On Fri, Jun 12, 2020 at 2:35 PM <tomas.schutz...@gmail.com> wrote: > Well that's the problem indeed, knowing if you are clean from firmware > viruses in the first place. But i don't suspect i have firmware viruses and > i have new pc. It takes a lot of time and money and no one would bother to > infect specific user. I am no one. It could be used in attacks on multi > peoples, or if already some firmware virus existed someone could use it i > guess, i don't really know. Even probability is low. I am just acting > responsibly about this. If i can use Qubes, than why not right. So if i use > Qubes, using ROM optical disk in external mechanic. So i should be > generally safe, (nothing is perfect), even if i got firmware viruses > afterwards ? I can't unplug disks and disable all of them in BIOS, i am > using NVME and it is blocked by GPU vertical mount and it was insane to > plug it in the first place and doing that each time, it is not feasible. So > if i boot from live CD, not sure if viruses on hard disks could do > anything. And i won't be booting from Windows when live CD is in and it > would be ROM and i'll use external CD mechanic. > > Also i don't know what i was saying previously, but i can't dedicate old > pc for banking at least with Qubes, it doesn't work there. So i would be > using it on my main PC. But if i used other Linux on my old pc and > dedicated it only for online banking, that should be safe right ? Even if i > had it long time, so i could have potentially some firmware viruses, that > could impact security in future. Even if i had them and they didn't do > anything so far. I don't know. >
There is not much one can do to protect against firmware viruses other than to try and prevent situations where someone can reflash your BIOS in the first place. Since the BIOS is initialized even before the software/OS gains control the malware code would already be resident in memory before the DVD booted that read-only media. The DVD drive can not even operate until the system initializes the BIOS that understands how the DVD drive even works, so if someone was able to reflash the eeprom then game-over even before the OS is even loaded. Any software loaded after the malicious code is in memory is of course subject to what that code wants to do with your system in the first place. That being said, it is extremely difficult to reflash your BIOS when running a general OS in the normal user context, and even more difficult when running a virtualized system such as Qubes. So, if you can prevent the machine from booting from any external devices then you have just raised the bar for that adversary. If you can prevent them from gaining physical access to the computer internals, as to attach a JTAG device, then that raises the bar even higher. Chances are the adversary would need physical access to the machine to pull this off, which means that any three letter agency or forign government would have to want you really really bad before they put someone to task to rig your physical machine like that. yes it's possible, but there are easier ways to do what they want than reflashing BIOS so this scenario is unlikely unless you are one very important person. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ5FDni_eF-YtLtxNHMWh-o08-EaLNd3mLJsfhz_1u6roMJnPQ%40mail.gmail.com.
