CN1349171A - BIOS protecting method - Google Patents
BIOS protecting method Download PDFInfo
- Publication number
- CN1349171A CN1349171A CN 00131445 CN00131445A CN1349171A CN 1349171 A CN1349171 A CN 1349171A CN 00131445 CN00131445 CN 00131445 CN 00131445 A CN00131445 A CN 00131445A CN 1349171 A CN1349171 A CN 1349171A
- Authority
- CN
- China
- Prior art keywords
- bios
- protection
- output system
- basic input
- write
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method for protecting basic input/output system. A protecting functino is provided based on the setting of BIOS. The protecting function can be selected from one of the functions: protection enable or protection prohibited. When the setting of protection enable being selected, the storage of the BIOS is enabled only for reading out. When the setting of protection prohibited being selected, the storage of the BIOS is enabled for writing. User selects the setting of protecting enable so the BIOS does not allow writing operation, in this way usr prevents computer virus from invading BIOS.
Description
The present invention relates to a kind of method that prevents the computer virus infringement, particularly a kind of viral guard method of carrying out at Basic Input or Output System (BIOS).
The development of computing machine and information forms significant impact to modern society, has also changed human habits and customs.But some computer player produce computer virus (Virus) because of joyful or bad intention, make computing machine no matter at home or the workplace use, no matter be a terminal on unit or the network, no matter be personal workstation or server, even opinion is not used any operating system, as long as computing machine one start just may be under the threat of computer virus.
So-called computer virus is exactly that a kind of procedure code with oneself duplicates, and adds or cover the program of other file then, and its circulation way is generally via disk or the network file in the computing machine again.When carrying out the poisoning file, just can obtain the control of operating system, further infect other file, make file be capped or destroy, cause the operation situation of can't carrying out or crash.
Computer virus is owing to hide easily, so length is generally below 4KB, and based on soft, the system boot sector of hard disk, executable file, Word file.Computer virus can be divided into following several with target or the method that infects: File Infector Virus (File infector virus), starting-up type virus (Bootstrap sector virus), mixed type virus (Multi-partite virus), macrovirus (Maerovirus) etc.
Called file type virus is exactly a kind of computer virus that is lodged in the executable file, when the user carries out the file of poisoning, virus will begin operation, destroys data or in commission infect other program, for example Black Friday (Friday the 13th).And starting-up type virus, promptly utilize the computer booting process to reside in system storage, with the program copy of system boot sector after other parts, again with oneself procedure code writing system start sector, so in case starting-up type virus is arranged, carrying out the operation of any file read-write, virus will writing system start sector, for example big encephalovirus (C-Brain).Then have file type and starting-up type virus characteristic concurrently as for mixed type virus, for example 3783 viruses make the poisoning file size increase by 3783 bytes (Bytes).As for macrovirus, be that the macroefficiency of utilizing application software to provide is write and formed, behind the in use malicious file, virus can be utilized the chance of opening ancient deed, creating new file, store files, infect other file, changing file name, change file content, show out of Memory etc., for example Taiwan NO.1.
Above-mentioned said virus is constantly attacked computing machine, causes the great damage to property of industry, so any using a computer or the organ of network, labor intensive, material resources prevent the intrusion of computer virus invariably.But to general virus prevention all are preventions of software, with virus scanning program for the virus code inspection, its representative is analyzed identification to a string specific code of certain virus, this virus code has the fixed instruction order, owing under the machinery sign indicating number, seldom there is like this one big string instruction to repeat, so can in inspection, find, but then not have prevention and control capability, upgrade so often need constantly to carry out virus code for undiscovered virus code.And check with the software gas defence, carry out power supply selftest (Power on Self Test in the computing machine opening power; POST) after, the hard disk for output input and stored routine all must carry out virus examination and control by repetitiousness, causes time waste, therefore reduces computer efficiency.
In addition, in recent years along with after WIN 95 uses, plug and play (Plug and Play) increase in demand, and flash memory (Flash memory) prevailing price descends, so the Basic Input or Output System (BIOS) of firmware (BIOS) is designed to leave in the flash memory,, make virus by invading floppy disk outside hard disk in order to making amendment at any time, even invade BIOS on the firmware, cause bigger harm.
In addition, because BIOS constitutes with flash memory, when carrying out the BIOS refresh routine when changing the content of BIOS, for example carry out AWDFLASH.EXE, may change the content of BIOS by being included in a kind of funcall (Function call) among the BIOS, but in like manner, other program such as computer virus also may utilize this functional characteristic of BIOS, invade to change the BIOS of motherboard, cause the computing machine can't normal running.
The purpose of this invention is to provide a kind of guard method of Basic Input or Output System (BIOS); to increasing a Basic Input or Output System (BIOS) protection inventory in the BIOS option; be set at ordinary times and only read the BIOS function; and can't make write-in functions; if will write fashionable; then this protection is closed by the user, could be to the BIOS content update.
In order to realize above-mentioned purpose of the present invention; the first string of the present invention provides a kind of computer virus that prevents and invades the guard method of Basic Input or Output System (BIOS); this method comprises the following steps: at first in being provided with of Basic Input or Output System (BIOS); a kind of defencive function is provided, and wherein defencive function is to enable to forbid selecting one in the two with protection in protection.When choosing protection when enabling, a storer that stores Basic Input or Output System (BIOS) then is set can only be read, and can't write, if protect when forbidding when choosing, storer then is set can be write.
Because above-mentioned protection enables to forbid and can be decided voluntarily by the user with protection; so in the ordinary course of things; for avoiding the computer virus invasion; can be set in the protection enabled state; make the BIOS built-in function call out and have only read functions; and can't carry out write operation, thus other improper write operation can be prevented, and reach the effect that prevents that computer virus from invading.Above-mentioned in addition storer can be made of flash memory.
In order to realize above-mentioned purpose of the present invention; second scheme of the present invention is the method whether storer can write; this method may further comprise the steps: data input signal at first is provided; then protect when forbidding when being chosen as; at least one general purposes output signal is provided; wherein the general purposes output signal meets a kind of predetermined logic, makes the write signal of write store equal data input signal.Otherwise when choosing protection when enabling, make write signal be not equal to data input signal, and can't write store.And above-mentioned predetermined logic can be a kind of combination logic function check, for example the simplest or door function, even predetermined logic also can use in proper order logic function to check.
Under the guard method of the Basic Input or Output System (BIOS) that increases above-mentioned hardware mode, BIOS writes opportunity for control, just can utilize the hardware protection circuit, cooperates software control again, realizes avoiding the improper operation that writes.
The invention has the advantages that the intrusion that prevents computer virus that writes of adopting control Basic Input or Output System (BIOS) (BIOS), overcome and use wasting time and energy of method that software looks into poison and virus killing merely in the prior art, and need to bring in constant renewal in the shortcoming of software.
For above and other objects of the present invention, feature and advantage can be become apparent, cooperate Figure of description as follows to a preferred embodiment of the present invention will be described in detail below: wherein each accompanying drawing is:
Fig. 1 represents the process flow diagram of the guard method of Basic Input or Output System (BIOS) of the present invention;
Fig. 2 represents that combinational logic circuit controls the figure of Basic Input or Output System (BIOS) writing mode; And
Fig. 3 represents that OR circuit controls the figure of Basic Input or Output System (BIOS) writing mode.
Because present BIOS constitutes with flash memory, when carrying out the BIOS refresh routine, when changing the content of BIOS, for example carry out AWDFLASH.EXE, may change the content of BIOS by being contained in the funcall among the BIOS, but other program such as computer virus also may utilize this functional characteristic of BIOS equally, invade to change the BIOS of motherboard, also cause the computing machine can't normal running.
So, the present invention is providing a kind of guard method of Basic Input or Output System (BIOS), has the computer virus of preventing intrusion, its step is as follows: at first in being provided with of Basic Input or Output System (BIOS), a kind of defencive function is provided, and wherein this defencive function for example is stored in the chip (CMOS of systematic parameter; Complementary Metal-Oxide Semiconductor) on the data of storer, defencive function is then selected one of them in protection enables to forbid with protection.
Then, with reference to the process flow diagram of the guard method of the represented Basic Input or Output System (BIOS) of the present invention of Fig. 1.At first, we with power supply opening, then can carry out POST (Power on Self Test) test at step 12 computing machine in step 10, promptly carry out hardware and peripherals to computing machine, test as hard disk, CPU, CD player etc.Then in step 14 in CMOS memory, check that whether to be protection enable or protect and forbid.Wherein, above-mentioned protection enables to forbid being controlled voluntarily by the user with protection to decide.
When step 14 enables for choosing protection, Basic Input or Output System (BIOS) then is set only reads effect, make cannot write, and can't carry out write-in functions at step 16 control flash memory.Otherwise, forbid if choose protection, be write state but then carry out step 18 control flash memory.Wherein above-mentioned protection enables to forbid in the ordinary course of things with protection; for avoiding poisoning intrusion; the capital is arranged on the protection enabled state; make the BIOS built-in function call out and have only read functions; and can't write effect; so can prevent other improper write operation, and reach the effect that prevents that virus from writing.
In addition, be the effect of the guard method of clearer Basic Input or Output System (BIOS) of the present invention, here the combinational logic circuit of representing with Fig. 2 comes the figure of control setting Basic Input or Output System (BIOS) writing mode.Comprise in the drawings by a nonvolatile memory 20 and a combinational logic circuit 22 and being constituted.Wherein, nonvolatile memory 20 is for example for being set at Basic Input or Output System (BIOS); and control signal GP0 (can be most signals constitutes) and data input signal MEMW*; be input to combinational logic circuit 22 simultaneously; wherein control signal GP0 is by the guard method of Basic Input or Output System (BIOS) of the present invention, enables or protects and forbid controlling with protection.Data input signal MEMW* is the signal for nonvolatile memory 20 is write then; if logic control circuit is or door 24 as shown in Figure 3; then be input as at 1 o'clock at the GP0 signal; or door 24 output 1 forever; so MEMW* can't be input to nonvolatile memory 20; promptly enable for protection this moment, can't carry out write operation.Otherwise if the GP0 signal is input as at 0 o'clock, or the output GMEMW* of door 24 is identical with the MEMW* input, makes nonvolatile memory 20 can receive write operation, promptly forbids for protection this moment, can carry out write operation.Wherein the combinational logic circuit at Fig. 2 also can be designed to have the logical circuit of function in proper order.
In sum; the guard method of Basic Input or Output System (BIOS) of the present invention; having protection enables to forbid dual mode with protection; the user can be set at the protection of only reading the BIOS function and enable under general state, like this in the time can't carrying out write-in functions; just can avoid the computer virus invasion; if carry out the BIOS content update, then switch to protection and forbid, just can carry out write operation.
Though the present invention is described preferred embodiment, be not be used for limiting of the present invention.For the professional and technical personnel without departing from the spirit and scope of the present invention, can make various changes and modification to the present invention.Therefore protection scope of the present invention is that the protection domain that is limited by accompanying Claim is as the criterion.
Claims (6)
1. the guard method of a Basic Input or Output System (BIOS) is used for preventing computer virus, it is characterized in that comprising the following steps:
In being provided with of Basic Input or Output System (BIOS), a kind of defencive function is provided, this defencive function enables and protection forbids selecting in the two one in protection;
When selecting protection to enable, the storer that stores Basic Input or Output System (BIOS) then is set can only be read, and can't write; And
When choosing protection when forbidding, this storer then is set can be write.
2. the guard method of Basic Input or Output System (BIOS) as claimed in claim 1 wherein is provided with the method that this storer could write, and also comprises the following steps:
A data input signal is provided;
When choosing this protection and enable, at least one general purposes output signal is provided, wherein this general purposes output signal meets a predetermined logic, makes the write signal that writes this storer equal this data input signal; And
When choosing this protection and enable, make this write signal be not equal to this data input signal, and can't write this storer.
3. the guard method of Basic Input or Output System (BIOS) as claimed in claim 2, wherein this predetermined logic is to use combination logic function to check.
4. the guard method of Basic Input or Output System (BIOS) as claimed in claim 3, wherein this combination logic function is or the door function.
5. the guard method of Basic Input or Output System (BIOS) as claimed in claim 2, wherein this predetermined logic is to use in proper order logic function to check.
6. the guard method of Basic Input or Output System (BIOS) as claimed in claim 1, wherein this storer is a flash memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00131445 CN1349171A (en) | 2000-10-16 | 2000-10-16 | BIOS protecting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00131445 CN1349171A (en) | 2000-10-16 | 2000-10-16 | BIOS protecting method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1349171A true CN1349171A (en) | 2002-05-15 |
Family
ID=4594672
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 00131445 Pending CN1349171A (en) | 2000-10-16 | 2000-10-16 | BIOS protecting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1349171A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573509A (en) * | 2013-10-21 | 2015-04-29 | 研祥智能科技股份有限公司 | System time protection method and system time protection device |
| CN107329786A (en) * | 2017-06-27 | 2017-11-07 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN108733586A (en) * | 2017-04-19 | 2018-11-02 | 北京兆易创新科技股份有限公司 | A kind of guard method and device |
-
2000
- 2000-10-16 CN CN 00131445 patent/CN1349171A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573509A (en) * | 2013-10-21 | 2015-04-29 | 研祥智能科技股份有限公司 | System time protection method and system time protection device |
| CN104573509B (en) * | 2013-10-21 | 2019-10-29 | 研祥智能科技股份有限公司 | System time means of defence and device |
| CN108733586A (en) * | 2017-04-19 | 2018-11-02 | 北京兆易创新科技股份有限公司 | A kind of guard method and device |
| CN107329786A (en) * | 2017-06-27 | 2017-11-07 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN107329786B (en) * | 2017-06-27 | 2020-11-20 | 联想(北京)有限公司 | Control method and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7779472B1 (en) | Application behavior based malware detection | |
| US7594111B2 (en) | Secure execution of a computer program | |
| US7603704B2 (en) | Secure execution of a computer program using a code cache | |
| US8010772B2 (en) | Protected function calling | |
| JP5607752B2 (en) | Method and system for protecting an operating system from unauthorized changes | |
| Han et al. | A bad dream: Subverting trusted platform module while you are sleeping | |
| US8055989B2 (en) | Boot security using embedded counters | |
| TW201941049A (en) | Systems and methods for transforming instructions for metadata processing | |
| US20060230388A1 (en) | System and method for foreign code detection | |
| EP3374920B1 (en) | Detecting program evasion of virtual machines or emulators | |
| Piromsopa et al. | Secure bit: Transparent, hardware buffer-overflow protection | |
| US6920566B2 (en) | Secure system firmware by disabling read access to firmware ROM | |
| Solomon | Mechanisms of stealth | |
| Piromsopa et al. | Survey of protections from buffer-overflow attacks | |
| CN1349171A (en) | BIOS protecting method | |
| KR101013419B1 (en) | Guarding apparatus and method for system | |
| Block | Windows memory forensics: Identification of (malicious) modifications in memory-mapped image files | |
| US20030126459A1 (en) | Method of protecting basic input/output system | |
| CN101178762A (en) | Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof | |
| Zhu et al. | Research on the detection technique of bootkit | |
| Muthumanickam | COPDA: concealed process and service discovery algorithm to reveal rootkit footprints | |
| Zhou et al. | A survey on the evolution of bootkits attack and defense techniques | |
| Wang et al. | IRePf: An Instruction Reorganization Virtual Platform for Kernel Stack Overflow Detection | |
| Solomon | S & S International | |
| KR19980046409A (en) | Booting method by CD-ROM drive and its device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |