On 9/1/15, Georgi Guninski <[email protected]> wrote: > ... > They protect against trojanized (off the shelf) BIOS.
prevents trojan / arb exec from persistence via BIOS. prevents surreptitious FDE keylogger via BIOS hooks. yes, also off the shelf attacks. which is nearly all of them. :) [ see also HackingTeam dump, and research examples ] > If an adversary has sufficient supply of application and > root sploits, how much they will protect you? separate question; see also defense in depth. however, a robust bespoke BIOS beats otherwise cascade catastrophe. > Instead of rootkit they will root you every boot IMHO. this also has a different visibility, as executing in priv. or user context & addr space. also why "throw away" VMs per Qubes or Live OS images a useful technique to avoid attempted persistence via weird machines gone rogue... best regards,
