Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

How to secure your BIOS

You've password-protected your computer, but it remains vulnerable to mischief until you've done the same for your BIOS

Article comments

You probably don't interact with your PC's BIOS (Basic Input/Output Operating System) much, but it occupies a unique and highly privileged position in your computer's architecture.

Since the BIOS loads before the operating system - and before you enter your user credentials - malware surreptitiously introduced into the BIOS could activate itself long before any anti-malware software has an opportunity to detect it. A sophisticated and malicious program operating at such a low level could take control of your PC without providing a clue that it was there.

And fortunately, there have been very few confirmed cases of malware infections at the BIOS level. The most famous is 1998's Chernobyl virus, and the vulnerabilities that enabled that exploit are not present in new PCs. UEFI (Unified Extensible Firmware Interface) and the secure boot mechanism in Windows 8 will make this less of an issue, but that's a topic for another article. But it's always better to be safe than sorry.

The first step in your safety plan is to protect your BIOS with an administrator password that must be entered before a BIOS update can occur. We'll show you how.

Step 1

Boot or reboot your PC. While it's starting up, repeatedly tap the 'DEL,' 'F1,' or whatever other special key is required to launch the BIOS. This information is typically displayed onscreen during the boot process, although it might not be immediately obvious. This text, for instance, appears verbatim at the bottom of the screen for just a few moments after we start our computer:

:BIOS Setup :XpressRecovery :Boot Menu :Qflash

Step 2

Once your BIOS setup menu is loaded, look for the menu item that enables you to set up a password. There might be more than one. Our BIOS, for example, has provisions for setting up both a "supervisor" password and a "user" password. In our case, you must log in with the supervisor password to make changes to the BIOS. The user password only allows you to see the current BIOS values.

Step 3

Select the menu item for creating the password and enter a password (usually twice, to verify what you typed the first time). If you think you might have trouble remembering the password later, as you'll access your BIOS infrequently, store it in a password locker utility such as LastPass. Save your BIOS changes and your computer will reboot. From here on out you'll need to enter this password before any changes can be made to your BIOS, ensuring malware will have a harder time harming your PC.


Share:

More from Techworld

More relevant IT news

Comments

Windsorbug said: easy fix to over ridetake the memory battery out for 10 minutes or lessresets to none




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *