It May Be Time To Start Using Secure Boot « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » Technical notes

It May Be Time To Start Using Secure Boot

(3 posts) (2 voices)

Started 6 years ago by mikiem2
Latest reply from mikiem2

mikiem2
Moderator

One of the big goals of malware design is persistence -- the ability to hide undetected and resist all attempts at removal. Or put another way, making sure that once a device is infected, it stays that way. One of the best ways to achieve that is with a so-called root kit, which loads portions of malware before the operating system [OS], thus altering the way the OS behaves or performs. An early example was telling Windows not to recognize specific malware files, so as far as Windows was concerned, those files did not exist.

It's been possible for a while now to infect the bios, but only very recently has malware been found using this technique. Worse, it's been tied to the same Russian group that's previously caused havoc with destructive malware that spread [intentionally or not] far beyond the intended target. [While most malware is used to steal something, destructive malware wants to damage stuff, e.g. wiping disks.]

The Bios holds the firmware that makes things happen when you turn on a device -- it literally transforms a collection of electronic components into something like a working PC. Most somewhat recent PCs, laptops etc. use UEFI bios, meaning that the bios itself runs a minimal version of Linux or similar OS. And like any OS, it can be reprogrammed, infected with malware, which from a cybercriminal's perspective is a sort of Holy Grail -- infect the bios and the drives and OS become irrelevant... Replace them, reinstall them, nothing really matters. Once that happens, the only cure is to wipe the bios, and write a known good copy to it. One problem is that that's a bit risky -- anything goes wrong [stuff happens] and the device is often toast. Another problem is getting your hands on that known good copy of the bios code.

Secure boot, when it's available as an option in the bios, looks for signatures in the code that's run when you turn on [boot] a device. And it's often off by default, e.g. my wife's Lenovo 2-in1 came that way new. Whether or not it'll protect from every exploit is unknown, but it will protect against the exploit that's now being used because that exploit uses unsigned code.

Getting into the bios settings, and changing secure boot settings [e.g. turning it on] vary by manufacturer & model, so check the documentation from the manufacturer and follow their directions.

Posted 6 years ago #
Nass
Member

I'm using Windows 8.1 on an HP laptop. This worked for me but I don't know how helpful this is to anyone else.

If I mouseover the bottom-right corner of my screen, a section comes on to the right of my screen. The top icon is a magnifying glass marked Search. I tap that and type MSINFO32 into the box. This gives me an icon for msinfo32.exe. When I tap that, it opens a system summary page. I'm sure there are easier ways to do this. I actually pushed start:run:msinfo32 which took me to the same place but I don't know if every 8.1 has a start menu.

About halfway down the page, there's an entry called Secure Boot State. If it's marked ON, then you don't have to worry about how to turn it on :)

I hope this helps.

Posted 6 years ago #
mikiem2
Moderator

Good catch with Msinfo -- it's been quite a while since I've run it, and didn't know it showed secure boot status.

It's still around in the latest version of win10 [1809] -- I found the [updated in 2018] page on microsoft.com describing msinfo kind of amusing: "Windows 98 includes a tool called Microsoft System Information (Msinfo32.exe)." Guess they didn't update the page all that much.

support[.]microsoft[.]com/en-us/help/184075/description-of-microsoft-system-information-msinfo32-exe-tool

As far as how to run msinfo goes, How-To Geek reports that Windows 7 & 10 users can type "System Information" into the search box, but for some reason that won't work in win8. Or you can search for msinfo32 in all 3 Windows versions, or just type it into the Run box. And in win10 1809 [and probably earlier versions] you can find "System Information" in the start menu under Windows Administrative Tools.

Posted 6 years ago #

RSS feed for this topic

Reply

You must log in to post.