- This topic has 23 replies, 10 voices, and was last updated 16 years, 6 months ago by
.
-
Posts
-
Hello everyone. Sorry if this topic has been discussed before but I couldn’t find any mention.
I’m thinking of buying an NC10, but I have one big concern. I’m worried about the integrity of the BIOS program.
If my NC10 becomes infected with malware, I need to be able to clean it up and be sure that its clean. To do this, I’d boot into a recovery OS using a boot-able USB device. For this to work, I need to trust that the BIOS is intact.
(If the BIOS has been compromised, the malware would remain running and could continue to cause damage.)
I’ve noticed that updates are downloadable as EXE files. If its simply the case that you run the EXE and the BIOS is updated, then we have a big problem. So I can be sure the BIOS remains intact, I hope someone could please enlighten me as to how (or if) the NC10 hardware protects the BIOS. If its good, I’ll certainly buy one.
Any of these would be good…
A. You can’t update the BIOS. Ever.
B. You need to flip a hardware switch before updating the BIOS.
C. You need to go into the BIOS setup (press F2 or DEL while starting up) to deploy or activate the update.
D. Some other effective method I’ve not thought of.Its like this could be a really nice mini-laptop, but I can’t be sure they didn’t add a “Make laptop explode” button, just in case you want your new laptop to explode and its made really easy. To me, updating the BIOS should be really really difficult.
Any thoughts please? Many thanks.
bad news for you, its just an auto install from the internet which randomly gets updated for a downloadable bios upgrade.
Well because of the complexity of OS’es and motherboards I would thing it would be very difficult to find a locked down Bios. As it is a requirement for being able to boot from floppy at least to upgrade bios.
And don’t really comprehend your fears about the Bios being infected or corrupted? I have never really had a need to flash the mobo myself or the bios as everything always seemed to work.
And wouldn’t the reset bios fix a corrupted bios?
I have not heard anything about viruses infecting Bios. Now I haven’t really looked. But if it was such a concern and problem would have seen it mentioned thru the different tech and news sites so wondering.
What are your fears based on as I can reset my Bios or clean install my bios.
And never have I heard of Malware,Spyware,etc.. effecting the Bios or MBR of the hardrive. Virus infecting MBR of hardrive yes and never heard of a virus infecting the Bios tho maybe out there somewhere?
Hello orb9220. All flash memory chips have a write enable line which has to be set before it will take take new data. A simple switch on the motherboard would protect the contents integrity.
Here’s some recent reports on the issue;
http://www.theregister.co.uk/2009/03/24/persistent_bios_rootkits/
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=216401170
http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.htmlViruses that mess with the BIOS are very real and nothing new. CIH dates back to 10 years ago.
http://en.wikipedia.org/wiki/CIH_virusI’m a bit depressed reading these responses, as I really wanted to buy a NC10. Without adequate BIOS protection, I would have to literally throw it away after the first malware attack. All for a feature I don’t even want. The job of the BIOS is to load the OS from the boot media. Load, copy, jump. If there was a bug in that code, we’d know about it by now.
In your response, you talk of a “reset BIOS”. Perhaps there is a pre-BIOS which *is* protected that checks the integrity of the flashed BIOS or allows me to replace a compromised BIOS with trusted code from Samsung. That would be quite acceptable and I’d make that the first step of my rescue process.
But if beach’s response is correct, and the BIOS is not protected from modification by malware, that is totally unacceptable and I would have to wonder what Samsung were thinking that day.
Many thanks, Bill.
Welcome to the forum, Bill 🙂
Thank you for raising such an important and interesting issue.
I suspect the only way you’ll get a definitive reply to your concerns is directly from Samsung Technical Support. On this page, there is a ‘send e-mail‘ link just above ‘popular questions‘.
Please keep us informed on your progress with Samsung.
[quote1238402671=billpg]I’m a bit depressed reading these responses, as I really wanted to buy a NC10. Without adequate BIOS protection, I would have to literally throw it away after the first malware attack.[/quote1238402671]
I’m afraid that this will be true of a lot of laptops and a large proportion of desktop computers now.It’s for convenience, when you ship your computers and then find out the BIOS has an issue you don’t want to have your customers opening up the case and playing with jumpers to allow them to update. Yeah I know there are other ways (maybe an option in the BIOS).
Makes me glad I have to hold down the power button to run firmware updates on my computer, and that it doesn’t use a standard BIOS.
[quote1238404632=billpg]
Hello orb9220. All flash memory chips have a write enable line which has to be set before it will take take new data. A simple switch on the motherboard would protect the contents integrity.Here’s some recent reports on the issue;
http://www.theregister.co.uk/2009/03/24/persistent_bios_rootkits/
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=216401170
http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.htmlViruses that mess with the BIOS are very real and nothing new. CIH dates back to 10 years ago.
http://en.wikipedia.org/wiki/CIH_virusI’m a bit depressed reading these responses, as I really wanted to buy a NC10. Without adequate BIOS protection, I would have to literally throw it away after the first malware attack. All for a feature I don’t even want. The job of the BIOS is to load the OS from the boot media. Load, copy, jump. If there was a bug in that code, we’d know about it by now.
In your response, you talk of a “reset BIOS”. Perhaps there is a pre-BIOS which *is* protected that checks the integrity of the flashed BIOS or allows me to replace a compromised BIOS with trusted code from Samsung. That would be quite acceptable and I’d make that the first step of my rescue process.
But if beach’s response is correct, and the BIOS is not protected from modification by malware, that is totally unacceptable and I would have to wonder what Samsung were thinking that day.
Many thanks, Bill.
[/quote1238404632]Since the NC10 has no Phoenix TrustedCore or SecureCore BIOS it can be as “easily” overwritten as any other modern BIOS. And by easy i mean that it’s not easy at all.
Sure, the Consumer BIOS used in the NC10 is not digitally signed and encrypted and yeah, you can flash it with a EXE file running under Windows but it still performs a validation check on the new file and requires Admin Powers to access the BIOS.
With that beein said the overall risk of getting the BIOS “hacked” or “infected” with Malware is very low under real life conditions anyway.
Look, even in a Laboratory Setup these “Security Experts” faced some issues and limitations as stated in the articles linked by you.
Some Quotes from the articles::
“Still, the attack is relatively sophisticated, and the attacker must have administrative rights to the targeted machine before he or she can flash the rootkit to the BIOS.”
“Of course, injecting code into the BIOS is no easy feat. It requires physical access to the machine or an exploit that hands an attacker unfettered root access.”
OK, now lets get to the CIH “issue” real quick:
The “Issue” with CIH was that back when it was released there was only one common Chipset the Intel TX and 8 out of 10 Consumer PC were running Windows 95, a very insecure system.
So it wasnt all that hard and yet effective (In terms of Hacker “Respect” or whatever) to write a “BIOS Virus” that could attack like 80% of all Consumer PC’s.
Todays Chipset and BIOS Designs are way more sophisticated and varied so there is no simple “One-haxxors-All Super-Bios-Malware” that can be applied on 1000’s of different systems.
Apart from that it’s simply not worth it. BIOS Malware is (cost)-effective for Servers or High End Medical / Science Workstations in order to steal Intellectual Property but nobody wants to sniff Joe Blow’s Network Traffic and check for his CC Data. (There are other way more effective and way cheaper methods to do this.)
From a Virus / Malware Developer point of view its simply not worth the effort. Apart from some Laboratory Security Geeks there is no Hacker who wants to spend ages on developing a BIOS Virus that wouldnt work for longer than maybe 2 Days in the wild just for Bragging rights.
With 2 Days of Bragging i mean the time until the major Antivirus Companies would update their Virus Definitions. Sure, once the BIOS Malware is installed you can’t do anything but reflashing the BIOS but in order to get infected with the Malware in first place your system has to download and execute binary code and this can be easily detected by a standard Virus Scanner.
Todays paradigms have changed and why would you waste time on developing a BIOS malware when you could rather work on the next super-effective botnet and earns lots of $$$ with Drones / Zombies spamming Mailboxes with Viagra Advertising?
Developing a BIOS Malware for Consumer Systems is simply not worth it.
This is something for laboratory geeks to proof a concept but has nothing to do with real life security issues.
I would be more worried about security issues in my Browser or Operating System than on BIOS Malware.
If you want to increase security on a standard consumer BIOS then enable write protection and NX Bit Checking in the BIOS. This should put you in the Top 10% of PC Consumers in terms of BIOS Security…
Back to more important security concerns now? Pretty please….
I’d be more concerned about someone walking off with my netbook than it somehow getting a BIOS altering virus.
FWIW, I think I’ve only owned one machine that might be able to recover easily from said BIOS changing malware; I have one Gigabyte MB with their Dual-BIOS feature.
No offence intended but frankly I think you’re being paranoid about something which is so highly improbable that it can be all but completely dismissed as a risk.
For what it’s worth I have been playing with PC’s for nigh on 20 years and can only recall flashing one BIOS which was to recognise an upgraded AMD CPU on a Gigbyte dual BIOS MOBO (still running it BTW). BIOS updating is hardly a day to day activity.
Despite it’s popularity the NC10 is but a transient blip on the Netbook scene and although there has been one BIOS update I seriously doubt that anyone would waste their time trying to write a malicious replacement. The fact that you are acutely aware of the possibility is probably as good a defence aginst such a thing as it gets and as has been mentioned, virtually every laptop on the market will be similarly vunerable.
Buy an NC10 and get on with your life lol
Hi again everyone. Sincere thanks to everyone for responding. I was hoping my points would be challenged and you didn’t disappoint. Thanks.
My response to some points raised…
[quote1238441290=Don_Audio]
Some Quotes from the articles::
“Still, the attack is relatively sophisticated, and the attacker must have administrative rights to the targeted machine before he or she can flash the rootkit to the BIOS.”
[/quote1238441290]Even though I use a limited user account day-to-day, I still have to use an admin account to install software.
[quote1238441290=Don_Audio]
Todays Chipset and BIOS Designs are way more sophisticated and varied so there is no simple “One-haxxors-All Super-Bios-Malware” that can be applied on 1000’s of different systems.
[/quote1238441290]The malware could be written to attempt each BIOS it knows about one-by-one until one hits, then its in. I would doubt there is a lot of variation out there as each vendor isn’t going to completely redesign thier hardware from scratch every time.
[quote1238441290=Don_Audio]
From a Virus / Malware Developer point of view its simply not worth the effort. Apart from some Laboratory Security Geeks there is no Hacker who wants to spend ages on developing a BIOS Virus that wouldnt work for longer than maybe 2 Days in the wild just for Bragging rights.
[/quote1238441290]Now here I would have to disagree. An attacker out to install malware for gain wants to get in and remain undetected. BIOS hosted malware wouldn’t be spotted living on the hard disk, could evade detection with VM techniques and would survive a hard disk wipe.
It may be just researchers now, but a lot of vulnerabilities start out as just research until someone puts in the effort to actively exploit them.
From the look of it though, a lot of mini-laptops have the same flaw (I would still call it that.) so I may end up with a NC10 after all.
[quote1238453557=KiNeL]
For what it’s worth I have been playing with PC’s for nigh on 20 years and can only recall flashing one BIOS which was to recognise an upgraded AMD CPU on a Gigbyte dual BIOS MOBO (still running it BTW). BIOS updating is hardly a day to day activity.
[/quote1238453557]And that’s what so maddening about this issue for me. I don’t want to change the BIOS. Its such a rare event. Imagine I got my way and all NC10s magically had a switch added into the write enable line of the flash chip. Would anyone even notice?
[quote1238453557=KiNeL]
Despite it’s popularity the NC10 is but a transient blip on the Netbook scene and although there has been one BIOS update I seriously doubt that anyone would waste their time trying to write a malicious replacement.
[/quote1238453557]I would disagree for the reasons I mentioned in an earlier posting. *IF* its possible to infect a BIOS, there is plenty of incentive to do so.
[quote1238453557=KiNeL]
Buy an NC10 and get on with your life lol
[/quote1238453557]I may end up doing that anyway. As much as I like the idea of voting with my wallet against the whole industry, that way doesn’t get me my laptop.
If I do buy one, I hope I’m still welcome here.
[quote1238455407=billpg]
[quote1238441290=Don_Audio]
From a Virus / Malware Developer point of view its simply not worth the effort. Apart from some Laboratory Security Geeks there is no Hacker who wants to spend ages on developing a BIOS Virus that wouldnt work for longer than maybe 2 Days in the wild just for Bragging rights.
[/quote1238441290]Now here I would have to disagree. An attacker out to install malware for gain wants to get in and remain undetected. BIOS hosted malware wouldn’t be spotted living on the hard disk, could evade detection with VM techniques and would survive a hard disk wipe.[/quote1238455407]
If a malware writer/user is trying to make money from it they would want to be able to target the largest amount of people possible. An attack on the BIOS isn’t really very practical as they are different enough that it would take a lot of effort to target even a small number of systems. There are far easier ways which can target a large variety of systems/people.[quote1238455407=billpg]From the look of it though, a lot of mini-laptops have the same flaw (I would still call it that.) so I may end up with a NC10 after all.[/quote1238455407]
I would have thought that most systems both desktops and laptops now have this feature or flaw as you call it.I’m not convinced that we’ll see any kind of outbreak of BIOS attacks in the near future, or that the NC10 would even be targeted. There are many other attacks that could occur, including someone stealing the computer.
At worst it would hopefully be possible to reflash the BIOS using a live Windows disk, and stick the hard drive in another computer which can’t be infected to recover any files.
If you are really worried about security have you considered (or do you) running an OS that isn’t Windows?
[quote1238459252=billpg]
[quote1238441290=Don_Audio]
From a Virus / Malware Developer point of view its simply not worth the effort. Apart from some Laboratory Security Geeks there is no Hacker who wants to spend ages on developing a BIOS Virus that wouldnt work for longer than maybe 2 Days in the wild just for Bragging rights.
[/quote1238441290]Now here I would have to disagree. An attacker out to install malware for gain wants to get in and remain undetected. BIOS hosted malware wouldn’t be spotted living on the hard disk, could evade detection with VM techniques and would survive a hard disk wipe.
[/quote1238459252]My Quote sounds a little out of context without the rest i’ve written:
With 2 Days of Bragging i mean the time until the major Antivirus Companies would update their Virus Definitions. Sure, once the BIOS Malware is installed you can’t do anything but reflashing the BIOS but in order to get infected with the Malware in first place your system has to download and execute binary code and this can be easily detected by a standard Virus Scanner.
[quote1238487116=billpg]
If I do buy one, I hope I’m still welcome here.
[/quote1238487116]Of course ;)!
I for one found the discussion interesting and it shows that it is possible to have a sensible debate even on t’Intarweb ;)!
[quote1238510849=billpg]And that’s what so maddening about this issue for me. I don’t want to change the BIOS. Its such a rare event. Imagine I got my way and all NC10s magically had a switch added into the write enable line of the flash chip. Would anyone even notice?[/quote1238510849]
Samsung would, as putting in a write protect jumper (jumpers being cheaper than switches) somewhere user-accessible would require some redesign of the mainboard. Then they’d have to produce new mainboards with the changes, they’d need someone to stick a jumper on there during production, it’s another thing they’d have to test and support, and so on.Even if it was only $1 per machine, to Samsung it could be millions of dollars per year in total cost across their entire computer operation. That’s hard to justify for what is currently a very remote potential threat.
- You must be logged in to reply to this topic.