Lukasz Sokol wrote:
On 08/05/2012 10:00, Mark Morgan Lloyd wrote:
Hans-Peter Diettrich wrote:
In the last c't magazine I found an side-cut on the German
"Bundestrojaner", a spy software developed for the secret service:
"Since the AV software is booted from a clean CD, and has full
control over the machine, there is no disk space where a rootkit or
other spyware could hide itself."
Never a safe assumption: a rootkit can hide itself in Flash, and in
particular can hide itself in the "hidden" System Management Mode
BIOS space (Phrack 65).
Hans grumbled on this in next line ;)
No, he grumbled that money had been spent writing something that could
be defeated by loading a different operating system. I'm pointing out
that there are at least two categories of malware (or state-sanctioned
spyware) which apply to any OS, since they are hidden at a lower level
(Flash or SMM BIOS).
It's very much comparable to Geohot's hack of the Sony Playstation: he
attacked the MMU before Sony's loader attempted to run, and was able to
extract compromising information.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
--
_______________________________________________
Lazarus mailing list
[email protected]
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
