It's not the just your OS that is insecure...it's the hardware too.

http://www.eweek.com/article2/0,1895,2099603,00.asp

Ironic how old time concepts are still the real holes inside all operating systems. Yup, even for the OSX/-ix folks...it's a very interesting read if you are at all interested in system security issues.

 

scary, I hope they find a cure

 

not likely this hole will be there as long as we use the current flashable BIOS/Firmware on the different components...but, yeah it's kinda scary because as firewalls & AV/Anti-scumware improve the other holes will become the focus of attention for the black-hat pro's...

kinda wants me feel like the abacus is not such a bad option after-all.

 

Thankfully the advent of the OpenBIOS will help correct this, with frequent updating, of course. But it's not much to worry about really, worst it can do is require an erasure of your harddrive.

 

That's pretty naive to think, Lysander.
Nothing magic about OpenBIOS. (And apart from everything else, the industry seems to be moving towards EFI in any case. Apple uses it. Microsoft is going to use it.). And frequent updating? Well, how often do you expect regular users to update their bios? Not gonna happen. If it needs frequent updates to be secure, it is not secure.

Also, I'd say erasing your harddrive is definitely something to worry about. It's pretty much the *only* reason I have to not just format every day. I want to keep my data. You could say it's why I have a PC, and not a console.

Erasing the harddrive also won't clear the BIOS, which is sorta the entire point.

 

Well, the BIOS is just another piece of software. It should be given regular updates just like your OS. Companys may have to look at ways to secure their BIOS more effectively, but it's the same struggle with securing any other piece of software.

 

Exactly...it comes to this as long as we can flash any of the EEPROMS on the system they are potential hiding places for stuff. If some sort of malware gets into your EEPROMS then it cannot be removed w/o replacing the hardware itself. That is because the malware will be written so as to prevent any access or corrupt the system before it finishes booting...

And you are right that people will not update their BIOS. The typical home user consumer type hardly can find the power switch (nor do they want to learn more and who can blame them!!) Combine that with how high strung BIOS flashing can be, asking them to constantly flash the BIOS would probably kill more PC's then it would protect.

It's just a hole that has been there a long time and only a matter of time before exploits become more prevalent I guess.