Jump to content

New BIOS guidelines aim to keep malware out of computer's nether regions


Recommended Posts



New BIOS guidelines aim to keep malware out of computer's nether regions

Firmware's unique and privileged position makes attacks a "significant threat."

by Dan Goodin - Aug 23 2012, 8:10pm EDT

A US governmental organization in charge of standardizing scientific measurements and technologies has proposed new security guidelines for the BIOS mechanisms that most computers rely on to boot up.

The new guidelines are intended to make the Basic Input/Output System more resistant to malware attacks that target the system firmware. Over the past few years, at least two trojans, one called Mebromi and another proof-of-concept demonstration, have been able to survive reboots operating-system reinstalls and evade antivirus protection by burrowing deep inside an infected computer.

"Unauthorized modification of a BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture," the new set of guidelines, which were
by the National Institute of Standards and Technology, stated. "Malicious BIOS modification could be part of a sophisticated, targeted attack on an organization—either a permanent denial of service or a persistent malware presence."

The guidelines, which pertain to BIOSes found in computer servers, detail four proposed features, including authenticated update mechanisms, an optional secure local update mechanism, firmware integrity protections, and a mechanism to prevent system components for bypassing BIOS protections. In April NIST published proposed guidelines for BIOSes found in PCs.

Interested parties have until September 14 to comment on the proposed server guidelines. Comments may be sent by e-mail to 800-147comments@nist.gov.

SOURCE: http://arstechnica.c...rity-guidelines


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.