Hi, With the news today about the virus that infects the BIOS, it got me thinking about what would need to happen to fix this. 1) Detection The BIOS infection is quite easy to detect by just doing a checksum on the memory locations the BIOS occupies. 2) Virus vector Some older Motherboards required you to move a jumper to make the BIOS writable. That security feature has all but disappeared on new motherboards, which is why the vector exists now. 3) Cleaning You have a cleaning program, but it has had to boot in a virus infected environment. How do you bypass all the virus vectors so that you can write to the flash the clean, un-infected BIOS. The answer is you have to talk directly to the hardware instead of making the standard BIOS calls to erase/write the new BIOS. 4) SMM If the BIOS is infected, it could re-write the SMM code, so that the BIOS can interrupt the CPU silently to do its harmful work. Not sure what you could do here, as it could prevent (3).
Interesting times ahead. James -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
