|
Post by jerry on Apr 13, 2011 17:02:19 GMT -5
I was wondering, if I'm running KNOS and I visit an infected website, is there any possibility of malware residing in ram memory, surviving a warm reboot and infecting windows?
|
|
|
Post by Kevin McAleavey on Apr 14, 2011 1:18:30 GMT -5
I was wondering, if I'm running KNOS and I visit an infected website, is there any possibility of malware residing in ram memory, surviving a warm reboot and infecting windows? That's actually a VERY interesting question and I love good ones like this. As far as KNOS is concerned, the answer is NO. Of course, if somehow a "virus" that ends up in memory can remain resident in its location in memory, it definitely can still remain sitting there, doing nothing through a warm boot. In Windows this can be a serious problem if you were to do a warm reboot in Windows. But Windows would not recognize such a file across a warm reboot since the file cannot be marked "executable" nor would Windows recognize that portion of memory other than "available for reuse" once Windows finishes booting. Just like Windows won't recognize the contents of the KNOS disk or a USB stick which has KNOS on it, the same reality exists for any data which existed in KNOS on a prior boot. It would be considered "garbage" by Windows and any such data would be interpreted as "uninitialized memory" and available to be used and nothing more. Windows marks memory its way, we do so a completely different way which is incompatible with Windows. Therefore, absolutely no worries about KNOS passing something over the transom to Windows at all even if somehow a virus file managed to land in there somehow. VERY different story though with Windows itself getting infected and staying infected across a warm boot. One of the earliest viruses known to survive a "warm boot" goes back to MSDOS 3 and was known as "Pentagon virus." Since then, many viruses and some rootkits (such as "Icelord") are designed to survive a warm boot and they're able to do so because they had their location allocated in Microsoft's memory allocation structures and because the wiping the entire range of memory before booting up fully would take perhaps 15 minutes or longer from the time you power up until the machine is ready to use. Windows doesn't clear all memory before running like KNOS does. To make a "warm boot" even more survivable for malware in Windows is the "pagefile.sys" file in Windows which can hold items ready for the next reboot as well as the L1 and L2 caches in your CPU which are similarly never wiped. This is why there are so many concerns about "warm boot" risks and how some nasties can take advantage of what Windows does to cut down on its bootup time. Windows viruses can't do anything at all in KNOS, even if they somehow got downloaded and saved into memory, they'd be nothing more than wasted filespace in KNOS. Usually, just closing your browser will wipe any of those out during KNOS' automatic browser cleanup every time you close the browser. When you shut down KNOS, it will automatically force a cleanup before it shuts down and so even on a warm reboot, there wouldn't be anything there to feed Windows with in the first place even if Windows knew what to do with our data. So no worries there at all, and your concerns are QUITE valid ... for Windows itself. Hope this helps.
|
|
|
Post by jerry on Apr 15, 2011 18:23:50 GMT -5
Thanks for that Kevin. What an awesome OS So glad to know security is just a puck away. I see the retail version is now available. Any thoughts as to whether my Toshiba x64 laptop issues and not booting due to the TV ports not being there but expected by BIOS will become resolved?
|
|
|
Post by Kevin McAleavey on Apr 16, 2011 4:06:10 GMT -5
Thanks for that Kevin. What an awesome OS So glad to know security is just a puck away. I see the retail version is now available. Any thoughts as to whether my Toshiba x64 laptop issues and not booting due to the TV ports not being there but expected by BIOS will become resolved? You're MOST welcome! For all who participated in our beta and candidate testing, there's a free copy of the retail version that will be available down towards the end of the month with a few extra treats. We'll let everyone know when they can grab a copy once we have it uploaded. Our way of saying THANKS for helping out! As to Toshiba ... seems as though their 650's and 655's have not been happy models. There are reports of all sorts of adventures with that ACPI in the Linux world as well as with Win7. They CLAIM that they fixed their ACPI in BIOS back in late December with the release of their 1.50 BIOS update. You might want to check to see if you have 1.50 rather than an earlier BIOS but if I remember correctly, you DID get the "fixed one" but check just to be sure. Their support page has the ACPI fixes here just in case you have their older BIOS: www.csd.toshiba.com/cgi-bin/tais/support/jsp/modelContent.jsp?ct=DL&os=&category=&moid=2737394&rpn=PSC08U&modelFilter=C655-S5068&selCategory=2756709&selFamily=1073768663And with that, the closed out trouble reports from all OS vendors with the following: --- This issue was addressed in a BIOS change. However, it will be necessary to reset all BIOS settings to the default values after installing the new BIOS to implement the solution. Download and update to the latest version of BIOS for your model. To change BIOS settings to default power on the system. While the Toshiba logo is being displayed, press the F2 function key to start BIOS Setup. From the BIOS setup screen press the F9 key to load defaults. The system will prompt the user confirming that the settings are to be reset. Press the <enter> key then press the F10 key and follow the prompts to save settings and exit. The computer will automatically reboot. For general assistance with downloads, see Support Bulletin 98081213 Obtaining downloads and support docs from the Toshiba Support website. --- Here's hoping the above information is of help, they don't appear to be interested in any further reports of problems from BSD or Linux vendors so we've been told. Officially, their response is "this machine is designed only for Windows 7 and the use of other operating systems may violate the customer's warrantee."
|
|
|
Post by jerry on Apr 16, 2011 18:10:25 GMT -5
I have an older BIOS version. Hesitant to flash w/o being sure it'll fix the issue. I've read too many horror stories on Toshiba's laptop forum about paperweights after botched BIOS upgrades. Wow, a retail copy of KNOS. Very generous. Thank you Kevin and Nancy. You guys are too cool! I'll continue using KNOS on my 32 bit desktop.
|
|