AZX@NIHCU.BITNET (09/05/90)
The newest generation of motherboards now being designed for PCs will be using EEPROM or other reprogrammable devices for the BIOS. The goal is to allow BIOS upgrades using floppy disks or even by telephone. Has anyone considered the potential virus-related risks associated with this move? Andrew R. Mitz Motto: You ain't late 'til you get there.
CC65SRAD%MIAMIU.BITNET@OHSTVMA.IRCC.OHIO-STATE.EDU (09/12/90)
While I am sure more and more systems will be connected via phone lines, the telephone will always be too expensive a quirky to trust upgrading PC software to. As for the floppy upgrades, since all the upgrade disks would be produced by the manufacturer, quality control of viruses should be possible. Any problem would have to be an inside job. Also, I am sure that some security measures would be built in to the BIOS itself, since it would be possible for someone to load the wrong BIOS disk into a machine and erase the existing BIOS, replacing it with an incompatible BIOS. Also, AMI would hate for people to be switching to Phoenix via a floppy. These security measures, while probably not extremely complex, would make a viruses code so large that it could not be inconspicuous (in my opinion...I am NOT an expert by any stretch of the imagination) and would be caught quickly. It is an interesting idea...especially with machines like the Tandy (also makes Panasonic, DEC pc's, GRID) and others placing DOS and other usually attackable programs in EEPROMs. - -Chris
gary@uunet.UU.NET (Gary Heston) (09/17/90)
I might point out that all systems using shadow ram can effectively
update their BIOS upon boot-up, by simply overwriting the shadowed
code. If the shadow areas are not write protected, any virus could
infect them. The images on disc would be subject to corruption,
although possibly not infection (being a BIOS image, it'd probably not
have a .COM or .EXE extention, so a virus probably wouldn't recognize
it as infectable). EEPROM might be a little safer, but not much.
- --
Gary Heston { uunet!sci34hub!gary } System Mismanager
SCI Technology, Inc. OEM Products Department (i.e., computers)
"The esteemed gentlebeing says I called him a liar. It's true, and I
regret that." Retief, in "Retiefs' Ransom" by Keith Laumer.