Linux Mint Forums

[viking777]

http://www.symantec.com/connect/blogs/b ... wing-again

Of course although any computer with an award bios could be affected by this exploit, its ultimate 'payload' only affects winlogon.exe or winnt.exe and prevents you from booting (and that is why I posted the thread under - 'other distributions'). So as Linux users you should be safe - unless you are dual booting windows of course.

The nasty thing about this virus is that it flashes your bios and thus cannot be removed by reinstalling windows (well it can,but it will just be reinfected) it can only be completely removed by flashing your bios again with a new rom, this makes it very difficult (impossible?) to clean with any antivirus product, because if your antivirus flashed your bios for you and broke it in the process you aren't going to be too happy, but then again if it is broken already I don't suppose it matters much. The difference is that the infection has to be caught (ie your bios infected) before it can be cured (ie your bios reflashed with a clean rom).

Would a password protected bios might protect against this sort of infection? Or a dual bios? Don't know enough about it to say with any certainty.

PS Why isn't their a 'Security' section on this forum?

[xenopeek]

Only real protection against this is if your motherboard has a physical write-protect jumper to prevent modifications of the BIOS flash. Though I used to have this on my motherboards, I didn't find any with this security feature when I upgraded my motherboard few months ago. Of course, for the average computer noob who thinks he has to flash his BIOS, it is not very friendly to have to open the casing and move a jumper. Probably why it is not a standard feature. Ugh, the noobs win another round against security...

+1 to having a Security section on the forum!

[Habitual]

...+1 to having a Security section on the forum!

I second that.

[DrHu]

PS Why isn't their a 'Security' section on this forum?

There could, maybe should be; however with Linux, as with Apple OSX there is less of a security issue than with Windows OS, despite the Microsoft's response of we are the target for virus writers..

The problem with windows has to do with their design, not as good a separation of root and user, although from Vista forwards they have been improving their security..

Even for windows it is probably out-of-date information...
http://en.wikipedia.org/wiki/CIH_(computer_virus)

Today, CIH is not as widespread as it once was, due to awareness of the threat and the fact it only affects older Windows 9x (95, 98, Me) operating systems.

The virus made another comeback in 2001 when a variant of the LoveLetter Worm in a VBS file that contained a dropper routine for the CIH virus was circulated around the internet, under the guise of a nude picture of Jennifer Lopez.

A modified version of the virus called CIH.1106 was discovered in December 2002, but it is not considered a serious threat.

There was another method of flashing a BIOS within windows from the web, while the system (OS) was running, in complete disregard to the normal BIOS flash methods..

Which wanted to use a clean boot and carefully update the BIOS

--thereby making that system even less safe; and this was provided as part of the user-friendly mainboard (motherboard) OEM's products/offerings..

[xenopeek]

There was another method of flashing a BIOS within windows from the web, while the system (OS) was running, in complete disregard to the normal BIOS flash methods..

Which wanted to use a clean boot and carefully update the BIOS

--thereby making that system even less safe; and this was provided as part of the user-friendly mainboard (motherboard) OEM's products/offerings..

Yup, flashing the BIOS from Windows Very user friendly, but what idiot thought of this...

Symantec had a blog post yesterday on a new BIOS virus threat, but again this only works from Windows.

[zerozero]

i'm not a security expert (not even close) but could this problem be avoid using a secure boot with UEFI http://www.uefi.org/specs/

[viking777]

i'm not a security expert (not even close) but could this problem be avoid using a secure boot with UEFI http://www.uefi.org/specs/

I hope you weren't relying on me for an answer to that zerozero . Anyway just to prove I have read a little bit about it, I offer this from their FAQ:

Q: Does UEFI increase security risks from viruses and the like?
A: Any firmware implementation has to take care to address security. UEFI does not change that for better or worse.