What happen when virus strike dual hdd computer ?

Discussion in 'Security and Anti-Virus Software' started by fantomasz, Jan 1, 2010.

Thread Status:
Not open for further replies.
  1. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    So there are no web site links that discuss their research then on the 1 in 10 statistics? This is a figure plucked out of thin air? I can see how this can be misleading for the average reader.
     
  2. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,791
    Likes Received:
    0
    Trophy Points:
    205
    it looks like I'm hard to understand..

    I'm still waiting for him to tell his mom that her hdd could explode any time, even while unlikely, it's possible. and then trying to get the fear out of her again.

    :)
     
  3. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    My intention was only to point out there could be a virus out there. Not to propagate fear.
     
  4. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    You've posted links to a 10 year old article, to an article on a POC, presented at a BlackHat conference some 3 years ago and a recent article on a POC.
    All that stuff might be interesting but only if you can put it into perspective.
    The POC (proof of concept) in your link might give the impression that it is simple to go from a POC towards an actual virus.
    This is not so.
    Read what Joanna Rutkowska (one of the most respected experts in the Ring -3-0 field (that's not ring 0 to ring 3 but ring minus 3 to ring 0!)) had to say recently about the presentation by those two Core guys, you linked to;

    "...
    Question:Can any vector currently re-flash the BIOS?
    Joanna: No! There has been lots of confusion about it in the recent months. Some people thought that SMM attacks allow automatically to re-flash the BIOS. This is not true. Also, there was a bit unfortunate presentation at CanSecWest earlier this year by two researchers from Core, who presented on "Persistent BIOS Infection." I saw their slides and they made it look like if they found a generic way of re-flashing any BIOS and that there is hardly any way to protect against their attacks. Nothing could have been further from the truth, in fact.

    First, they chose to attack two low-end, dated BIOSes: an Award BIOS and also VMWare's BIOS (that itself doesn't even count, as it's not a real BIOS). Those two BIOSes didn't require firmware updates to be digitally signed by the vendors. So, no big deal that it was possible to inject some malicious code there. On the other hand, most of the currently used BIOSes (Intel or Phoenix BIOSes) allow only signed firmware updates to be re-flashed. This mechanism has been used for years, and it has nothing to do with TPM or any of the Trusted Computing technologies.

    This situation is especially not very comfortable for us, because next month at Black Hat, Rafal and Alex will be presenting on the real attacks on BIOS re-flashing, that would involve getting around Intel BIOS re-flash protection. So, Rafal and Alex will show how to re-flash a secure Intel BIOS, despite the fact that it normally only allows signed updates. This is going to be a really hardcore talk, and the actual exploit is really a masterpiece. I doubt, however, that malware would start using any similar attacks--they are just too complex and too much BIOS-specific. Yet, from the research point of view, the attack is extremely valuable with potential impact being more then just persistent BIOS infections. More on this next month, though.
    "

    Source: TomsHardware.com interview with Joanna Rutkowska link

    Moral of my post; While there are brilliant BIOS POC's presented every year, making use of them in actual malware is extremely hard to accomplish.
    Spreading this malware on a scale as we are 'used' to as with other malware, is virtually impossible.
    A BIOS POC ≠ malware, it's that simple.
     
  5. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Who is to say which research is true. There could be a virus out there. Technology changes fast. Bios virus does currently exist. I was only making a simple 16 word post.

    http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html

    http://blogs.microsoft.nl/blogs/tonykrijnen/archive/2007/05/20/11720.aspx

    http://www.symantec.com/press/2000/n001219c.html

    http://www.pcpro.co.uk/news/security/18955/christmas-virus-woe
     
  6. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,791
    Likes Received:
    0
    Trophy Points:
    205
    and you even got support by those who think the post is not useful in it's way, like me. but it takes you much more than 16 words to actually understand our reasons why we wanted to correct your statement.. well, anyways. i leave you in your 16 words. as i said, you're right, anything's possible. i could be a rockstar in 2 days, it could happen. it won't, but it could.
     
  7. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    If you start posting on a specific topic and you post links to support your claim, then you better know which sources to trust above other sources.
    What's the use otherwise in posting those links if you can't tell who is right and who is wrong?

    You can't go around posting links and then refute the value of other linked articles if you haven't got a clue who is the expert and who is the striving-to-be-an-expert.
    Damned! Man up, for God's sake.
     
  8. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    You havent corrected my 16 words. Read my links in above post.
     
  9. davepermen

    davepermen Notebook Nobel Laureate

    Reputations:
    2,972
    Messages:
    7,791
    Likes Received:
    0
    Trophy Points:
    205
    he doesn't refute value. he just says one link sais this so it's possible, even if another sais it isn't.

    and problem is, he will always be right. he can just close his ears and eyes and cry lalalallaala.

    it always is possible that maybe it could be true that possibly in any form in some universe at some time he's right, and even while not, no one can disprove it, so it still is possible, sort of.

    that, sort of, is his point.
     
  10. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    You're right.
    I concede.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page