Daniel Pittman <daniel@rimspace.net> wrote:

There was recently announced a root-kit that would infest Award BIOS implementations: http://www.symantec.com/security_response/writeup.jsp?docid=2011-090609-4557...

So, fairly high risk for the next little while, until vendors do something to harden against firmware updates?

Short of disallowing them at all, or requiring signed firmware, it isn't clear what could be done. Obviously, the attacker needs a local root exploit (or whatever the Microsoft equivalent is) in order to modify the firmware, but I agree that having a root kit in the firmware would be a very bad position to occupy.

So, the biggest advantage is that it does work against all those attacks that compromise the kernel and/or drivers to get into the kernel after a restart. Which, indeed, is where many of the "root kit" tools hit, on Windows.

That's interesting... and the proposed solution just happens to be the one which also has potential to disadvantage competitors...