Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
The heart-stopping thing about this particular exploit is that it hides itself in the SMM space. To put that into perspective, SMM is more privileged than a hypervisor is and it's not controllable by any Operating System. By design, the operating system cannot override or disable System Management Interupt (SMI) calls. In practice, the only way for you to know what is running in SMM space is to physically disassemble the firmware of your computer. So, given that an SMI takes precedence over any OS call, the OS cannot control or read SMM, and the only way to read SMM is to disassemble the system makes an SMM rootkit incredibly stealthy!
There is paranoia here, it may provide new methods of attack but the code still has to reside in a file and it can, in theory, be detected there by anti-virus software.
Also, it sounds like it should be possible to disable this attack vector by disabling caching (but that would hit performance). However, this is not supported by every bios.