A
Anteaus
http://blogs.zdnet.com/security/?p=3828
Bad enough the foisted copy of Norton or McAfee that greets you with a
registration demand the first time you use your new computer. This takes the
biscuit, though. LoJack is software burned-into the BIOS which is only of any
use if you subscribe to the third-party service which sponsored this burn-in,
and which (according to researchers) opens your computer to exploits even if
you don't.
Plus, you can't remove it. At least, not without something like an EEPROM
programmer.
From what I've been able to dig-up, the BIOS module, if activated, writes
several DLLs to the windows\system folder such that they are launched at
startup. These phone-home to the vendor's site once a day to report the
computer's security status. They include an function to remotely wipe the
disk on command from the site. The danger here is that malware could
similarly activate the BIOS module, but change the URL it phones-home to,
giving the intruder the ability to wipe the disk, or other malicious acts.
Therefore any computer which has had malware on it is at risk of carrying an
exploited copy of this, and even if the malware has been completely removed
(or even the hard-disk changed!) the compromised BIOS module may still pose
a threat.
As for me, I'm just glad I'm using an unaffected model.
I think.
Bad enough the foisted copy of Norton or McAfee that greets you with a
registration demand the first time you use your new computer. This takes the
biscuit, though. LoJack is software burned-into the BIOS which is only of any
use if you subscribe to the third-party service which sponsored this burn-in,
and which (according to researchers) opens your computer to exploits even if
you don't.
Plus, you can't remove it. At least, not without something like an EEPROM
programmer.
From what I've been able to dig-up, the BIOS module, if activated, writes
several DLLs to the windows\system folder such that they are launched at
startup. These phone-home to the vendor's site once a day to report the
computer's security status. They include an function to remotely wipe the
disk on command from the site. The danger here is that malware could
similarly activate the BIOS module, but change the URL it phones-home to,
giving the intruder the ability to wipe the disk, or other malicious acts.
Therefore any computer which has had malware on it is at risk of carrying an
exploited copy of this, and even if the malware has been completely removed
(or even the hard-disk changed!) the compromised BIOS module may still pose
a threat.
As for me, I'm just glad I'm using an unaffected model.
I think.