6

So I was installing questionable operating system onto my EEE pc and it required me to downgrade the BIOS which I really am not an expert at. I used a patch and it appeared to work.

Now, I'm paranoid about the downgrade because, honestly, I have no idea where the code came from or what could be in it.

My question, then, is it possible to "start over" completely fresh with my BIOS? As in wipe out the possibly malicious BIOS and go back to the manufacturer-provided one?

Has anyone done something similar to this? I just want to install Ubuntu Netbook Remix to the EEE pc 1000 but I want to make sure the BIOS are secure.

Any advice would help tremendously, or am I just being uber paranoid? BIOS are definitely not my strength.

Tamara Wijsman
  • 57,881

5 Answers5

6

If you really have a rootkit in your bios, one of the things that rootkit would likely do is refuse to allow any other updates to be applied. At least, that's what I'd do if I wrote a bios rootkit since, ya know, the computer kinda has to use bios functions to update the bios...

In that scenario, your only options are to force flash it by setting a reset jumper (not likely an option on a netbook) or ripping out the chip and soldering a new one to the motherboard (and good luck with that; you're gonna need it).

The good news is that you probably don't have rootkit, and if you are able to successfully flash the bios with one downloaded from the manufacturer (asus) via the normal means that would pretty much confirm it.

Joel Coehoorn
  • 28,637
2

applying an official BIOS from the ASUS support website is perfectly safe.

if you want to use some 'experimental' 3rd party BIOS you do this at your own risk and you'll void the warranty.

as for installing Netbook Remix on the Eee PC 1000, check the Wiki and browse the forum at eeeuser.com, plenty of guides and tips.

1

is it possible to "start over" completely fresh with my BIOS? As in wipe out the possibly malicious BIOS and go back to the manufacturer-provided one?

Only by pulling out the BIOS EEPROM chip and replacing it with a known-good one. There are sites that will sell you EEPROMs for various motherboards/BIOS versions, in order to save you when you've burned a bad BIOS and can't boot at all.

If you have an untrusted BIOS you have lost all control of the software layer. You could try to re-flash it with a good BIOS, but since the BIOS has already run it could have rooted the OS you're using, and made it sabotage the BIOS flasher.

The good news is that there are no known attacks that actually do this at the moment, because it's really hard even to author a malicious BIOS that would work across more than a tiny range of motherboards, never mind all the complex payload code. If you just want to brick the machine, on the other hand, that's easy!

bobince
  • 10,096
0

I've been concerned about this too because a hidden version of a flash player keeps installing very frequently and slowing down the laptops, and I wonder if its hiding in the BIOS because it doesn't matter what OS I install, it still happens. Since there's no video at the time I imagine maybe it has a bot or something in it too. I also can't tell if its correlation or causation that it gets meaner every time I complain about it; It is definitely remote controlled, and circumvents every typical blocking app as well as my own patches... including redirecting every storage device to /dev/null. It consumes all the bandwidth and clockcycles it can when it is active, and also freezes the network connection if I try to do anything. I can't keep that flash player out of the machines at all. I've also noticed it "installs" "coincidentally" when I see a face book or twitter logo on a web page.

Noah Plan
  • 1
0

I believe there is a way on most sites to reset the BIOS.. usually done with a jumper or soldered wire..

if you want to get physical anyway..

only sure fire bet though is replacing the EEPROM..

wait!

Or you could buy an EEPROM programmer and get a hold of a BIOS dump and upload it that way.. if you really want to have some fun

Earlz
  • 4,564