How to determine if BIOS is write protected?

General technological topics without their own forum go here

How to determine if BIOS is write protected?

Post by Sekkite on Tue Oct 15, 2013 8:35 pm
([msg=77687]see How to determine if BIOS is write protected?[/msg])

I'm one of those paranoid types that wants to make sure that if I wipe my computer, it's guaranteed to be clean of malware. I realize it's unlikely to ever come across a virus that persists in the BIOS, but I want to be absolutely certain that my computer cannot try to flash the BIOS from within the operating system.

So, how do I go about checking if my BIOS is write protected and if it isn't and there isn't a simple option in the BIOS to fix this, do I have any recourse to enable write protection?
Sekkite
New User
New User
 
Posts: 16
Joined: Sat Jan 31, 2009 11:02 pm
Blog: View Blog (0)


Re: How to determine if BIOS is write protected?

Post by -Unicod3- on Wed Oct 16, 2013 8:47 am
([msg=77697]see Re: How to determine if BIOS is write protected?[/msg])

From what I know about BIOS (very little) is that most companies have all of the memory is mapped, If someone was to tamper with it, it could/would be catastrophic, and most malware has a purpose for being on a machine, and to kill the machine is usually not the reason.

So I wouldn't worry too much about it, IMHO.
Little by little, one travels far” ― J.R.R. Tolkien
User avatar
-Unicod3-
New User
New User
 
Posts: 23
Joined: Sun Oct 13, 2013 10:47 am
Blog: View Blog (0)


Re: How to determine if BIOS is write protected?

Post by centip3de on Wed Oct 16, 2013 2:12 pm
([msg=77708]see Re: How to determine if BIOS is write protected?[/msg])

Sekkite wrote:I'm one of those paranoid types that wants to make sure that if I wipe my computer, it's guaranteed to be clean of malware. I realize it's unlikely to ever come across a virus that persists in the BIOS, but I want to be absolutely certain that my computer cannot try to flash the BIOS from within the operating system.

So, how do I go about checking if my BIOS is write protected and if it isn't and there isn't a simple option in the BIOS to fix this, do I have any recourse to enable write protection?


You can't write to your BIOS. Most, if not all of the memory in the BIOS is memory mapped and reserved. The only way to write to the BIOS chip is to flash the code to the BIOS chip in your computer, which is a quasi-difficult thing to do in-and-of-itself, i.e. fairly easy to do with pre-existing programs, extremely complicated to write a custom program to do it. It's also extremely easy to fuck up and brick your computer. Beyond THAT, there'd be no real point in changing the BIOS, even for malicious intent. All the BIOS does is provide certain interrupts and set some settings, then jumps to the bootloader code. Boot-kits (rootkits that run when the computer starts up) don't interfere with the BIOS. What they usually do is rewrite the bootloader to load their malicious code first and then load the normal bootloader. In certain cases this allows the malicious code to bypass the kernel and execute ring 0 code while the OS is running (which is something you really don't want to happen).

As far as preventing this goes, the best and only method is to not allow physical access to the computer. Because you can't rewrite the bootloader while you're in an OS, they'd need to manually shut-down your computer, then boot it back up and install their code. So honestly, as long as you don't leave your computer unattended with random people, you needn't worry.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1423
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: How to determine if BIOS is write protected?

Post by Sekkite on Thu Oct 17, 2013 6:18 am
([msg=77721]see Re: How to determine if BIOS is write protected?[/msg])

Interesting. Sounds like I was misinformed before. I appreciate the explanation!

But for sanity's sake - so there is absolutely nothing at all, no matter how unlikely, that can be done by an attacker remotely to achieve persistence within a computer even if the harddrive is wiped and a fresh installation is made?
Sekkite
New User
New User
 
Posts: 16
Joined: Sat Jan 31, 2009 11:02 pm
Blog: View Blog (0)


Re: How to determine if BIOS is write protected?

Post by centip3de on Sat Oct 19, 2013 6:56 pm
([msg=77767]see Re: How to determine if BIOS is write protected?[/msg])

Sekkite wrote:Interesting. Sounds like I was misinformed before. I appreciate the explanation!

But for sanity's sake - so there is absolutely nothing at all, no matter how unlikely, that can be done by an attacker remotely to achieve persistence within a computer even if the harddrive is wiped and a fresh installation is made?


That is correct. Mainly because in order to add their own code, they'd have to restart the computer. Once a computer restarts, as you know, all connections to the outside world are severed, which would then end the remote's control of the computer, which would then mean they couldn't do shit.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1423
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests

cron