Windows 8 bootkit doesn't really defeat 'secure boot'

Stoned bootkit Lite uses old BIOS firmware that Microsoft has dumped UEFI on Windows 8

Reports of a newly developed bootkit for Windows 8 is tempting, given the many positive and negative attention from the U.S. "Safe Boot" function has accumulated. It appears that the malware to be unveiled this month MalCon really exploit vulnerabilities in older PC legacy boot procedures that will miss the new machines loaded with Windows 8

Developed by security expert Peter Kleissner they bootkit - Stoned nickname Lite - affects Windows 8 and Windows Server 2008 and works the same way Stoned bootkit its maker, which affects Windows 2000 through Windows 7 It attaches to the master boot record of the hard disk of the target PC drive and bypass Windows UAC (User Account Control) so that the reading before Windows starts. The boat kits payload uses the command-line privilege escalation process right to elevate cmd.exe System Kleissner told Softpedia. It also stains OS password validation function that allows an attacker to login to a local user with a password.

The small footprint bootkit 14KB would be a good candidate to infect machines via a CD or a USB device. But both rocky and Stoned Lite only works on PCs BIOS ROM firmware to use when booting. Microsoft Windows 8 in September that requires its host machine for UEFI Protocol in the name of safe boot. UEFI provides a secure boot protocol that requires the OS to provide a digital key to load the machine. UEFI can block the operation of programs or drivers, unless it is signed by this key, a step that malware to infect machines be prevented by changing the boot-loading process.

What that means is when PCs loaded with Windows 8 on the market, they will not susecptible this bootkit that UEFI is a requirement. Only users who find a way to install Windows 8 on older machines and abandon UEFI will have cause for concern.

Kleissner himself has admitted that not Stoned Lite UEFI, but rather aims legacy BIOS. "The problem with the legacy boot MBR is that no one, so check the vulnerable point with UEFI and safe boat, the boat all programs and drivers must be signed. Otherwise they are not loaded," he told Softpedia.

It would mean that currently new approach by Microsoft to protect Windows at startup is actually effective against this type bootkit as long as machines are, indeed, UEFI run. The development is not likely to rest controversy as to whether Windows 8 will ship's safe to prevent users from launching a non-Windows OS such as Linux on their machines.

Kleissner plans to release Stoned Lite MalCon in India on 25 November, together with a paper titled "The Art of Bootkit development" that speaks to both develop and defend against the boat kits.



0 comments:

Copyright © 2012 Fast Technology.