Official GIGABYTE Forum

AWARD BIOS VIRUS - how to LOCK bios writing

AWARD BIOS VIRUS - how to LOCK bios writing
« on: September 17, 2011, 12:32:13 pm »
I was recently alerted by this article http://www.symantec.com/connect/blogs/bios-threat-showing-again
of some nasty new viruses that can insert themselves into a bios

I have a  Gigabyte 990FX UD5 , great board good over clocker one problem the bios can be easily written to straight from windows, there is
no bios write protect jumper on the motherboard or any obvious way to write protect the bios.

Does gigabyte have any plans to put some code in the bios to give an option to write protect it or only allow flashing from within the bios? this is a major design flaw and I would be alot happier if any piece of malware could not insert code into my bios from windows.  As dual bios looks for a checksum error it would be not detect any problem unless the bios is actually corrupted.
« Last Edit: September 17, 2011, 01:19:58 pm by bcmalloy »

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: AWARD BIOS VIRUS - how to LOCK bios writing
« Reply #1 on: September 17, 2011, 02:15:50 pm »
You already have the password protect option to stop unauthorised change of the BIOS data that can be set in the BIOS and there is the No-Execute Memory Protect that can stop certain BIOS virus actions.
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy

Re: AWARD BIOS VIRUS - how to LOCK bios writing
« Reply #2 on: September 17, 2011, 02:20:09 pm »
You already have the password protect option to stop unauthorised change of the BIOS data that can be set in the BIOS and there is the No-Execute Memory Protect that can stop certain BIOS virus actions.

I tested that even with a password set I could easily overwrite the bios in windows with @bios, it does not  prompt for a password, just happily overwrites  the bios. If there is a way to prevent this I would love to hear it.

These new viruses dump your bios edit it then write the edited version back, because of this bios updating outside the bios (from windows) needs to be disabled, I have the equipment to lift the bios write pin and put in a switch but a software solution like a simple bios option that would not void my warranty would be a nice piece of mind on my brand new $200 board.


The problem is also outlined here http://www.jupiterbroadcasting.com/12136/ultimate-home-router-techsnap-23/   by some IT experts
look at the section "BIOS rootkit found in the wild" or watch the show
« Last Edit: September 17, 2011, 02:54:52 pm by bcmalloy »

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: AWARD BIOS VIRUS - how to LOCK bios writing
« Reply #3 on: September 17, 2011, 03:04:04 pm »
I know it is something that has been talked about for some time now but as far as I know never appeared in the wild as a real threat. I don't know of any other motherboard  manufacturer released protection. I believe some of the better Anti-Virus programs have a BIOS security aspect.
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy

Re: AWARD BIOS VIRUS - how to LOCK bios writing
« Reply #4 on: September 17, 2011, 05:09:24 pm »
I know it is something that has been talked about for some time now but as far as I know never appeared in the wild as a real threat. I don't know of any other motherboard  manufacturer released protection. I believe some of the better Anti-Virus programs have a BIOS security aspect.

Thanks for your help, apparently this has started happening in china, so Consider this a feature request for an option to disable windows (operating system) writeable access to the Bios.
« Last Edit: September 17, 2011, 05:19:38 pm by bcmalloy »

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: AWARD BIOS VIRUS - how to LOCK bios writing
« Reply #5 on: September 17, 2011, 08:37:24 pm »
In that case I think you should make GGTS aware of the situation and maybe they can do something to help stop this problem.

Just enter your email address and click on the language of choice.
GGTS   http://ggts.gigabyte.com/

Please expect several days for a reply.
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy

Re: AWARD BIOS VIRUS - how to LOCK bios writing
« Reply #6 on: September 18, 2011, 02:11:46 pm »
In that case I think you should make GGTS aware of the situation and maybe they can do something to help stop this problem.

Just enter your email address and click on the language of choice.
GGTS   http://ggts.gigabyte.com/

Please expect several days for a reply.

Email sent , it has to be said allowing the lowest level part of your System the  bios to be written to from windows is throwing caution to the wind, while drink driving and placing an unhealthy large bet on you mobile phone, while giving a the finger to a 7ft stranger with a short fuse.
« Last Edit: September 18, 2011, 02:16:38 pm by bcmalloy »

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: AWARD BIOS VIRUS - how to LOCK bios writing
« Reply #7 on: September 18, 2011, 02:23:29 pm »
I must say I couldn't agree more and have never been in favour of these Windows based update programs like @BIOS. I much prefer the old tried and trusted methods like QFlash.
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy