Question How to activate Microsoft Defender for Endpoint?

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.

Ralston18

Titan
Moderator
@TheFlash1300

3 Questions just for starter purposes:

1 )This:

"I got a better idea. How about checking the checksum of my UEFI "

What is your understanding of how a checksum works?

2) And:

"As far as I know, UEFI/BIOS viruses can survive re-flashing."

What research have you done and/or what have you read that let you to that conclusion?

3) Plus:

"Also, shouldn't there be suspicious messages in the Event Viewer? :

Event Viewer is a useful tool but has some limitations. One of which (my view) is that Event Viewer is not particularly user friendly.

Read the following Event Viewer/tutorial link:

https://www.windowscentral.com/how-use-event-viewer-windows-10

Based on the link and the information therein would you expect to see "suspicious messages"?

What would be or could be deemed a "suspicious message"?

Feel free to look for other Event Viewer links. (Note: Reliability History is a similar tool - read about Reliability History as well).

= = = =

My point being is that you really need to ask questions that demonstrate that you have, on your own, done some research on the matter at hand. Then cite some factual details that have led to the question(s) you are asking.

Always a good idea to provide or otherwise present what you honestly and fairly believe to be the correct or applicable answer.

You will discover that some questions are easily answered by just an extra bit of work on your own.

Much more satisfying and you will learn more as well.
 

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
@TheFlash1300

3 Questions just for starter purposes:

1 )This:

"I got a better idea. How about checking the checksum of my UEFI "

What is your understanding of how a checksum works?

2) And:

"As far as I know, UEFI/BIOS viruses can survive re-flashing."

What research have you done and/or what have you read that let you to that conclusion?

3) Plus:

"Also, shouldn't there be suspicious messages in the Event Viewer? :

Event Viewer is a useful tool but has some limitations. One of which (my view) is that Event Viewer is not particularly user friendly.

Read the following Event Viewer/tutorial link:

https://www.windowscentral.com/how-use-event-viewer-windows-10

Based on the link and the information therein would you expect to see "suspicious messages"?

What would be or could be deemed a "suspicious message"?

Feel free to look for other Event Viewer links. (Note: Reliability History is a similar tool - read about Reliability History as well).

= = = =

My point being is that you really need to ask questions that demonstrate that you have, on your own, done some research on the matter at hand. Then cite some factual details that have led to the question(s) you are asking.

Always a good idea to provide or otherwise present what you honestly and fairly believe to be the correct or applicable answer.

You will discover that some questions are easily answered by just an extra bit of work on your own.

Much more satisfying and you will learn more as well.
1. Checksums are values. I haven't learned their 16bit value in a transmission and other functions they perform, but I have learned only what I need - the fact that checksums are pre-fixed to a file, and will be changed if the file is changed.

For example, although I don't understand all functions of checksums, I know how to use them to verify if .ISO file of Windows or Linux have integrity and authenticity. I know how to use PowerShell, what commands to enter there, in order to get the checksum of the file - then to compare the value and see if the file is 100% original and untouched. If the value I got from PowerShell is the same as the value provided by the creator of the file, the file is untouched and non-corrupted - safe to use.

So, I would like to do the same with UEFI - to get the checksum value, to compare it to the value provided by the manufacturer, and see if the values are the same. If they are the same, there is no virus making changes.

2. The re-flashing process is controlled by the ALREADY installed BIOS. This means that the virus code can be written in a way to recognize flashing, and start pretending an actual flash is being done, while it actually blocks the flash.

Here is some text:

The reflash operation is under control of... the BIOS, so the infected BIOS only pretends to do the reflash (or reinfects the new BIOS immediately afterwards).

Another flashable firmware in the machine is also infected, and when either it or the BIOS is reflashed, the still infected firmware reinfects the other one. Any device with DMA can hijack the live machine at any point, and most devices with a firmware have an onboard CPU which would be up to the task (GPU, hard disks...).

The disk firmware is infected, and inserts malicious code in the boot code which reinfects the BIOS. (Not sure it matches the symptoms, but that's a possibility.)


SOURCE: https://security.stackexchange.com/questions/44750/malware-that-can-survive-bios-re-flashing

I have read other information, too, including official publications - they all have similar conclusions like the described in the text I showed above.

Doesn't it make sense? If the BIOS control the re-flashing, why wouldn't the hacker make the code able to recognize the flashing and hijack it?


Still waiting on just one of the "plenty of good reasons."

Knowing just one of the plenty of good reasons would demonstrate there's any reason to participate in these bizarre threads. And that's important; there's no reason to keep open threads that exist simply for your personal amusement.
Here are some reasons:

1. Multiple times I have downloaded cracked software for experimental purposes. How can I know some of the software wast engineered to install BIOS viruses?

2. Multiple times I have visited websites that don't support HTTPS protocol and downloaded files from them.

3. Used TOR to visit websites on the dark web and download things from them, like mods for Windows.

4. Downloaded multiple cracked games on the smartphone, then connected it to the computer, which could have transferred viruses to the computer.

5. Has kepts the Secure Boot option disabled for around 5 months, so I can experiment with other OSs. This option being disabled means boot viruses will not be blocked, but allowed at the boot.

There are probably more reasons, but I don't remember.

I no longer engage in risky behavior. Now I want to be sure the computer is 100% clean and safe, so I can put some data on it. I'm afraid that if there is a virus, it may modify my data, making it infected, which means the data will infect every other computer's BIOS I put the data in. I don't want to have permanently infected data. Also, I don't want someone to spy on me, in case the BIOS virus sends data to its creator.

So, as you can see, I really have reasons to think the BIOS is infected.
And why do you think that BIOS and UEFI are something special and can't be infected? If there are viruses designed for operating systems, why should I think there are no viruses for BIOS, too?

Why should I think although my OS was infected multiple times, the BIOS was definitely not infected?

My OS is no clean, because I reinstalled it. But how can I know the BIOS is clean, too? Reinstalling the OS doesn't affect the chip, neither standard virus scanners can reach the chip.

What makes you to believe my BIOS is clean? 2hy do you think my BIOS isn't infected, despite the fact BIOS viruses exist, meaning infecting the BIOS is possible?
 

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
Solution: Buy a new PC and start over.
Why should I buy new PC, without even knowing if the current PC is infected and the virus can't be removed? This is why I want to check if there is BIOS virus - if it turns out there is one and can't be removed, I will get new PC.
 

TheFlash1300

Proper
Mar 15, 2022
277
4
185
0
What has your research shown as to what BIOS virus can do?
How common are they?
Where do they come from?
I don't know how common they are and where they come from. Would you explain it? Can such a virus be integrated in .image file and then infect the system after the file is processed? What about .exe files?
 

USAFRet

Titan
Moderator
Mar 16, 2013
156,097
11,668
176,090
24,258
I no longer engage in risky behavior.
"No longer, as in "last Saturday" ?

"Hello. Today i downloaded an archive that was infected with Trojan horses. "
 

DSzymborski

Titan
Moderator
Here are some reasons:

1. Multiple times I have downloaded cracked software for experimental purposes. How can I know some of the software wast engineered to install BIOS viruses?

2. Multiple times I have visited websites that don't support HTTPS protocol and downloaded files from them.

3. Used TOR to visit websites on the dark web and download things from them, like mods for Windows.

4. Downloaded multiple cracked games on the smartphone, then connected it to the computer, which could have transferred viruses to the computer.

5. Has kepts the Secure Boot option disabled for around 5 months, so I can experiment with other OSs. This option being disabled means boot viruses will not be blocked, but allowed at the boot.
In other words, none. These are reasons that you could have some type of virus. These are not specific signs of an extremely unusual type of infection that consumers are extremely unlikely to get. You've given no reasons why you specifically have a UEFI virus other than a set of circumstances that could theoretically result in a UEFI virus in a very specific situation. Just because someone comes home from Sierra Leone with a headache doesn't mean they have a good faith basis to think they have Ebola.

This thread is closed. If you have a specific problem that you can actually present in good faith, feel free to start a thread about it. But just like last month's spamming of dozens and dozens of threads for every random question that popped into your head, this behavior is inappropriate. People here have real problems that they're seeking assistance with and it's unfair that they have to compete for attention with every imaginary thing that vexes you at any given moment.
 
Status
Not open for further replies.

ASK THE COMMUNITY