Jump to content

Can ESET Smart Security Premium Access the BIOS Chip?


just

Recommended Posts

Hello

 

 

He said somewhere that antiviruses cannot find it because the BIOS is located on the chip on the motherboard. Is this true? Can ESET BIOS detect viruses?

Link to comment
Share on other sites

The above said, UEFI based motherboards do have some chip based firmware components to them. Here's an example of malware that abuses those:

Quote

However, a sinister development has been spotted over the New Year with a new UEFI malware, detected by Kasperksy's firmware scanner logs, that implants malicious code into the motherboard's Serial Peripheral Interface (SPI) Flash. The security researchers have dubbed this flash-resident UEFI malware 'MoonBounce'.

MoonBounce isn't the first UEFI malware discovered in the wild that targets SPI flash. Kaspersky says that the likes of LoJax and MosaicRegressor came before it. However, MoonBounce shows "significant advancement, with a more complicated attack flow and greater technical sophistication." It also seems to have infected a machine remotely.

https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/

Since Eset can detect Lojax, it is assumed the same goes for Moonbounce. Removal of it is an entirely different issue.

Edited by itman
Link to comment
Share on other sites

13 hours ago, Marcos said:

ESET can scan UEFI which replaced BIOS in modern systems.

How do I know it's a modern system? My motherboard is PK brand @Marcos

Link to comment
Share on other sites

10 hours ago, itman said:

This article explains the difference between BIOS and UEFI based PC's: https://www.freecodecamp.org/news/uefi-vs-bios/ .

The main difference is BIOS settings are stored in chip based firmware whereas UEFI settings are stored in a file.

Then it can't scan BIOS but can scan UEFI? @itman

Link to comment
Share on other sites

  • Administrators
1 hour ago, Yusuf Alp said:

How do I know it's a modern system? My motherboard is PK brand @Marcos

I assume you have UEFI unless you have an ancient machine. According to https://en.wikipedia.org/wiki/UEFI:

Version 2.1 of the UEFI specification was released on 7 January 2007

Link to comment
Share on other sites

3 hours ago, Yusuf Alp said:

How do I know it's a modern system? My motherboard is PK brand @Marcos

Windows system information will show the manufacturer and model number of your motherboard. Go to the manufacturer's web site for further details on motherboard specifics.

There is a BIOS Mode section in system info. display. This setting will contain the word "UEFI" if the motherboard has been set to boot to UEFI mode.

Eset_System_Info.thumb.png.64e1ebfbd654f6c30ebe6ffcd86032b2.png

 

Link to comment
Share on other sites

2 minutes ago, itman said:

Windows system information will show the manufacturer and model number of your motherboard. Go to the manufacturer's web site for further details on motherboard specifics.

There is a BIOS Mode section in system info. display. This setting will contain the word "UEFI" if the motherboard has been set to boot to UEFI mode.

Eset_System_Info.thumb.png.64e1ebfbd654f6c30ebe6ffcd86032b2.png

 

Somewhere in the boot part of the BIOS window was written UEFI. Is it him? @itman

Link to comment
Share on other sites

2 minutes ago, Yusuf Alp said:

Somewhere in the boot part of the BIOS window was written UEFI. Is it him? @itman

Most likely it is. The setting in the BIOS is usually in a section titlled, "Boot mode selection."

Link to comment
Share on other sites

6 minutes ago, itman said:

Most likely it is. The setting in the BIOS is usually in a section titlled, "Boot mode selection."

What does likely mean? Isn't this UEFI setting an answer to that?

 

 

Also, the Acer logo appears on my computer. As far as I know, Windows logo appears on UEFIs. Can this tell me I don't have UEFI on my system?

 

 

Also, since BIOS viruses can access the entire BIOS, if this UEFI setting is done by something else, won't it be prevented from scanning that UEFI and therefore not be able to operate without being found by ESET? @itman

Link to comment
Share on other sites

  • Most Valued Members

You can just to the BIOS/UEFI settings and from there you can decide if it's UEFI/BIOS , because it would be written somewhere in the settings.

Since you've made multiple topics about threats of UEFI/BIOS, if ESET isn't detecting anything most likely there is nothing there , because those rootkits usually target high-value targets , like governments and stuff like this

You can enable Secure Boot , which prevents other stuff from loading on startup like a rootkit/malware in BIOS/UEFI if it's available
 

Quote

 

What is Secure Boot?

Secure Boot is a feature of your PC's UEFI that only allows approved operating systems to boot up. It's a security tool that prevents malware from taking over your PC at boot time.

 

If you are really sure and paranoid about that UEFI/BIOS chip that it's infected , just throw the motherboard from the Window , it's the most secure option :D

Or flash the UEFI/BIOS from Motherboard's model page from manufacturer website , and after that your UEFI/BIOS is clean , since you flashed it from official manufacturer website

If there was something in there , it shouldn't be able to survive the flash.

Edited by Nightowl
Link to comment
Share on other sites

As far as I know, secure boot doesn't work either, as the BIOS virus has already infected the BIOS. So that's how I heard it.

 

 

 

 

Yes, I'm a little paranoid, it's not out of my hands on these matters. Just:

 

 

 

Since viruses BIOS can access the whole BIOS, if this UEFI setting is done by something else, it will not be prevented from scanning that UEFI and therefore cannot perform operations without being found by ESET?

 

 

And

 

 

 

Apart from Eset scanning, can advanced threat protection also access UEFI?

 

 

 

Are there any viruses other than boot and other BIOS viruses that can infect here?

 

And finally

 

 

Is this BIOS and Boot and viruses infecting another BIOS chip all used for situations like stealing data?

 

 

 

If I get answers to these questions, the event will be closed anyway. However, I have searched many sites for months and have not gotten an answer. @Nightowl

Link to comment
Share on other sites

  • Most Valued Members

It's the only answer you can get , AVs cannot modify inside the BIOS/UEFI , they are limited or it's their choice not to touch since it can damage the whole computer if a mistake is done

Flashing a BIOS/UEFI firmware again will get rid of what trouble it had before, sometimes it can introduce bug-fixes

AVs can only detect the threats but won't remove it for you

You have to flash a firmware to get it removed

And don't worry about Paranoid , I understand your feeling when you think that your pc is infected somewhere it's a bad feeling , I know it , getting rid of the motherboard will get you a feeling that you no longer attached to the same firmware

but flashing is also good and can work

Link to comment
Share on other sites

Thank you. For the first time in a long time, someone said to me on this subject that I understand you.

 

 

Ok it can't remove it, but can advanced threat protection find malware in the BIOS? @Nightowl

Link to comment
Share on other sites

17 minutes ago, Yusuf Alp said:

Also, the Acer logo appears on my computer.

Acer is the PC manufacturer.

Again, look for a setting in the BIOS options titled, Boot mode selection. If the setting doesn't exist, then your motherboard is using a BIOS versus UEFI.

Link to comment
Share on other sites

4 minutes ago, itman said:

Acer is the PC manufacturer.

Again, look for a setting in the BIOS options titled, Boot mode selection. If the setting doesn't exist, then your motherboard is using a BIOS versus UEFI.

Isn't that the boot menu anyway? I will try to describe the menu:

 

There is a place that says boot in the menu names at the top, you can choose what to start with. I think there is a place where it says UEFI at the top and there are (I think) secure boot modes under it. this is the menu

 

 

 

Seeing the Acer logo on startup doesn't tell me I don't have UEFI on my system, does it? As I said, I know that the Windows logo appears at the start of computers with UEFI.

 

Also:

Since viruses BIOS can access the whole BIOS, if this UEFI setting is done by something else, it will not be prevented from scanning that UEFI and therefore cannot perform operations without being found by ESET? @itman

Link to comment
Share on other sites

You are indeed being paranoid over the issue of UEFI based malware.

To begin, the instances of this type of malware are extremely rare. Next, the targets for this type of malware are high valued ones; government entities, large corporations, etc.. The chances of an individual user encountered such malware are next to nill.

Link to comment
Share on other sites

  • Most Valued Members
16 hours ago, Yusuf Alp said:

Ok, but there is a possibility, and I know that boot viruses can infect normal users as well. @itman

Just flash it.

If the AV is not detecting it your probably be okay but if your unsure flash it. There's nothing anyone else can really add anymore

 

 

 

 

Link to comment
Share on other sites

Ok, I know you have nothing to add, but I'm just asking two questions:

 

 

- ESET can scan for UEFI, but can ESET's advanced threat protection also access UEFI?

 

 

 

-Since BIOS viruses can access the whole BIOS, if this UEFI setting is done by something else, it will not be prevented from scanning that UEFI and therefore cannot perform operations without being found by ESET? Is it possible?

If I get an answer to this already, I will not prolong it. Maybe I'll ask a few more questions, but I won't prolong it. @peteyt

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Yusuf Alp said:

Ok, I know you have nothing to add, but I'm just asking two questions:

 

 

- ESET can scan for UEFI, but can ESET's advanced threat protection also access UEFI?

 

 

 

-Since BIOS viruses can access the whole BIOS, if this UEFI setting is done by something else, it will not be prevented from scanning that UEFI and therefore cannot perform operations without being found by ESET? Is it possible?

If I get an answer to this already, I will not prolong it. Maybe I'll ask a few more questions, but I won't prolong it. @peteyt

You are probably good my friend , if ESET is not detecting anything , probably there is nothing.

If you are still unsure of ESET , you can have a second opinion scanner for example like Kaspersky which can also scan UEFI and compare the results , still you don't trust both of them , just flash the firmware and then you are good to go like you bought this motherboard new, still you don't trust the firmware flash , open your window , make sure no one is downstairs , and throw the motherboard like a Catapult ;)

But short answer to you , all AntiViruses can only show you that there is threat there but cannot remove it for you , you have to flash a firmware or get rid of the motherboard.

But to end your paranoia , most likely you have nothing there , and those rootkits are made specially to spy on high-value targets like Governments , Hospitals , Politicians , high-tech companies , corporations

No one will spend long days to make a stealthy rootkit , to infect a person like me , where you only can find games and personal stuff on PC which isn't valuable for the attacker , even if the attacker wants to blackmail me for them , it's pointless , he can take them and have fun and also post it worldwide , it doesn't hurt me

It hurts people who have sensitive information like big companies or governments or hospitals who cannot share info about their patients, etc...

But a rootkit is very good for a Government that is spying on another Government for an example , that way the rootkit is so helpful for A government , to take information from B government while staying stealthy , we had several examples of governments doing so with different ways not only Rootkits.

I doubt there is someone after you that is so much good with malware development and decided to infect you with some Rootkit , or it can be possible you went somewhere wrong and infected yourself with a rootkit

But rest your mind , if ESET is not showing you anything wrong or weird , then you are probably good , but still like I said before you can still change the motherboard or flash a firmware again , then you can be sure that there is nothing wrong inside it

 

Link to comment
Share on other sites

Hello.

 

Understood thanks

 

1. What did you mean when you said you were suspicious of someone trying to infect you with malware?

 

 

2. I have already updated the BIOS. However, most people may not be deleted, he said.

 

 

 And I only have these 3 questions, really I will not ask anything else after these 3 questions:

 

- Does Eset's advanced threat protection access the BIOS?

 

 

- Does it detect mbr-UEFİ -bootkit and boot viruses as well as Eset BIOS viruses?

 

- Since BIOS viruses can access the whole BIOS, if this UEFI setting is done by something else, it will not be prevented from scanning that UEFI and therefore cannot perform operations without being found by ESET?

 

I know I'm clean too, but I seriously feel like I need to make sure of that for some reason. @Nightowl

Edited by Yusuf Alp
Link to comment
Share on other sites

  • Most Valued Members
7 hours ago, Yusuf Alp said:

Hello.

 

Understood thanks

 

1. What did you mean when you said you were suspicious of someone trying to infect you with malware?

 

 

2. I have already updated the BIOS. However, most people may not be deleted, he said.

 

 

 And I only have these 3 questions, really I will not ask anything else after these 3 questions:

 

- Does Eset's advanced threat protection access the BIOS?

 

 

- Does it detect mbr-UEFİ -bootkit and boot viruses as well as Eset BIOS viruses?

 

- Since BIOS viruses can access the whole BIOS, if this UEFI setting is done by something else, it will not be prevented from scanning that UEFI and therefore cannot perform operations without being found by ESET?

 

I know I'm clean too, but I seriously feel like I need to make sure of that for some reason. @Nightowl

You keep asking the same questions after we have answered.

The simple thing is any kind of malware, eset should be able to detect. The only thing it may not detect is stuff that is new e.g. zero day vulnerabilities that have not been found yet. 

The only problem is bios, UEFI etc. malware, AVs can only detect but they cannot remove - you will need to flash it. However these are generally targeted at high targets. Like Nightowl said government may want to steal state secrets from another government but there's no real point in trying to infect someone like us because there'd be no point.

Either accept you are not infected or flash it - there's no more answers anyone can give you.

Link to comment
Share on other sites

Ok but ask only if ESET advanced threat protection can also find boot viruses and BIOS viruses. I'm only asking this, it's not about continuing to ask the same questions because no one answered this and although I've been asking this for two days, instead of saying yes if yes no, you are telling other things instead of saying yes, I just want the answer to two questions from you, if you want to answer, you can give an answer, if you don't, you may not answer.

 

 

 

1. Can ESET's advanced threat protection also detect boot and BIOS viruses?

 

 

 

2. Since BIOS viruses can access the whole BIOS, if this UEFI setting is done by something else, it will not be prevented from scanning that UEFI and therefore cannot perform operations without being found by ESET?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...