Sorry but there are bios virus out there. I was only pointing something out. There was no need for all that. I was being polite with my response.
-
davepermen Notebook Nobel Laureate
i was polite, too, not?
i'm just saying that the op wanted to know if that could happen, sort of. and no, it won't. even while it could, it never will.
edit: and btw, no, there aren't any bios viruses out for ACTUAL systems. as they're much harder to infect that deeply to be able to modify the bios, as it was back in the 90ies.. -
Details of Bios Virus: New BIOS Virus Withstands HDD Wipes
http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html
http://www.pcpro.co.uk/news/security/18955/christmas-virus-woe -
As others have pointed out, there are far more worrisome security threats for any network administrator to worry about. This kind of threat not only requires maximum privileges as a prerequisite to installing the rootkit, it also requires a non-password protected BIOS.
So far you've pointed out that its possible, but this says nothing about how often it occurs or how insignificant this type of threat is to relative to more common security issues. -
e-mail to MICROSOFT Mark Russinovich: Black Hat conference
http://blogs.microsoft.nl/blogs/tonykrijnen/archive/2007/05/20/11720.aspx -
Why is everyone ganging up on UniqueQ? He's not saying it's something to be seriously concerned about that, and I didn't see him say that at any point.
All I saw was him saying that it is possible. You guys said it's unlikely and there are bigger things to worry about, and he didn't deny it. But you can't be like "it's unlikely so it's impossible." Well, it's unlikely that I'll ever get mugged, but I acknowledge it's a possibility.
He isn't fear mongering, he is educating. -
I am not saying that he is fear mongering, merely that it is unlikely.
-
-
davepermen Notebook Nobel Laureate
we all acknowledge it could be made possible, and still it's not possible that it hits you. amongst the millions or billions of computer users on this world, it's just not happening.
and why? because it would not make any sense.
if you would be in some form of mafia, and the fbi or someone want to get rid of you, then, yeah, it could be a possibility. but a home user is so absolutely 0 target for such a thing, it's probability is so close to 0, one can consider it non-existing.
yes, it's still possible, no, it still isn't possible to happen.
i never disagreed with him. i just said the op gets crazy if he gets a simple reply "yeah, possible, could happen". the op got created in some form of panic or fear of that danger, so the most important thing is to not support that fear, but to get him down to realism: it won't happen.
if his hdd dies, it's another reason.
again, unique, it was not an attack against you per se. it's just not the answer one should give to the OP. -
Then there is a danager of a false sense of security. The first time a new virus infects doesnt mean that it is unlikely just because it has never been seen before. It could be the first of a new epidemic. Not that anyone should worry.
I dont dispute what you say about ecomonics of the modern day virus. However I appreciate evolution of the virus: how it will change over time, there could be people out there that get a 'kick' out of hardware damage and the challenge of frying hardware.
-
davepermen Notebook Nobel Laureate
and respective of the frequency of real world happenings based on this on ACTUAL systems, i stated it's impossible to have one around and kill your system.
and with impossible, i mean, realistically, impossible. not technically.
you know i agreed with you. -
-
davepermen Notebook Nobel Laureate
because you don't get that i want to make a difference between theoretical possibilities, and actual possibilities of something really happening, or being a cause.
if someone comes over to you and tells you his hdd got killed, do you ever consider it to have been a virus? why not? because there isn't the slightest change that was it. he dropped his laptop, most likely. or the disk just failed, as they sometimes do.
but a virus? no way. it wasn't that.
yes, technically, if i know exactly what hw you have, i could write up somehow a way to kill your system. if i wanted to do that, it would be less work to just get over to you, and drop a grenade trough your window..
a general attack to any hw won't exist, it always has to be configuration specific. so while it could be doable with tons of work, it will not be done.
so while i agree that it could be possible, it still isn't possible that it could ever happen to you, to the op, to me, or about anyone else. if you're osama bin laden, then you might take care you don't get a special kill-osamas-hdd virus from the cia or something. -
-
davepermen Notebook Nobel Laureate
it could. but it doesn't. there's no gain in killing hw. erasing user data is much easier and just the same harm for an end user. and if it works on one machine it works on all machines.
why should one bother attacking hw? it makes no sense. -
-
davepermen Notebook Nobel Laureate
no. there WHERE bios viruses out there that did this. back in the 90ies.. why back then? because then, internet viruses, spyware and such didn't made sense yet. but spreading a virus by floppy did. and a floppy, as you might know, can get full system access if you boot from it (which most pcs defaulted to).
floppy viruses where a standard attack back then, as floppies where the main way to actually share anything.
nowadays, they are nonexistant anymore. -
Read the previous links and you will see there are bios virus out there.
-
davepermen Notebook Nobel Laureate
read it, doesn't change any of my statements..
-
-
davepermen Notebook Nobel Laureate
which is why i agreed to you. i just consider it bad to formulate it in a way that people with paranoia get support. and the op sure sounds a bit like that.
which is why i always stated it's not worth considering it to happen, as it won't.
and just because those are things that get into bios doesn't yet mean it's something that kills a hddgetting a virus into a bios to survive any deletion makes sense. killing a hdd, still, doesn't.
except if you do this as the one who sold the pc, so you can sell more hw, that is -
Irrespective of sense or not, there could be a virus out there or someone could be working on one now. -
davepermen Notebook Nobel Laureate
yes. and exactly such phrases create huge paranoia over nothing. just because it could doesn't mean one should even consider it...
but tell your mom when she uses the computer "someone could write a virus that could nuke your laptop at first april" and she never touches that laptop again in fear of just that possibility.
edit: and then try to tell her it won't happen to her.. she'll continuously think of it, asking herself (and you, most likely) "then why did you tell me in the first place". -
-
davepermen Notebook Nobel Laureate
i do. you don't seem to understand mine:
technical possibility: possible even if it won't even exist, just out of physical measurements, possible.
^^ this is what you think of
human possibility: the chance that it actually means it could possibly happen to myself (a.k.a. the reader). that means, a chance of .. maybe 1 in 10, or something.
^^ this is what most readers think of
i always try to reply in a way that i can state the truth, but in a way that the reader doesn't missinterpret stuff into it. -
Do you have any web links you can direct me to that discusses the 1 in 10 statistics.
-
davepermen Notebook Nobel Laureate
no the 1 in 10 is just random.
the trick is that: if you say "it's possible" people always think "omg, it could HAPPEN TO ME!!!!".
and it's very important to learn that default behaviour, and to try to not feed them with useless panic.
as i said, they're not missleading per se. but they WILL GET MISINTERPRETED. they just will. read how others reacted on the post. -
-
davepermen Notebook Nobel Laureate
no. that was just based on "it could happen to me". with me being myself, or one of my closest friends.
-
...over how many pages has this been going on now?
To and fro, to and fro... -
-
davepermen Notebook Nobel Laureate
it looks like I'm hard to understand..
I'm still waiting for him to tell his mom that her hdd could explode any time, even while unlikely, it's possible. and then trying to get the fear out of her again.
-
-
All that stuff might be interesting but only if you can put it into perspective.
The POC (proof of concept) in your link might give the impression that it is simple to go from a POC towards an actual virus.
This is not so.
Read what Joanna Rutkowska (one of the most respected experts in the Ring -3-0 field (that's not ring 0 to ring 3 but ring minus 3 to ring 0!)) had to say recently about the presentation by those two Core guys, you linked to;
"...
Question:Can any vector currently re-flash the BIOS?
Joanna: No! There has been lots of confusion about it in the recent months. Some people thought that SMM attacks allow automatically to re-flash the BIOS. This is not true. Also, there was a bit unfortunate presentation at CanSecWest earlier this year by two researchers from Core, who presented on "Persistent BIOS Infection." I saw their slides and they made it look like if they found a generic way of re-flashing any BIOS and that there is hardly any way to protect against their attacks. Nothing could have been further from the truth, in fact.
First, they chose to attack two low-end, dated BIOSes: an Award BIOS and also VMWare's BIOS (that itself doesn't even count, as it's not a real BIOS). Those two BIOSes didn't require firmware updates to be digitally signed by the vendors. So, no big deal that it was possible to inject some malicious code there. On the other hand, most of the currently used BIOSes (Intel or Phoenix BIOSes) allow only signed firmware updates to be re-flashed. This mechanism has been used for years, and it has nothing to do with TPM or any of the Trusted Computing technologies.
This situation is especially not very comfortable for us, because next month at Black Hat, Rafal and Alex will be presenting on the real attacks on BIOS re-flashing, that would involve getting around Intel BIOS re-flash protection. So, Rafal and Alex will show how to re-flash a secure Intel BIOS, despite the fact that it normally only allows signed updates. This is going to be a really hardcore talk, and the actual exploit is really a masterpiece. I doubt, however, that malware would start using any similar attacks--they are just too complex and too much BIOS-specific. Yet, from the research point of view, the attack is extremely valuable with potential impact being more then just persistent BIOS infections. More on this next month, though. "
Source: TomsHardware.com interview with Joanna Rutkowska link
Moral of my post; While there are brilliant BIOS POC's presented every year, making use of them in actual malware is extremely hard to accomplish.
Spreading this malware on a scale as we are 'used' to as with other malware, is virtually impossible.
A BIOS POC ≠ malware, it's that simple. -
http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html
http://blogs.microsoft.nl/blogs/tonykrijnen/archive/2007/05/20/11720.aspx
http://www.symantec.com/press/2000/n001219c.html
http://www.pcpro.co.uk/news/security/18955/christmas-virus-woe -
davepermen Notebook Nobel Laureate
-
What's the use otherwise in posting those links if you can't tell who is right and who is wrong?
You can't go around posting links and then refute the value of other linked articles if you haven't got a clue who is the expert and who is the striving-to-be-an-expert.
Damned! Man up, for God's sake. -
-
davepermen Notebook Nobel Laureate
he doesn't refute value. he just says one link sais this so it's possible, even if another sais it isn't.
and problem is, he will always be right. he can just close his ears and eyes and cry lalalallaala.
it always is possible that maybe it could be true that possibly in any form in some universe at some time he's right, and even while not, no one can disprove it, so it still is possible, sort of.
that, sort of, is his point. -
I concede. -
davepermen Notebook Nobel Laureate
-
-
Just a note to UniqueQ - Baserk is out resident malware and security expert here on NBR
-
davepermen Notebook Nobel Laureate
you should take care about your hw, btw detlev. it could happen to you -
No reflection on you but again, maybe so. I have also provided 4 website links. If security companies could predict virus and virus/criminal technology, then no one would ever get infected because they would have already anticipated it and provided a solution.
There could be a virus out there that kills hardware. Bios virus do exist. -
davepermen Notebook Nobel Laureate
way for a great start into the forums, not?
other than that, as he stated, most bios only allow updates trough signed data. and each bios wants it different.
so a bios virus for a specific bios could exist, but not a "virus for all bios".
and there are hundreds or thousands or more different bios configs out in the world.
how should a virus know them all? or a virus programmer? and find flaws in each and every signed-update-technology?
and then find flaws in all hdd communication protocolls to somehow kill them? each of them?
that virus sure would be gigabytes big.
technically, possible. in reality, not so.
which was my original point, again and again. but have fun restating your phrase, which will mean much fun for the readers.. -
Bios virus do exist
http://www.symantec.com/press/2000/n001219c.html -
davepermen Notebook Nobel Laureate
no, sir, they DID exist.
which i stated before. BIOSes of today are aware of such attacks and made in a form to prevent that. -
-
davepermen Notebook Nobel Laureate
the web link provides states a virus existed in 2000, that tried to flash bioses, sometimes (SOMETIMES) successfully. that was back in a land where no bios actually prevented getting flashed randomly.
and it didn't kill hw. espencially not hdds. you might had to flash the bios again, or the chip could get bricked (put into non-reflashable mode). then you needed a new bios chip. but the hw itself did NOT get damaged.
and just to inform you: that is TEN YEARS BACK. you don't think stuff evolved since then? ..
What happen when virus strike dual hdd computer ?
Discussion in 'Security and Anti-Virus Software' started by fantomasz, Jan 1, 2010.