walker@aedc-vax.af.mil (William Walker C60223 x4570) (05/21/91)
Here's something that should make the anti-virus community cringe. Intel has announced a chip which would allow users to upgrade their BIOS using a floppy disk. The term I saw was "erasable programmable read-only memory (EPROM)," but more likely the actual technology in the chip is EEPROM (electrically erasable programmable ROM) or EAROM (electrically alterable ROM). But the technology is beside the point. Up until now, the only trusted portion of the computer has been the ROM BIOS, while the partition table, boot sectors, DOS, and program files have been prone to virus attack (or merely unintentional changes). Software-upgradable BIOS would change that, making even the most trusted part of the computer "subject to change without notice." It does make sense to simplify the BIOS field upgrade, but to do it using something as transient as software in this day and age probably would not be wise. More logical would be a small cartridge, not unlike an HP font cartridge, which can be changed without having to open the case. Sure, it would be more expensive up front, but compared to the possibility of a "BIOS resident" virus, it would be much less expensive overall. The same type of thing could be used for a ROM-based DOS cartridge, which could have a switch that selects booting from cartridge or disk, much as Krishna E. Bera suggests. I feel that the prominent anti-virus researchers (and some of us others) ought to collectively rise up and protest the software- upgradable BIOS before it gets any acceptance. Bill Walker ( WALKER@AEDC-VAX.AF.MIL ) | OAO Corporation | Arnold Engineering Development Center | "I'd like to solve the puzzle, Pat" M.S. 120 | Arnold Air Force Base, TN 37389-9998 |
padgett%tccslr.dnet@mmc.com (Padgett Peterson) (05/23/91)
>From: "William Walker C60223 x4570" <walker@aedc-vax.af.mil> >I feel that the prominent anti-virus researchers (and some of us >others) ought to collectively rise up and protest the software- >upgradable BIOS before it gets any acceptance. As one who a few careers ago made a living designing digital control systems ("flew" some digitally controlled gas-turbine engines with 8080s at Tullahoma in the seventies - Hi Bill), there does not have to be a problem if the hardware designers do their job. A EEPROM requires a special signal on one lead to tell it to write. If that lead is under hardware control and accessable only with the case open and a special plug in place that disables everything except a "load & verify BIOS" program, risk can be minimal. The point is not to "protest" the concept, it sounds like a good idea, but demand adequate safeguards (dare I say "standards") for its use.
decomyn@phoenix.css.tek.com (05/24/91)
walker@aedc-vax.af.mil (William Walker C60223 x4570) writes: >Here's something that should make the anti-virus community cringe. >Intel has announced a chip which would allow users to upgrade their >BIOS using a floppy disk. The term I saw was "erasable programmable >read-only memory (EPROM)," but more likely the actual technology in >the chip is EEPROM (electrically erasable programmable ROM) or EAROM >(electrically alterable ROM). Intel is planning on using Flash EEPROM technology, but, as I understand it, with a twist -- The user will have to explicitly activate the reprogramming function by pressing a button, flipping a switch, or some similar physical function. Fortunately, since no forseeable virus technology will allow the little beasties to reach out and press a button, I don't believe there is that much to worry about in this technique. (I hope :-) >Bill Walker ( WALKER@AEDC-VAX.AF.MIL ) | >OAO Corporation | >Arnold Engineering Development Center | "I'd like to solve the puzzle, Pat" >M.S. 120 | >Arnold Air Force Base, TN 37389-9998 | Brendt Hess a.k.a. | Disclaimer: Opinions? I don't even work here! Vergil William de Comyn a.k.a. |----------------------------------------------- Payne Hirds | Life is not a zero-sum game: decomyn@phoenix.css.tek.com | don't treat it as such.
PLUIMERS@rulcri.leidenuniv.nl (Jeroen. W. Pluimers) (05/25/91)
>Intel has announced a chip which would allow users to upgrade their >BIOS using a floppy disk. The term I saw was "erasable programmable >read-only memory (EPROM)," but more likely the actual technology >in the chip is EEPROM (electrically erasable programmable ROM) or >EAROM (electrically alterable ROM). >From what I understand this is quite common, most ROM BIOS manufacturers use EEPROMS which can be repogrammed when you have: a) the new EEPROM image (on disk or as an (EEP)ROM) b) and EEPROM programming device that can program that kind of EEPROM c) a very strong UV lamp to erase a programmed EEPROM At first sight I wouldn't be too much afraid from what Intel says now. It would be a whole other story if PC's became able to deliver the programming voltages and some way of eraseing pieces of an EEPROM. That way, virusses might possibly alter the BIOS in such a way a virus would be effective from before the POST and protect itself in a very nasty way. Cheers, Jeroen W. Pluimers P.S.O. snail: P.O. Box 266 2170 AG Sassenheim The Netherlands phone: +31-2522-11809 18:00-21:00 UTC fidonet: 2:281/521 2:281/515.3 bitnet: FTHSMULD@HLERUL52.BITNET PLUIMERS@HLERUL5.BITNET internet: fthsmuld@rulgl.LeidenUniv.nl pluimers@rulcri.LeidenUniv.nl
walker@aedc-vax.af.mil (William Walker C60223 x4570) (05/29/91)
Vergil William de Comyn ( decomyn@phoenix.css.tek.com ) writes: > Intel is planning on using Flash EEPROM technology, but, as I > understand it, with a twist -- The user will have to explicitly > activate the reprogramming function by pressing a button, flipping a > switch, or some similar physical function. It's good to know that they are tying the BIOS upgrade to hardware in some way. One interesting feature of this would be that knowledgeable users could make BIOS patches rather simply; and it would make bug fixes easier. One drawback would be that pirating of the upgrades would be easier, which may end up making the upgrades more expensive. I still think there's too much inherent risk in it (my opinion), and would prefer a ROM BIOS (also my opinion). Also, I find fault in the logic behind one of the reasons for making an upgradable BIOS: "to get the full benefit of a CPU upgrade" (no, I don't find fault with the benefit itself -- read on). This is in reference to the newer machines which have a replacable CPU on a little card. Glenn Henry, Dell's VP for marketing, says, "You can run your old 386 BIOS with a 486 upgrade card, but you'll pay a performance penalty unless you install a fully coded 486 BIOS." If you're gonna have the case open to replace the CPU, how much trouble would it be to replace the ROMs while you're at it? For that matter, why not design the replacable-CPU system so that the BIOS is on the replacable card, to automatically upgrade the BIOS too? Cost shouldn't be a factor, since compared to the cost of the machine and the CPU upgrade itself, a ROM BIOS upgrade would be inexpensive. One last thing before I shut up. I wrote: > > The term I saw was "erasable programmable > > read-only memory (EPROM)," but more likely the actual technology > > in the chip is EEPROM (electrically erasable programmable ROM) or > > EAROM (electrically alterable ROM). and Jeroen. W. Pluimers <PLUIMERS@rulcri.leidenuniv.nl> wrote: > From what I understand this is quite common, most ROM BIOS > manufacturers use EEPROMS which can be repogrammed when you have: > a) the new EEPROM image (on disk or as an (EEP)ROM) > b) and EEPROM programming device that can program that kind of EEPROM > c) a very strong UV lamp to erase a programmed EEPROM EPROMs are erased by UV light and are programmed from disk or ROM with a programming device. EEPROMs ( ELECTRICALLY erasable programmable ROMs ) are not UV-erasable, and a programming device is not used to program them (normally). They are erased by a signal on one of the leads, and are reprogrammed in place in the circuit. EAROMs operate similarly. That's the whole idea behind Intel's plan -- to reprogram them in place in the PC from software, to save having to remove and replace them. Anyway, I've said probably more than my share on this, so I'll hush ("...and there was much rejoicing." -- Monty Python) Bill Walker ( WALKER@AEDC-VAX.AF.MIL ) | OAO Corporation | Arnold Engineering Development Center | AEDC -- Home of the "Chicken Gun" M.S. 120 | Arnold Air Force Base, TN 37389-9998 |
U5434122@ucsvc.ucs.unimelb.edu.au (05/30/91)
walker@aedc-vax.af.mil (William Walker C60223 x4570) writes: > Here's something that should make the anti-virus community cringe. > Intel has announced a chip which would allow users to upgrade their > BIOS using a floppy disk. The term I saw was "erasable programmable > read-only memory (EPROM)," > [bits deleted] > It does make sense to simplify the BIOS field upgrade, but to do it > using something as transient as software in this day and age probably > would not be wise. More logical would be a small cartridge, not > unlike an HP font cartridge, which can be changed without having to > open the case. Sure, it would be more expensive up front, but > compared to the possibility of a "BIOS resident" virus, it would be > much less expensive overall. The same type of thing could be used for > a ROM-based DOS cartridge, which could have a switch that selects > booting from cartridge or disk, much as Krishna E. Bera suggests. I have to agree that software changeable BIOS is a scarey thought, but an alternative to the 'catridge' idea would be the imposition of a hardware switch which permits BIOS writing. The update program could request the user to 'Press the button marked BIOS and hold it down until the update is finished.' Probably not as reliable as the 'BIOS cartridge', but still, it is a thought. Danny
ingoldsb%ctycal@cpsc.ucalgary.ca (Terry Ingoldsby) (06/07/91)
padgett%tccslr.dnet@mmc.com (Padgett Peterson) writes: > >From: "William Walker C60223 x4570" <walker@aedc-vax.af.mil> ... > >I feel that the prominent anti-virus researchers (and some of uss > >others) ought to collectively rise up and protest the software- > >upgradable BIOS before it gets any acceptance. ... > Tullahoma in the seventies - Hi Bill), there does not have to be a problem > if the hardware designers do their job. A EEPROM requires a special signal > on one lead to tell it to write. If that lead is under hardware control and > accessable only with the case open and a special plug in place that disables > everything except a "load & verify BIOS" program, risk can be minimal. It is not even necessary to place it under hardware control, rather if the hardware incorporates an interlock that requires a special, possibly unique, code, then the viruses could bash at it forever (almost) without success. For example if each machine thus manufactured were assigned a unique value in EPROM (which could not be read by the CPU), say of length 64 bits, then the user could be queried, by the software upgrade program, to enter the key. If the key matched, the EAROM would be modified, otherwise nothing would happen. Note that if my quick calculations are correct, at a rate of 1 million tries per second it takes about 1800 years to try all the combinations. Surely after a year or so even the most patient of users would realize that something was wrong. The number could even be printed on the back of the machine, in case the user should forget. - Terry - -- Terry Ingoldsby ingoldsb%ctycal@cpsc.ucalgary.ca Land Information Services or The City of Calgary ...{alberta,ubc-cs,utai}!calgary!ctycal!ingoldsb
rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) (06/22/91)
ingoldsb%ctycal@cpsc.ucalgary.ca (Terry Ingoldsby) writes: > It is not even necessary to place it under hardware control, rather if > the hardware incorporates an interlock that requires a special, > possibly unique, code, then the viruses could bash at it forever > (almost) without success. > > For example if each machine thus manufactured were assigned a unique > value in EPROM (which could not be read by the CPU), say of length 64 > bits, then the user could be queried, by the software upgrade program, > to enter the key. If the key matched, the EAROM would be modified, > otherwise nothing would happen. this is a nice though in theory, but in practical terms, would be a logistical nightmare for sites which have a large number of PCs or that swap components. This would require that detailed records be kept each PC and each time a motherboard is swapped or the BIOS is replaced rather than updated.In all likelyhood, two things would happen 1) The 'key' would be written on the PC which would give you the same protection as hardware control. 2) Someone would loose their key and the BIOS chips would have to be replaced. Another approach is to use a lock mechanism with a key to update the BIOS. For the single user or sites which do not require central configuration management, the key could stay in the PC [as it does not in most cases.] For sites which do use central configuration management, the key would be kept away from the PC to prevent BIOS upgrades except under controlled circumstances I do think that upgradeable BIOS under these circumstances is a good idea. This is a concept which has been very successful in the larger systems for quite a long time as would work well with necessary controls. It would certainly be much easier to load the BIOS from floppy for 1,000 PC's than to replace the BIOS PROMS. - -- Richard H. Miller Email: rick@bcm.tmc.edu Asst. Dir. for Technical Support Voice: (713)798-3532 Baylor College of Medicine US Mail: One Baylor Plaza, 302H Houston, Texas 77030