Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM"

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 09/20/05


Date: Mon, 19 Sep 2005 23:58:01 GMT

http://research.microsoft.com/rootkit/

States the following...
"Note: there will be some false positives. Also, this does not detect stealth software that
hides in BIOS, Video card EEPROM, disk bad sectors, Alternate Data Streams, etc. "

We have discussed the possibility of infecting a BIOS over and over and the consensus has
been that is not possible. Based upon my studying both viruses and hardware I can't see how
it is possible. Yet the above Microsoft web site on a RootKit Detector indicates
"...stealth software that hides in BIOS, Video card EEPROM".

>From what I believe to be true, this is faux information and pure FUD.

If anyone has specific information (backed by authoratative URLs such as from the IEEE or
some other organization) I welcome the replies. Both PRO and CON for the above statement.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Relevant Pages