That’s it. But new generations of firmware, like UEFI, are increasing risk of infection - this is defective by design, because UEFI is meant to be able to freely allow people doing same work, like on normal OS i.e. browsing the Internet, watching movies, writing emails…This will lead to more dangerous threats, that are nowadays.
So, we came to a potential solution of securing PC against BIOS malware - setting flash protection enabled.
Removing of suspected (but maybe fictive) infection seems also very easy - reflash completely entire hardware. Also user can copy existing infected image of firmware, and send it to AV lab, maybe they will find something.
But how we can secure other hardware firmware against such type of infections? Older models of HDD or graphic cards .etc, doesn’t have any flash protection, i bet. Some new hardware also can be devoided of such protection.
Also still, we don’t know how to detect such almost perfect hidden malware. Currently available tools could fall trying to detect such.
So it seems, that the easiest way (and the hardest at the same time) is to observe own PC, hack it hard and if necessary, develop own tools for such task.
This solution isn’t that, what newbies are expecting.
Basically everything will break when pushed hard enough. 100% security does not exist.
That's it. But new generations of firmware, like UEFI, are increasing risk of infection - this is defective by design, because UEFI is meant to be able to freely allow people doing same work, like on normal OS i.e. browsing the Internet, watching movies, writing emails..This will lead to more dangerous threats, that are nowadays.
So, we came to a potential solution of securing PC against BIOS malware - setting flash protection enabled.
UEFI and BIOS are not the same.
Removing of suspected (but maybe fictive) infection seems also very easy - reflash completely entire hardware. Also user can copy existing infected image of firmware, and send it to AV lab, maybe they will find something.
But how we can secure other hardware firmware against such type of infections? Older models of HDD or graphic cards .etc, doesn’t have any flash protection, i bet.
You bet? So this danger may not even exist!
Some new hardware also can be devoided of such protection.
Again speculation. You’re just scaring yourself with unsubstantiated scenarios.
Also still, we don't know how to detect such almost perfect hidden malware. Currently available tools could fall trying to detect such.
So it seems, that the easiest way (and the hardest at the same time) is to observe own PC, hack it hard and if necessary, develop own tools for such task.
Not everybody has the time or capabilities to do this.
This solution isn't that, what newbies are expecting.
Time will tell.
Mebroni needs kernel access to be able to infect the BIOS. An unknown program will never get kernel access with CIS. CIS will protect you from it.
And what if rootkit will spread through drive-by-downloads, using 0-Days against Windows kernel protection and eventually few Internet Security systems, like Comodo :>
Then what?
Lets say that someone has actually managed to create a successful propagating BIOS malware. (which hasn’t actually happened yet)
How exactly would any security software be able to do anything about it, even if the software was able to detect the malware? It couldn’t repair or disinfect the BIOS. The only way to fix it would be to flash your BIOS again with a clean version.
As I’ve already stated, BIOS is very specific to your systems motherboard and chipset. We can’t possibly expect a security solution to have a copy of every BIOS setup in the world.
The very best we could expect would be a message that states you have a suspected BIOS issue, and you should visit your motherboard manufacturers website to download a clean BIOS version…
[...]Rakshasa replaces the motherboard BIOS, but can also infect the PCI firmware of other peripheral devices like network cards or CD-ROMs, in order to achieve a high degree of redundancy.
[…]
All of these components have been modified so they don’t display anything that could give their presence away during the booting process. Coreboot even supports custom splashscreens that can mimic the ones of the replaced BIOSes.[…]
And this is very creepy:
[...]Rakshasa was built with open source software. It replaces the vendor-supplied BIOS with a combination of Coreboot and SeaBIOS, alternatives that work on a variety of motherboards from different manufacturers, and also writes an open source network boot firmware called iPXE to the computer's network card.[...]