MSI MS-9282 Spezifikationen PDF herunterladen (Seite 15)

a backup BIOS. Also, all modern operating systems such as FreeBSD, Linux, OS X, Windows NT-
based Windows OS like Windows 2000, Windows XP and newer, do not allow user-mode programs to
have direct hardware access.
As a result, as of 2008, CIH has become essentially harmless, at worst causing annoyance by infecting
executable files and triggering antivirus software. Other BIOS viruses remain possible, however;
[22]
since most Windows home users without Windows Vista/7's UAC run all applications with
administrative privileges, a modern CIH-like virus could in principle still gain access to hardware
without first using an exploit. The operating system OpenBSD prevents all users from having this
access and the grsecurity patch for the linux kernel also prevents this direct hardware access by
default, the difference being an attacker requiring a much more difficult kernel level exploit or reboot
of the machine.
The second BIOS virus was a technique presented by John Heasman, principal security consultant for
UK-based Next-Generation Security Software. In 2006, at the Black Hat Security Conference, he
showed how to elevate privileges and read physical memory, using malicious procedures that replaced
normal ACPI functions stored in flash memory.
The third BIOS virus was a technique called "Persistent BIOS infection." It appeared in 2009 at the
CanSecWest Security Conference in Vancouver, and at the SyScan Security Conference in Singapore.
Researchers Anibal Sacco
[23]
 and Alfredo Ortega, from Core Security Technologies, demonstrated
how to insert malicious code into the decompression routines in the BIOS, allowing for nearly full
control of the PC at start-up, even before the operating system is booted. The proof-of-concept does
not exploit a flaw in the BIOS implementation, but only involves the normal BIOS flashing
procedures. Thus, it requires physical access to the machine, or for the user to be root. Despite these
requirements, Ortega underlined the profound implications of his and Sacco's discovery: "We can
patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable
antivirus."
[24]
Mebromi is a trojan which targets computers with AwardBIOS, Microsoft Windows, and antivirus
software from two Chinese companies: Rising Antivirus and Jiangmin KV Antivirus.
[25][26][27]
Mebromi installs a rootkit which infects the master boot record.
In a December 2013 interview with CBS 60 Minutes, Deborah Plunkett, Information Assurance
Director for the US National Security Agency claimed that NSA analysts had uncovered and thwarted
a possible BIOS attack by a foreign nation state. The attack on the world's computers could have
allegedly "literally taken down the US economy." The segment further cites anonymous cyber security
experts briefed on the operation as alleging the plot was conceived in China.
[28]
 A later article in The
Guardian cast doubt on the likelihood of such a threat, quoting Berkeley computer-science researcher
Nicholas Weaver, Matt Blaze, a computer and information sciences professor at the University of
Pennsylvania, and cybersecurity expert Robert David Graham in an analysis of the NSA's claims.
[29]
Alternatives and successors
In other types of computers, the terms boot monitor, boot loader, and boot ROM may be used instead.
As of 2011, the BIOS is being replaced by the more complex Extensible Firmware Interface (EFI) in
many new machines. EFI is a specification which replaces the runtime interface of the legacy BIOS.
Initially written for the Itanium architecture, EFI is now available for x86 and x86-64 platforms; the
1 2 ... 10 11 12 13 14 15 16 17 18 19 20
Kommentare zu diesen Handbüchern

Keine Kommentare
MSI MS-9282 Spezifikationen Seite 15

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Server MSI MS-9282
