Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM"
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 09/23/05
- Next message: Jim Byrd: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Previous message: Roger Wilco: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- In reply to: Roger Wilco: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Next in thread: Steve Welsh: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Reply: Steve Welsh: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Reply: nemo_outis: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Sep 2005 19:47:27 GMT
From: "Roger Wilco" <yesman@yourservice.invalid>
|
| Only if it has errors. Error in this context is a difference between the
| data the CRC's cyclic check sum was generated from and the new CRC
| cyclic check sum calculated from the data when received. How would a
| legitimate BIOS Upgrade reflash work if the checksum reference was
| inalterable? CRC's work because noise can't be expected to calculate new
| checksums, and they work better than simple parity checks for
| reliability and provide for error correction methods instead of only
| retransmission requests.
|
If it comes from the factory (malicious or not) it will not fail a CRC check. IFF code could
be appended to the BIOS routines maliciously it would fail a CRC check.
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
- Next message: Jim Byrd: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Previous message: Roger Wilco: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- In reply to: Roger Wilco: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Next in thread: Steve Welsh: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Reply: Steve Welsh: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Reply: nemo_outis: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
