stevepusser wrote:For someone seemingly as security-conscious as you seem to be against systemd, you sure aren't keeping up with the Snowden revelations. If they have put malware in a
drive's firmware, it's not much of a leap to think it could be in proprietary video firmware. Maybe you should
Goggle some things like what the common usage of
binary blob is, too.
...
The viruses can be categorized more or less in this way:
1. Real computer viruses, which are written by computer geniuses/experts - usually they can inject/steal the data or create botnets.
2. "unwanted software" - created by programmers who are too stupid to write a real virus - they are spreading this crap in form of small shitty apps licensed as shareware (closed src of course). If they are lucky, their "viruses" can steal personal data, which collected into a database can be then sold to some spamming company.
3. The above apllies also to big corporations, which are embedding "unwanted software" in normal products. Then, in the name of "improving user experience" such software sends any kind of data to company's servers. This a kind of brain-hacking technique - as the users usually don't read the licenses, they are completely unaware of the fact that by clicking "next" they've just agreed to be spied.
With time systems are getting harder and harder for viruses to infiltrate, so a new, 4th category of viruses was created:
4.
Non-existing viruses, which are "created" for two reasons:
a) - to assure, that a stream money will keep flowing to large companies which are selling av-software, security support services, security audits, etc - bilions of $$$ are spent on such things each year.
b) - to trigger some
predictable actions on the user side:
The problem: It's impossible, even for institutions like NSA or companies like Google to store detailed informations on each user of the network. That would need astronomical amount of storage space and computing power - so instead, so-called "metadata" are stored. The problem is, that metadata are not accurate, and still requires a lot of computing power to analyse it and produce some valuable results.
How to solve this problem? - You need "virus" which is
attacking poeple's brains.
F.e. to get a reasonably narrow list of IP adresses which are worth attention, NSA (f.e.) could allow mr Snowden to "steal" some "top-secret" documents, which are containing "shocking" informations about what unbelievably advanced techologies the NSA has on its disposition.
Then, all what is needed is to control just few internet sites which are publishing those "top-secret" docs, and check who is reading it - trivially easy and additionaly - cheap.
In this way, it is possible to limit the number of attention-worth IPs to let's say 0.5..1 milion (10^6) adresses, which can be then classified, based on what parts of documentation were read. You can safely throw away adresses of users who have spent just few minutes for reading the main article, because the article itself doesn't provide any valuable informations (from the security point of view). After this operation Your database will have a list of ~100'000 IP addresses of "potentially dangerous" or "interesting" people and organisations.
What then? This is a moment, where
real viruses can step in, and infiltrate only selected targets, silently, without causing global panic.
Back to the topic:
Viruses hidden in HDD are a myth - it's a brain hack.
In theory, their purpose is to silently copy victim's data to a hidden disk area, in case when the system is not connected to the network. The problem is, that You need to steal the disk to get that data anyway. But if You are able to infiltrate some organisation so deeply that You can steal their hardware without being catched, then it's a plain stupidity to spend money on developing such a virus.
To execute the virus code hidden in unaccessible HDD area, You must know target system architecture, OS and bootloader used, security measures applied, etc: that means, that You have to infiltrate Your target *before* You actually launch the virus - but, since You already have an access to victim's vital data, there's no point to deploy a virus...
Chrome blob is falling into category number 3 - normally harmless, unless You have something to hide...
Regards.
