The 'bootkit' menace is a paper threat

New research papers on next-generation Windows 8 and Mac OS X rootkits suggest a new wave of vulnerabilities. But most users are going to be more secure, not less

Page 2 of 2

A paper on the Mac OS X rootkit (PDF) is even more clear: "A successful implementation of (a Secure Boot-like) process would mitigate the risk of many attacks described herein."

Apple has not yet adopted Secure Boot on the Mac OS X, but it undoubtedly will use a similar technology because it already uses a secured boot chain on its mobile platform, iOS (PDF). The company has already duplicated many of the security strategies from its iOS platform for mobile devices on the Mac OS X, namely a closed software ecosystem with signed code and sandboxing applications so they cannot access each other's data. Secure Boot, or a similar system, will likely make its way in as well.

So nothing to worry about? Not so fast.

Users could turn off Secure Boot, just as they jailbreak their smartphones, a practice that undermines the security of the operating system. About 10 percent of smartphone users use a rootkit on their phone to disable protections put in place by the manufacturers and carriers. Jailbreaking allows users to choose a different carrier, use non-sanctioned applications, and have features disallowed by the carriers, or manufacturers. Similarly, many Linux users have complained that Secure Boot on Windows could limit their choice. While Red Hat, Ubuntu, and Suse have all announced ways of supporting -- or at least, dealing -- with Secure Boot, dual booting a computer is still problematic.

Yet, Linux users only make up 1 percent of the desktop OS user base. Even if that is doubled by Mac users running Windows 8 in Bootcamp, some 98 percent of Windows users will not have to worry about EFI bootkits.

The real threat is a rootkit that exploits a vulnerability in the Unified Extensible Firmware Interface. UEFI is much more complex than BIOS, and software complexity means bugs. If security researchers find a flaw in the software, then all the research into the creation of bootkits will pay off. While such flaws will be hard to find, similar vulnerabilities have been found to allow smartphones to be jailbroken, so the security issues are undoubtedly there.

This story, "The 'bootkit' menace is a paper threat," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

| 1 2 Page 2