Disabling Bios Flashing on Dell GX280

[audioresearch]

Hello,

Is there a way I can check that the contents of the bios on my Dell Gx280 Small Mini Tower contains the correct firmware, including that a virus hasn't modified it.

If its contents checks out ok, is there a way I can prevent the bios from being flashed by a virus even if I have to do something like lift a particular pin of the chip off the motherboard or ground a pin on the bios or even cut an etch on the motherboard and solder in a toggle switch?? Physically disabling bios flashing would be for the purpose of preventing a bios virus from modifying the contents of my bios.

I'm interested in finding any programs that can read out the contents of my bios and save it for me and that might also let me check that was was just read out matches what is supposed to be in an uncorrupted bios on my GX280.

 

[Leaps-from-Shadows]

To get to your BIOS, a virus would first have to take enough control of your computer to run the BIOS-flashing program. By that time, what's the point of corrupting the BIOS? It's already got control of your machine. Besides, it would have to be tailored specifically for the BIOS in your particular brand and model.

Install a good anti-virus program and keep it updated. That will be your best defense against any kind of virus, including the BIOS-flashing kind.

 

[audioresearch]

My worry is that a virus might go into the bios because it is much harder to get rid of it there compared to just getting rid of it from the hard drive with antivirus software such as Malwarebytes and AVG, etc. I believe those only clean hard drives, not the bios.

It would make sense that people who write viruses would tend to put them in places that are the hardest to clean out such as the bios.

 

[Leaps-from-Shadows]

Contact Dell. Maybe they have some sort of BIOS-reader software that could do what you want. I've never heard of any software like that, nor any way to block BIOS flashing.

No matter whether they have that or not, your best defense against any kind of virus is a good anti-virus program combined with a bit of caution regarding clicking links in E-Mails.

 

[Leaps-from-Shadows]

I don't think that would stop a Windows program from flashing the BIOS.

 

[ttbear1234]

-1000 to Leaps-from-Shadows

all u can say it to have a good anti-virus program bla bla bla.. u know nothing abt IT especially security

1) Hacker can write own packer and create hundreds of different Virus and the AV need some time to update their signature

2) 0days appear almost everyday, no one for you to prevent those new 0day exploits

3) As wat some of you has posted, the hacker use BIOS to be more stealthy, harder to be detect.

As for protecting BIOS, i only know Intel TXT may do that job BUT u must setup ur Intel TXT even before u connect to the Internet to be 99.9% sure it can protect ur BIOS..

 

[wa7bsz]

The BIOS can be flashed somehow by a virus/malware. It happened to one of my computers and the reason I found it was that it hosed networking. It had spontaneously rebooted. I tried another network card, an external USB network card, it didn't work, but after a BIOS reflash, everything was back to normal.

This is the wave of the future, installing rootkits in BIOS. After that you can reinstall on a new hard drive and you are still rooted probably all your keystrokes are recorded and sent to the server. I suspect this is bigger than anyone knows yet. It might have something to do with the persistent virus reported in the remotely piloted vehicles in the news lately.

Yes, find out what your BIOS chip is, and look it up on the manufacturers website, find its write enable pin, desolder that and pull it up to the supply via a pull up resistor (or tie it low if that is the inactive write state). Then malware can't flash the BIOS. Some older computers already have a flash enable jumper on the motherboard (after the Chernobyl virus that flashed BIOSes many years ago). This is what you would be doing, creating a flash enable jumper.

However you have to be good at desoldering because surface mount pins are very small, and lifting surface mount pins is dangerous to the chip itself. This task is best done by circuit board repair people that have experience doing this on surface mount boards, and they usually have binocular microscopes to see what they are doing, not to mention very thin soldering iron tips and solder.

But yes, it can be and should be done.

 

[audioresearch]

The BIOS can be flashed somehow by a virus/malware. It happened to one of my computers and the reason I found it was that it hosed networking. It had spontaneously rebooted. I tried another network card, an external USB network card, it didn't work, but after a BIOS reflash, everything was back to normal.

This is the wave of the future, installing rootkits in BIOS. After that you can reinstall on a new hard drive and you are still rooted probably all your keystrokes are recorded and sent to the server. I suspect this is bigger than anyone knows yet. It might have something to do with the persistent virus reported in the remotely piloted vehicles in the news lately.

Yes, find out what your BIOS chip is, and look it up on the manufacturers website, find its write enable pin, desolder that and pull it up to the supply via a pull up resistor (or tie it low if that is the inactive write state). Then malware can't flash the BIOS. Some older computers already have a flash enable jumper on the motherboard (after the Chernobyl virus that flashed BIOSes many years ago). This is what you would be doing, creating a flash enable jumper.

However you have to be good at desoldering because surface mount pins are very small, and lifting surface mount pins is dangerous to the chip itself. This task is best done by circuit board repair people that have experience doing this on surface mount boards, and they usually have binocular microscopes to see what they are doing, not to mention very thin soldering iron tips and solder.

But yes, it can be and should be done.

Good, someone who realizes the significance of the threat! My machine is a Dell & I saw no printing on any chips that would id my bios as made by some particular manufacturer-so

I'm guessing the chip is a Dell chip or at least made for Dell. I will ask Dell for info-have no idea if they will give it out. Fortunately, I do know someone who actually builds surface mount circuit boards loaded with chips and he can lift the pin. If I can get the info I need from Dell, I'll have my friend put in a toggle switch, pull-up resistor, etc. so I can have my own personal bios write-enable switch.

If anyone reading this in the future happens to have that info, please post it just in case I cannot get it from Dell and also so that others can see it.

Thanks!!!