec.com/press/2000/n001219c.html

http://www.pcpro.co.uk/news/security/18955/christmas-virus-woe

 

and you even got support by those who think the post is not useful in it's way, like me. but it takes you much more than 16 words to actually understand our reasons why we wanted to correct your statement.. well, anyways. i leave you in your 16 words. as i said, you're right, anything's possible. i could be a rockstar in 2 days, it could happen. it won't, but it could.

 

If you start posting on a specific topic and you post links to support your claim, then you better know which sources to trust above other sources.
What's the use otherwise in posting those links if you can't tell who is right and who is wrong?

You can't go around posting links and then refute the value of other linked articles if you haven't got a clue who is the expert and who is the striving-to-be-an-expert.
Damned! Man up, for God's sake.

 

You havent corrected my 16 words. Read my links in above post.

 

he doesn't refute value. he just says one link sais this so it's possible, even if another sais it isn't.

and problem is, he will always be right. he can just close his ears and eyes and cry lalalallaala.

it always is possible that maybe it could be true that possibly in any form in some universe at some time he's right, and even while not, no one can disprove it, so it still is possible, sort of.

that, sort of, is his point.

 

You're right.
I concede.

 

i did correct them. i stated while it's possible it's so unlikely that you can consider it, in reality, to not happen. thus not consider it possible, even while it might, techically, be. i stated this very often, and i stated the reason why you should reconsider your statement. as, it will be interpreted as "omg, it can happen to me, anytime", as it time and time again got proven in the history of mankind, that people react that way.

 

Maybe so. But there could be a virus out there that kills hardware.

 

Just a note to UniqueQ - Baserk is out resident malware and security expert here on NBR

 

doesn't matter. there could be a virus killing hw, you know..

you should take care about your hw, btw detlev. it could happen to you

 

Thank you for the information.

No reflection on you but again, maybe so. I have also provided 4 website links. If security companies could predict virus and virus/criminal technology, then no one would ever get infected because they would have already anticipated it and provided a solution.

There could be a virus out there that kills hardware. Bios virus do exist.

 

well way for a great start into the forums, not?

other than that, as he stated, most bios only allow updates trough signed data. and each bios wants it different.

so a bios virus for a specific bios could exist, but not a "virus for all bios".

and there are hundreds or thousands or more different bios configs out in the world.

how should a virus know them all? or a virus programmer? and find flaws in each and every signed-update-technology?

and then find flaws in all hdd communication protocolls to somehow kill them? each of them?

that virus sure would be gigabytes big.

technically, possible. in reality, not so.

which was my original point, again and again. but have fun restating your phrase, which will mean much fun for the readers..

 

The 4 website links I have previously providied tell it how it is. One link is a link to current security company (a big company). They have a definition update for a Bios virus. So bios virus do exist.

Bios virus do exist

http://www.symantec.com/press/2000/n001219c.html

 

no, sir, they DID exist.

which i stated before. BIOSes of today are aware of such attacks and made in a form to prevent that.

 

The web links provided say something different.

 

the web link provides states a virus existed in 2000, that tried to flash bioses, sometimes (SOMETIMES) successfully. that was back in a land where no bios actually prevented getting flashed randomly.

and it didn't kill hw. espencially not hdds. you might had to flash the bios again, or the chip could get bricked (put into non-reflashable mode). then you needed a new bios chip. but the hw itself did NOT get damaged.


and just to inform you: that is TEN YEARS BACK. you don't think stuff evolved since then? ..