How to secure your BIOS
You've password-protected your computer, but it remains vulnerable to mischief until you've done the same for your BIOS
By Michael Brown | PC World | Published: 16:45, 04 April 2012
You probably don't interact with your PC's BIOS (Basic Input/Output Operating System) much, but it occupies a unique and highly privileged position in your computer's architecture.
Since the BIOS loads before the operating system - and before you enter your user credentials - malware surreptitiously introduced into the BIOS could activate itself long before any anti-malware software has an opportunity to detect it. A sophisticated and malicious program operating at such a low level could take control of your PC without providing a clue that it was there.
And fortunately, there have been very few confirmed cases of malware infections at the BIOS level. The most famous is 1998's Chernobyl virus, and the vulnerabilities that enabled that exploit are not present in new PCs. UEFI (Unified Extensible Firmware Interface) and the secure boot mechanism in Windows 8 will make this less of an issue, but that's a topic for another article. But it's always better to be safe than sorry.
Related Articles on Techworld
The first step in your safety plan is to protect your BIOS with an administrator password that must be entered before a BIOS update can occur. We'll show you how.
Boot or reboot your PC. While it's starting up, repeatedly tap the 'DEL,' 'F1,' or whatever other special key is required to launch the BIOS. This information is typically displayed onscreen during the boot process, although it might not be immediately obvious. This text, for instance, appears verbatim at the bottom of the screen for just a few moments after we start our computer:
:BIOS Setup :XpressRecovery :Boot Menu :Qflash
Once your BIOS setup menu is loaded, look for the menu item that enables you to set up a password. There might be more than one. Our BIOS, for example, has provisions for setting up both a "supervisor" password and a "user" password. In our case, you must log in with the supervisor password to make changes to the BIOS. The user password only allows you to see the current BIOS values.
Select the menu item for creating the password and enter a password (usually twice, to verify what you typed the first time). If you think you might have trouble remembering the password later, as you'll access your BIOS infrequently, store it in a password locker utility such as LastPass. Save your BIOS changes and your computer will reboot. From here on out you'll need to enter this password before any changes can be made to your BIOS, ensuring malware will have a harder time harming your PC.