|
|
|
| Authored by: Anonymous on Saturday, June 09 2012 @ 07:00 AM EDT |
Where is the reference signature kept?
Is it encrypted?
[ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Saturday, June 09 2012 @ 09:09 AM EDT |
Bootsector malware does exist, and is in the wild currently.
Technically, it's been around for at least 10-15 years, and
maybe even longer... I remember first hearing about the
concept in college, which would have been in the late 90's.
Once it's lodged in the bootsector, kiss your information
goodbye.
MS is addressing a real problem. However, doing so in a way
to lock out other competition is illegal. However, RedHat
has shown that a $99 licensing fee is pretty trivial to hop
through for even middle-tier distributions.
Or you can turn off the boot signing feature at the bios
level (well, that feature has been promised... no UEFI
hardware has been released yet AFAIK).[ Reply to This | Parent | # ]
|
| |
| Authored by: tknarr on Saturday, June 09 2012 @ 01:05 PM EDT |
Not much of one. It exists, but when dealing with Windows you don't usually
have to get into the boot process. Having your malware start at system startup
is enough, and by that point UEFI's well out of the way. Looking at what's
actually out there, the only stuff in active circulation that sophisticated
seems to be government-written stuff like Stuxnet or Flame. Everything else
seems to be satisfied with the 90% of users who'll cheerfully tell their AV to
allow the action or who don't run AV and have UAC turned off because all those
prompts are just too confusing. From where I'm sitting UEFI's trying to put a
better lock on the window when the door's standing wide open. [ Reply to This | Parent | # ]
|
|
|
|
|
