Abstract :
Is it possible to prove that a computer is malware-free without pulling out its hard disk? This article introduces a novel hardware inspection technique based on the injection of carefully crafted code and the analysis of its output and execution time. In theory, the easiest way to exterminate malware is to reformat the disk and then reinstall the operating system (OS) from a trusted distribution GD. This procedure assumes we can force computers to boot from trusted media, but most modern PCs have a flash BIOS, which means that the code component in charge of booting is recorded on a rewritable memory chip. Specific programs called flashers - or even malware such as the CIH (Chernobyl) virus - have the ability to update this chip. This article addresses this concern, namely, ascertaining that malware doesn´t re-flash the BIOS to derail disk-reformatting attempts or simulate their successful completion
Keywords :
invasive software; operating systems (computers); telecommunication security; Chernobyl virus; computer operating system; disk-reformatting; flash BIOS; hardware inspection technique; malware detection; quine; Clocks; Computer security; Cryptography; Feeds; Hard disks; Hardware; Inspection; Linear discriminant analysis; Privacy; attacks; code; malware; quine; security; worms;
