[lug] Steganography (was: newbie question - rc.sysinit)

Chris Riddoch socket at peakpeak.com
Sun Jul 15 18:30:25 MDT 2001 

"D. Stimits" <stimits at idcomm.com> writes:
> I was suggesting that a modified version should not be possible to
> install remotely, if virus and password protection are enabled.

That'd be a good idea, but how should the bios know whether the user
is sitting in front of the computer?  The bios can realistically only
know that it is being changed - Bios manufacturers usually give .EXE
files on their websites, meaning you usually have to have Windows
installed to update the bios, but linux software can do it too.
Someone could just as easily break into a Windows machine and run
bios-updating software.

The bios can't really even "know" that it's being updated - it's just
a spot of flash memory that gets executed, much less make any attempt
to determine the validity of the change.

> But if the bios does not honor this protection, except from the
> normal "hit DEL key during boot" sort of access, then it is a big
> problem.

Well, the idea of this protection is to keep people from rebooting
computers that they're standing in front of and twiddling with the
BIOS settings.  It's not perfect - if you're not in front of the
computer, you replace the bios.  If you are, you open it up and yank
the jumper that resets the bios to its original configuration.

> My question is more like this: If a modern bios has password and
> virus protection engaged, must the o/s also provide password to
> alter these things?

Through what interface?

> Or does the bios only enforce this when entered via the "hit DEL key
> during boot" phase?

That's my understanding, yes.

> It seems logical that a bios should be able to block updates from
> purely software means, but then again, manufacturers often don't
> care about the logic of those situations, only the cost and quick
> shipping.

The convenience of being able to update the bios through software does
seem to overrule the security you'd get from the alternative.  It
would be great if my 486 router could boot off a CD, if it had a
CD-drive, but its bios can't be updated by software and doesn't
support bootable CDs anyay.  Sucks to be my router.

> My direction is towards whether a normal bios can password protect
> against the o/s.

That would be hard to do, considering how it works:

More information about the LUG mailing list