iTnews

Microsoft takes aim at rootkits, misses

By Sam Gentle on Jan 20, 2012 11:02AM
Microsoft takes aim at rootkits, misses

Red Hat, Canonical raise objections at Linux.conf.au.

Open Source companies Red Hat and Canonical have highlighted serious concerns about a plan to rid the world of rootkits, arguing that UEFI technology is "buggy".

UEFI is an attempt to address the recent explosion in the number of viruses and other malware targeting low-level system services. Known as rootkits, these attacks are capable of infecting systems at a level that's difficult or impossible to detect with traditional anti-virus software, and often require complete system rebuilds to fix.

One particular weak point has been the PC's BIOS - the basic code that executes when the computer starts. The BIOS is stored on a separate chip rather than a hard disk, so an infected BIOS will stay infected even if everything else on the system is wiped clean. BIOS rootkits have been spotted in the wild as recently as September 2011, prompting Microsoft and Intel to work on a solution.

That solution is UEFI, a complete rewrite of BIOS to make it faster, better, more secure, and standardised across different PCs, tablets and smartphones. The key security feature within it is called Secure Boot, which uses cryptographic signatures to prevent untrusted code from running at the BIOS level.

Microsoft has announced that all Windows 8 certified systems will be required to implement UEFI.

In a presentation to Linux.conf.au, Red Hat mobile Linux developer Matthew Garrett called UEFI "infuriating", "poorly tested" and full of "an incredible number of bugs".

UEFI has ten times more code than BIOS, he noted, none of which has enjoyed the benefit of decades of testing and real-world use.

Garrett is concerned UEFI may actually be less secure until it has matured further. He cited examples of exploitable bugs that permanently prevent the system from starting, among other consequences. Worse still, UEFI's standardisation means that a single bug could compromise a huge range of different devices.

For large desktop deployments, this could lead to significant maintenance issues, he noted. If a particular UEFI implementation is compromised, its permission can be revoked remotely by Microsoft or the hardware vendor, meaning that the computers it runs on won't boot until they are updated. Patch Tuesday could go from being an inconvenience to a complete work stoppage.

A whitepaper [pdf] published by Red Hat and Canonical warned that the specification makes no mention of how to deal with security problems, and places no restrictions on grounds for OEMs to revoke permission. It could be entirely possible that competitors might ban each others' keys.

To address these issues, Microsoft has required that vendors implement Custom Mode, which allows an end-user or administrator to manually control what is allowed and what isn't. A site with custom hardware, for example, might use this to cryptographically sign their own drivers. Users and administrators can even disable UEFI completely, allowing any code to run.

But Garrett is still unsatisfied.

Firstly, although UEFI is standardised, its interface is not, he argues. Each vendor might have their own, different way of configuring these settings, making it difficult to manage or document across heterogenous systems. Secondly, it is not possible to do this unattended; an administrator would need to set up each computer individually. And finally, on ARM systems, such as tablets and some promising future low-powered laptops, Custom Mode is not available.

Canonical and Red Hat want the benefits of UEFI, but are clearly worried that Microsoft is the only authority guaranteed control over any system shipped with a Windows 8 logo.

Representatives from both open source companies also worry that the difficulties involved in key management will lock out smaller Linux distributions, and make it unlikely that all vendors will add Linux to their trusted list.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
canonical hardware lca2012 linuxconfau microsoft red hat rootkit security uefi

Partner Content

Successful digital transformation demands universal buy-in
Partner Content Successful digital transformation demands universal buy-in
COVID puts agile IT under the microscope
Promoted Content COVID puts agile IT under the microscope
MSI launches business laptops with impressive battery life, style
Partner Content MSI launches business laptops with impressive battery life, style
New Intel NUCs advancing mini-PC possibilities for business
Partner Content New Intel NUCs advancing mini-PC possibilities for business

Sponsored Whitepapers

Customer Identity and Access Management for Dummies
Customer Identity and Access Management for Dummies
Empowering workforces in the new environment
Empowering workforces in the new environment
Is the technology refresh dead?
Is the technology refresh dead?
DevSecOps: A framework for digital innovation
DevSecOps: A framework for digital innovation
Encryption: Protect your most critical data
Encryption: Protect your most critical data

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [Webinar] - Transformation versus compliance – a guide for CXOs
  • "How Digital Transformation can solve the cyber challenge"
  • Masters of Microsoft Licensing
  • Is your DevSecOps stuck in first gear?
By Sam Gentle
Jan 20 2012
11:02AM
0 Comments

Related Articles

  • Australian policing agencies sent Microsoft 1746 data requests last year
  • New Microsoft Exchange vulnerabilities require urgent patching: ACSC
  • The FBI remotely accessed private Exchange servers to remove web shells
  • White House taskforce meets over Microsoft software weaknesses
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia and NZ will put a robot called TORY into every store

Kmart Australia and NZ will put a robot called TORY into every store

Aussie Broadband says some customers are switching providers to get high-speed NBN discounts

Aussie Broadband says some customers are switching providers to get high-speed NBN discounts

Swinburne University data breach exposes details of 5000 staff, students

Swinburne University data breach exposes details of 5000 staff, students

NAB sacked tech worker behind 2019 data breach

NAB sacked tech worker behind 2019 data breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.