AWARD BIOS VIRUS - how to LOCK bios writing

[bcmalloy]

I was recently alerted by this article http://www.symantec.com/connect/blogs/bios-threat-showing-again
of some nasty new viruses that can insert themselves into a bios

I have a  Gigabyte 990FX UD5 , great board good over clocker one problem the bios can be easily written to straight from windows, there is
no bios write protect jumper on the motherboard or any obvious way to write protect the bios.

Does gigabyte have any plans to put some code in the bios to give an option to write protect it or only allow flashing from within the bios? this is a major design flaw and I would be alot happier if any piece of malware could not insert code into my bios from windows.  As dual bios looks for a checksum error it would be not detect any problem unless the bios is actually corrupted.

[Dark Mantis]

You already have the password protect option to stop unauthorised change of the BIOS data that can be set in the BIOS and there is the No-Execute Memory Protect that can stop certain BIOS virus actions.

[bcmalloy]

You already have the password protect option to stop unauthorised change of the BIOS data that can be set in the BIOS and there is the No-Execute Memory Protect that can stop certain BIOS virus actions.

I tested that even with a password set I could easily overwrite the bios in windows with @bios, it does not  prompt for a password, just happily overwrites  the bios. If there is a way to prevent this I would love to hear it.

These new viruses dump your bios edit it then write the edited version back, because of this bios updating outside the bios (from windows) needs to be disabled, I have the equipment to lift the bios write pin and put in a switch but a software solution like a simple bios option that would not void my warranty would be a nice piece of mind on my brand new $200 board.


The problem is also outlined here http://www.jupiterbroadcasting.com/12136/ultimate-home-router-techsnap-23/   by some IT experts
look at the section "BIOS rootkit found in the wild" or watch the show

[Dark Mantis]

I know it is something that has been talked about for some time now but as far as I know never appeared in the wild as a real threat. I don't know of any other motherboard  manufacturer released protection. I believe some of the better Anti-Virus programs have a BIOS security aspect.

[bcmalloy]

I know it is something that has been talked about for some time now but as far as I know never appeared in the wild as a real threat. I don't know of any other motherboard  manufacturer released protection. I believe some of the better Anti-Virus programs have a BIOS security aspect.

Thanks for your help, apparently this has started happening in china, so Consider this a feature request for an option to disable windows (operating system) writeable access to the Bios.

[Dark Mantis]

In that case I think you should make GGTS aware of the situation and maybe they can do something to help stop this problem.

Just enter your email address and click on the language of choice.
GGTS   http://ggts.gigabyte.com/

Please expect several days for a reply.

[bcmalloy]

In that case I think you should make GGTS aware of the situation and maybe they can do something to help stop this problem.

Just enter your email address and click on the language of choice.
GGTS   http://ggts.gigabyte.com/

Please expect several days for a reply.

Email sent , it has to be said allowing the lowest level part of your System the  bios to be written to from windows is throwing caution to the wind, while drink driving and placing an unhealthy large bet on you mobile phone, while giving a the finger to a 7ft stranger with a short fuse.

[Dark Mantis]

I must say I couldn't agree more and have never been in favour of these Windows based update programs like @BIOS. I much prefer the old tried and trusted methods like QFlash.