Dustin wrote:
> ~BD~<~BD~@nomail.afraid.org> wrote in
> news:j4etue$jre$1@dont-email.me:
>
>> Please don't worry about my computer Dustin. It's simply a tool and
>> easily replaceable. Please answer my original question, viz:-
>
> Alright. Consider it everyone elses computers who might try playing
> around if I made the findings public. If you want an example, How many
> computers are likely infected with something right now? Infected is
> still better than dead.
>
> For those users who can't remove, say, mywebsearch, a firmware
> corruption is a dead computer; I don't think they'd be so forgiving.

I believe that *millions* of computers are currently infected!

>> If I have understood correctly, when the LoJack software is loaded
>> onto a computer (from a CD/DVD) somehow or other, an alteration is
>> made to the BIOS chip. In turn, this results in a situation whereby
>> even if the hard drive is wiped clean, the product survives and can
>> still call home.
>
> An additional codeblock is installed in a freespace section of the BIOS
> itself, depending on installation style and manufacturer (I'm not going
> to get any more specific here) it may or may not include modified
> firmware code for the mainBIOS itself. Not all systems have a bios
> which supports this. It isn't universal.

I understand that, Dustin.

>> Now, if LoJack can do this, as I've intimated in the past, why
>> cannot a specifically crafted *malware* do exactly the same thing if
>> it was planted on a CD/DVD which a user deliberately 'loaded' for a
>> specific purpose? For example, a CD used to install drivers for a
>> printer or, perhaps, a CD ordered by post to install Windows XP SP2?
>
> David,
>
> I never implied one couldn't do this; I only stated an ITW sample of a
> real malware (technically, lojack is greyware) has never been reported.
> firmware corruption, yes, but not installation of additional code. It's
> not universal, as I've said from the getgo. The BIOS has to support it,
> and the flasher code has to know which bios it's flashing too. It has
> to do some very specific things in a specific order to convince the
> BIOS to accept a new program. Those things and that order is specific
> to BIOS manufacturer; not universal.

OK

> Also,
>
> Some mainboards on desktop pcs (you can lojack those too if you feel a
> real risk of the computer being stolen. You should be more concerned
> with the data on it, tho. Imho.) contain a secondary read-only basic
> firmware program; in the event of BIOS corruption, or the board things
> you screwed up, it can reflash the bootblock for you, with code direct
> from manufacturer. This will not touch lojack, but will restore you
> from firmware corruption.

Very interesting. Thanks.

>> Serious question.
>
> Serious explanation provided, I'm sorry I can't be more specific, but
> it would be bad of me.

Thank you, Dustin.

> I have told people to google it tho. I can't
> stop you from learning things that way. Hint hint.

I'm getting better with Google! ;-)