Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot


19 Nov 2011   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot

Quote:
A security researcher who has in the past has created low-level rootkits capable of staying resident on an infected machine after reboots, said he has now accomplished the same feat on Windows 8, which hasn't even hit the shelves yet. Peter Kleissner said he has created a new version of his Stoned bootkit that defeats the pre-boot security checks included in the forthcoming OS and survives reboots.

Kleissner is known in the security community for his creation of the Stoned bootkit, a sophisticated form of rootkit that is designed to load from the master boot record and stay resident in memory throughout the boot process. The previous version of the bootkit was designed to work on Windows XP through Windows 7, but the new one that Kleissner has written also works on Windows 8. He said in a message on Twitter Thursday that Stoned Lite is a small footprint bootkit that can be loaded from either a USB stick or a CD.

He said he may also add some other functionality to the software in the near future.
Source

A Guy

My System SpecsSystem Spec
.

19 Nov 2011   #2

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 

I thought (that I read) that only affects BIOS booting and not UEFI booting.
My System SpecsSystem Spec
19 Nov 2011   #3

Windows 7 Pro-x64
 
 

Everything begins at/from the BIOS. The BIOS hands over control to the first byte of the MBR/VBR. That can be an EFI, OS loader or whatever is put there.
My System SpecsSystem Spec
.


19 Nov 2011   #4

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Replacement

I'm reasonably sure that UEFI replaces the BIOS.

From Wikipedia:

"The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. UEFI is a more secure replacement for the older BIOS firmware interface, present in all IBM PC-compatible personal computers, which is vulnerable to bootkit malware."

The Linux "guys" are all screaming that Windows 8 Secure Boot is actually to prevent the installation of Linux operating systems (not to prevent Rootkits).
My System SpecsSystem Spec
19 Nov 2011   #5

Windows 7 Pro-x64
 
 

It's not a total "replacement". The UEFI is firmware and software that takes control of the hardware interrupts but it does NOT completely replace the BIOS. POST and SETUP are NOT part of UEFI.

Source (NOT Wiki)


Attached Images
 
My System SpecsSystem Spec
20 Nov 2011   #6

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
It's a useless additonal point of failure then

Quote   Quote: Originally Posted by carwiz View Post
It's not a total "replacement". The UEFI is firmware and software that takes control of the hardware interrupts but it does NOT completely replace the BIOS. POST and SETUP are NOT part of UEFI.

Source (NOT Wiki)
Interesting.
Thanks for that link.

So it is a completely useless disruption to the "established order of things".
Just another thing that can prevent a PC from functioning.

I only pointed at Wiki, because I read something on another blog and I wanted to see if it matched.
My System SpecsSystem Spec
20 Nov 2011   #7

Windows 7 Pro-x64
 
 

Well, it's "said" to be safer but I don't see how. There's already malware that will emulate a UEFI interface. Nasty ones too. They just sit back and monitor EVERYTHING on your computer. Then "serve" it up.
My System SpecsSystem Spec
20 Nov 2011   #8

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Scam?

Quote   Quote: Originally Posted by carwiz View Post
Well, it's "said" to be safer but I don't see how. There's already malware that will emulate a UEFI interface. Nasty ones too. They just sit back and monitor EVERYTHING on your computer. Then "serve" it up.
It seems to be just another layer that can be compromised.

Perhaps it's just money-making scam (for the suppliers).

Maybe the Linux "guys" are right after all.
My System SpecsSystem Spec
20 Nov 2011   #9

Windows 7 Pro-x64
 
 

Don't know about scam. All the "biggies" have their hands in the spec and implementation is voluntary. I suppose it's advancing the PC technology as the BIOS runs on 16-bit addressing. UEFI can run 32 or 64 bit depending on the OS. The problem is that it's just a shell-based system. It calls other programs and that's what I think is the weak point. There's supposed to be a special secure partition for the software but that just hints of the same security problems as the MBR. If it can be written, it can be re-written.
My System SpecsSystem Spec
20 Nov 2011   #10

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Good information, thanks for sharing

A Guy
My System SpecsSystem Spec
Reply

 New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot




Thread Tools



Similar help and support threads for2: New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot
Thread Forum
Researchers demo exploits that bypass Windows 8 Secure Boot Security News
Solved How do I bypass os select screen that appears during boot? Installation & Setup
How to bypass Windows Boot Manager. Prompting for "Recovered" option General Discussion
Solved Unable to disable Secure Boot in Windows 7 (New MOBO) Installation & Setup
Linux Foundation releases Windows Secure Boot fix News
bypass password at boot up? General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:02 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33