On Thu, 03 Mar 2005 15:33:09 EST, Matt Marooney said:
The intent of the BIOS portion of the program was just to have a small
bit of code that checked for the existence of the main monitoring
program on the disk, and if it was not there, reload it somehow.
The main program would run from the disk, not the BIOS.
Like I said - all it takes is a Knoppix disk to screw over most of these
schemes - you can't even disable booting from CD and put a BIOS password
on, because you have the following:
1) A motivated user
2) Unmonitored, unobserved physical access (if you don't, there's *bigger*
problems in this scenario ;)
3) Somewhere in there, there's a jumper that will reset the BIOS password....
There's really *NO* way to do this on today's commodity hardware in a way that
will stop a user who knows it's there and has physical access. At best, you
can do it in a way that will surprise an *unsuspecting* person (which is what
most of these anti-theft beacon programs do - the only reason they work is
because the guy who jacked the laptop probably doesn't realize the program is
installed, and thus doesn't take precautions to stop it).
The only way you can make this work is if you have hardware that includes
something like the TPM chipsets from NatSemi or Atmel. Unfortunately, if your
operating system contains enough support for the chipset to use it so the
person at the keyboard can't subvert it, it will almost certainly use it
*itself*
to stop people from doing exactly the sort of code insertion you're trying to
do.
So you're *still* screwed. :)
pgpKdLB1A10BC.pgp
Description: PGP signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
