You are in: Articles / Operating Systems / Linux and Windows compromised at boot

Linux and Windows compromised at boot

(Chad Perrin, TechRepublic)There’s a lot of debate over what constitutes a “secure” operating system. The debates seem to become most heated when people compare the Big Three of home desktop OSes — Microsoft Windows, Apple MacOS X, and the Linux family of operating systems. Of course, it’s difficult to convincingly offer a definitive declaration that any given operating system is “more secure” than another.

OpenBSD is rightly proud of its record of only two identified remotely exploitable vulnerabilities in default configuration through its entire stable release history, but even this is not proof positive that an OS is the “most secure”, considering that security needs change from one system deployment to another.

Ultimately, any of the widely used general purpose OSes can theoretically be compromised. The recent popularity of virtual machines, allowing one to simultaneously run multiple virtual computers on a single physical hardware platform, has provided hints of one particular threat that may apply even to an OS running outside of the controlled environment of a virtual machine: compromise by altering the OS image in memory during boot. This kind of danger has become something of a common bogeyman for VM users, as they worry that some piece of malware may be able to break free of the limits of the VM, and affect the OS in ways that have not previously been a concern for operating system installs on “bare metal”.

In theory, however, there is no specific reason something similar cannot be done to a system running without the virtual machine environment, as long as malicious security crackers can find ways to access the machine’s boot process itself. This may be prohibitively difficult to achieve remotely, at this time at least, but it presents a very worrisome state of affairs for cases where a security cracker may have physical access to the computer.

In the case of Microsoft Windows and certain Linux distributions, this concern is not just theory. It is also a very concrete reality. Piotr Bania has put together a proof of concept, a boot compromise tool called Kon-Boot, which so far has been tested and confirmed to work on at least four Linux distribution releases and a slew of common MS Windows releases.

Rating: 12345
Leave a comment

Note: all fields marked with (*) are required
Comments (0)
Close send to email window

Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll

What OS do you use for your email server?
disabled next

How many mailboxes do you currently manage?
previous next

Would you like to comment upon the choosing of this particular OS?

DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)