AN515-43 Will the system with UEFI return to Legacy?

1457910

Answers

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter

    I believe them, but as I said, there was a disagreement between two people, which one of them is correct, I ask. @JackE

  • JackE
    JackE ACE Posts: 45,071 Trailblazer

    Neither. Only an embedded hardware detector on the mainboard can do the job with a high degree of confidence. Software can't. And that kind of mainboard isn't available yet.

    Jack E/NJ

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter

    My problem is not related to the build of the motherboard. I'm just asking you this:


    ESET's ADVANCED THREAT PROTECTION (I think it was eLive) to these specified locations (MBR/GPT, boot sector/VBR, BIOS/UEFI firmware, the EFI system partition). Can it access them and detect when there is a threat there? @JackE

  • JackE
    JackE ACE Posts: 45,071 Trailblazer

    >>>Can it access them and detect when there is a threat there?>>>

    Probably not.

    Jack E/NJ

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter

    So how do I make sure it's clean? You said that ESET cannot detect it, that there is a possibility of surviving the BIOS update you said, and you didn't tell me what to do if they infect me. What should I do?

  • batmalin
    batmalin Member Posts: 4,231 Guru
    Please click "Yes" if I have answered your question.
    Userbench: https://www.userbenchmark.com/UserRun/31177158

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter

    Do you have any information? @egydiocoelho

  • JackE
    JackE ACE Posts: 45,071 Trailblazer

    >>>you didn't tell me what to do if they infect me. What should I do?>>>

    Who are "they"?

    If you fear that "they" infected you already, then you should do a FULL HDD FORMAT to erase all infected files on HDD. And also a BIOS FIRMWARE OVERWRITE to erase all infected firmware on BIOS chip. You can find Instructions to do these two simple things earlier in this thread. And you can also do a google search on how to do a full HDD format and a Bios firmware installation.

    Jack E/NJ

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter

    The antivirus already detects the ones on the HDD, but I know there are BIOS viruses that can survive after the BIOS update. Also, I know that this update does not delete boot viruses like mbr viruses. @JackE

  • JackE
    JackE ACE Posts: 45,071 Trailblazer

    Who are "they"?

    BIOS FIRMWARE OVERWRITE is the best practical way to fix corrupted firmware at this time. Next best is a hardware solution. De-solder and replace corrupted BIOS chip on the mainboard with a new pre-programmed BIOS chip. About $20usd.

    Jack E/NJ

  • Read this thread: https://smallbusiness.chron.com/cleanse-virus-bios-79706.html


    Is it possible to infect the bios? Yes, it is possible as I said in the previous topic. But this is very unlikely to happen as you need to have some kind of administrator access on your system. In addition, the uefi firmware has the secureboot feature, which operates before the operating system boots. In my opinion there is nothing wrong with your computer.


    See this answer from another user: https://security.stackexchange.com/questions/206606/can-a-virus-destroy-the-bios-of-a-modern-computer


    Modern computers don't have a BIOS, they have a UEFI. Updating the UEFI firmware from the running operating system is a standard procedure, so any malware which manages to get executed on the operating system with sufficient privileges could attempt to do the same. However, most UEFIs will not accept an update which isn't digitally signed by the manufacturer. That means it should not be possible to overwrite it with arbitrary code.


    This, however, assumes that:


    the mainboard manufacturers manage to keep their private keys secret

    the UEFI doesn't have any unintended security vulnerabilities which allow overwriting it with arbitrary code or can otherwise be exploited to cause damage.

    And those two assumptions do not necessarily hold.


    Regarding leaked keys: if a UEFI signing key were to become known to the general public, then you can assume that there would be quite a lot of media reporting and hysterical patching going on. If you follow some IT news, you would likely see a lot of alarmist "If you have a [brand] mainboard UPDATE YOUR UEFI NOW!!!1111oneone" headlines. But another possibility is signing keys secretly leaked to state actors. So if your work might be interesting for industrial espionage, then this might also be a credible threat for you.


    Regarding bugs: UEFIs gain more and more functionality which has more and more possibilities for hidden bugs. They also lack most of the internal security features you have after you have booted a "real" operating system.

    Oi! Eu não sou sou a cortana! Mas estou aqui para ajudar! Hi! I'm not the cortana! But I'm here to help!
    Se você gostou da minha resposta, marque como solução clicando em sim! If you liked my answer, mark it as a solution by clicking on yes!
    Aceite somente a resposta que ajudou a solucionar o seu problema! Please accept only the response that helped to solve your problem!
    Detection tool click here to find the serial number or partnumber of your model!                                                          
                                                      
                                                     egydiocoelho Trailblazer
     
    ProductKey clique aqui para descobrir o serial do windows! click here to discover the windows serial!
    Para usuários da comunidade inglesa, espanhola, francesa e alemã, usarei o google tradutor! :)
    For users of the English, Spanish, French and German community, I will be using google translator! :) 
  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter

    I remember I didn't say anything like "they"


    I'm asking you how to detect and delete the virus, my BIOS was not corrupt.

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter

    Ok, but there is a possibility, right? Look, I know I'm asking a lot of questions, but I couldn't prevent it because there was a possibility that this part was infected with a virus and I didn't even have access to the computer when that virus was infected, and it bothers me very much not knowing that the place is clean at the moment.


    Now I have two questions for you, I would be glad if you answer


    ESET ADVANCED THREAT PROTECTION Can it access and detect threats in the locations I specify (MBR/GPT, boot sector/VBR, BIOS/UEFI firmware, the EFI system partition)?





    What can viruses infecting these places (MBR/GPT, boot sector/VBR, BIOS/UEFI firmware, the EFI system partition) do to me? @egydiocoelho

  • JackE
    JackE ACE Posts: 45,071 Trailblazer

    >>>you didn't tell me what to do if they infect me. What should I do?>>>

    >>>I didn't say anything like "they">>>

    Who are "they"?

    Jack E/NJ

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter

    (MBR/GPT, boot sector/VBR, BIOS/UEFI firmware, the EFI system partition) Viruses

  • JackE
    JackE ACE Posts: 45,071 Trailblazer

    Give examples.

    Jack E/NJ

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter
  • JackE
    JackE ACE Posts: 45,071 Trailblazer

    Invisible viruses are hard to detect.

    Jack E/NJ

  • YusufAlp007
    YusufAlp007 Member Posts: 140 Troubleshooter