![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
The NSA is sooooo helpful!
Dec. 29th, 2013 01:24 amThere are some articles I've come across in the last few weeks that I wanted to comment on and didn't get on immediately. So they're a bit old news, but oh well.
First up, we have the "news" that the NSA saved us all from computer disaster! Now, in full disclosure, I couldn't get the video at the bottom of this page to work for me. However, what is being reported is that the NSA worked with computer manufacturers to close up some undisclosed exploit in BIOS to ruin computers.
For those who are unfamiliar with the term, BIOS stands for Basic Input Output System. When you boot up your Windows-based computer (I haven't touched a Mac in so long I don't know what they look like), you'll generally see a logo from either your computer manufacturer (or the motherboard's maker specifically) for a few seconds before the Windows logo pops up. That's your BIOS. It's possible to turn that logo off and if you do that, you see a bunch of stuff scroll by that shows the computer setting up how the different bits and pieces are going to be called upon. The BIOS is part of the firmware of your motherboard (which is the part of the computer that everything else hooks into) and if it gets messed up, it most certainly can cause major problems for your computer.
However, there are a number of things wrong with the NSA's claim. First off, there isn't some universal BIOS. It's not like it is with the millions of computers running nearly identical versions of Windows XP/7/8/whatever, where the only differences are based upon if the end user has been getting updates or not. The reason Windows viruses are so successful is because there are so many systems out there running the same code with the same vulnerabilities. When it comes to BIOS, though, every single different manufacturer has their own program and they're all different. They will even have different versions, in fact, to handle the various hardware changes that come about (such as being able to handle more RAM). So, due to this, the likelihood of a single piece of malware being able to affect every machine out there is incredibly unlikely.
Additionally, the NSA claims to have worked with manufacturers to close up whatever the undisclosed vulnerability was. That makes little sense either. Even if every single BIOS of every single manufacturer out there had the same vulnerability, these things are /being produced in China/. The country being accused of writing this super-virus. Do you really think the Chinese government, with the way they spy and intrude on everything within their borders (sound familiar, NSA?) and without, doesn't have the ability to then get the new source code of the new versions of BIOS and then find another vulnerability?
Furthermore, even if somehow the Chinese had managed to make this super special malware, the idea that this would be some huge, overwhelming problem is exaggerated at the very least. According to the story, the computer's user has to accept the installation of the malware program. Now, obviously, people install viruses all the time due to this sort of thing. "YOUR COMPUTER IS UNSECURE, DOWNLOAD THIS PROGRAM NOW FOR $19.95 TO SAVE IT!!!!" However, if there are significant numbers of computers running crucial infrastructure that are generally open to the internet to easily download such unauthorized software, there are some IT departments that need to learn to do their jobs.
Oh, I'm sure a few idiots would take a flash drive and plug it in at work and so on, but for the most part, who would be affected by such a thing? Grandma who was checking Facebook or Little Timmy who was writing a paper for school. What would then need to be done? Sometimes, the BIOS can be flashed, i.e. put back on the motherboard, from an outside source such as a CD or a flash drive. If that doesn't work, though, all is not lost. The computer can be fixed just by getting a new motherboard. There were no claims from the NSA that this was affecting hard drives in any way or phoning home or anything of the sort. People would have their data still intact, they'd just need one new piece of hardware to interface with it. So, for the most part, people would take their computers to the local shop, the BIOS would get flashed, the motherboard replaced, or for those with a lot of money and no patience, a completely new computer bought. Then people would get on with their lives, having weathered a relatively minor annoyance.
The whole thing just seems so ridiculous. If there really was such a magical piece of malware out there able to do this, I doubt very much the Chinese government had anything to do with it. Follow the money and the trail leads to hardware manufacturers. Analysts have been screaming for several years about how the PC is dead, and while those claims are ridiculous, what is true is that sales have dropped and are continuing to drop, and will continue to drop for the foreseeable future. Some people are getting what they need out of mobile devices, but even more key is that computers are so incredibly powerful now. You can go get that budget $400 computer off the shelf from Walmart and if you're a typical user (i.e. email/Facebook/web browsing/word processing), that computer will do everything you need easily for many years to come. People just don't need quad core systems with 32 gigs of RAM and SLI video cards to do that sort of thing. Even enthusiasts don't need to upgrade constantly anymore. My video card is three years old and still runs everything I've tried to play on max settings, up to and including games released in the past year (and while I'm sure there's stuff it wouldn't run that well, it would still render them acceptably for my usage). I'm planning on upgrading the card in another year. After that? Short of something breaking, I can't imagine what else I could need for several years after that.
So basically, for all but the most taxing of applications (various video processing things and CAD remain resource hogs), computers last people for a long, long time now. Something off the shelf now could easily last a typical user a decade. Manufacturers would benefit greatly from a lot of consumer hardware suddenly becoming unusable, because they'd either be selling the individual motherboards to various shops and companies to fix the various computers whose BIOS had been ruined, or they'd be selling entire systems to people whose hardware was so old that a replacement isn't easily obtainable or they just don't want to bother. It'd be a huge bump in sales for those companies. Now, please note that I don't actually think this is what happened. I think the NSA, who admit to being liars, are doing it again. They're lying to us at a time when people are thinking about them in a negative fashion in the hopes of convincing us that their infringement of our natural rights is actually helping us. That's certainly more plausible than the plothole-ridden TV script they presented us with.
First up, we have the "news" that the NSA saved us all from computer disaster! Now, in full disclosure, I couldn't get the video at the bottom of this page to work for me. However, what is being reported is that the NSA worked with computer manufacturers to close up some undisclosed exploit in BIOS to ruin computers.
For those who are unfamiliar with the term, BIOS stands for Basic Input Output System. When you boot up your Windows-based computer (I haven't touched a Mac in so long I don't know what they look like), you'll generally see a logo from either your computer manufacturer (or the motherboard's maker specifically) for a few seconds before the Windows logo pops up. That's your BIOS. It's possible to turn that logo off and if you do that, you see a bunch of stuff scroll by that shows the computer setting up how the different bits and pieces are going to be called upon. The BIOS is part of the firmware of your motherboard (which is the part of the computer that everything else hooks into) and if it gets messed up, it most certainly can cause major problems for your computer.
However, there are a number of things wrong with the NSA's claim. First off, there isn't some universal BIOS. It's not like it is with the millions of computers running nearly identical versions of Windows XP/7/8/whatever, where the only differences are based upon if the end user has been getting updates or not. The reason Windows viruses are so successful is because there are so many systems out there running the same code with the same vulnerabilities. When it comes to BIOS, though, every single different manufacturer has their own program and they're all different. They will even have different versions, in fact, to handle the various hardware changes that come about (such as being able to handle more RAM). So, due to this, the likelihood of a single piece of malware being able to affect every machine out there is incredibly unlikely.
Additionally, the NSA claims to have worked with manufacturers to close up whatever the undisclosed vulnerability was. That makes little sense either. Even if every single BIOS of every single manufacturer out there had the same vulnerability, these things are /being produced in China/. The country being accused of writing this super-virus. Do you really think the Chinese government, with the way they spy and intrude on everything within their borders (sound familiar, NSA?) and without, doesn't have the ability to then get the new source code of the new versions of BIOS and then find another vulnerability?
Furthermore, even if somehow the Chinese had managed to make this super special malware, the idea that this would be some huge, overwhelming problem is exaggerated at the very least. According to the story, the computer's user has to accept the installation of the malware program. Now, obviously, people install viruses all the time due to this sort of thing. "YOUR COMPUTER IS UNSECURE, DOWNLOAD THIS PROGRAM NOW FOR $19.95 TO SAVE IT!!!!" However, if there are significant numbers of computers running crucial infrastructure that are generally open to the internet to easily download such unauthorized software, there are some IT departments that need to learn to do their jobs.
Oh, I'm sure a few idiots would take a flash drive and plug it in at work and so on, but for the most part, who would be affected by such a thing? Grandma who was checking Facebook or Little Timmy who was writing a paper for school. What would then need to be done? Sometimes, the BIOS can be flashed, i.e. put back on the motherboard, from an outside source such as a CD or a flash drive. If that doesn't work, though, all is not lost. The computer can be fixed just by getting a new motherboard. There were no claims from the NSA that this was affecting hard drives in any way or phoning home or anything of the sort. People would have their data still intact, they'd just need one new piece of hardware to interface with it. So, for the most part, people would take their computers to the local shop, the BIOS would get flashed, the motherboard replaced, or for those with a lot of money and no patience, a completely new computer bought. Then people would get on with their lives, having weathered a relatively minor annoyance.
The whole thing just seems so ridiculous. If there really was such a magical piece of malware out there able to do this, I doubt very much the Chinese government had anything to do with it. Follow the money and the trail leads to hardware manufacturers. Analysts have been screaming for several years about how the PC is dead, and while those claims are ridiculous, what is true is that sales have dropped and are continuing to drop, and will continue to drop for the foreseeable future. Some people are getting what they need out of mobile devices, but even more key is that computers are so incredibly powerful now. You can go get that budget $400 computer off the shelf from Walmart and if you're a typical user (i.e. email/Facebook/web browsing/word processing), that computer will do everything you need easily for many years to come. People just don't need quad core systems with 32 gigs of RAM and SLI video cards to do that sort of thing. Even enthusiasts don't need to upgrade constantly anymore. My video card is three years old and still runs everything I've tried to play on max settings, up to and including games released in the past year (and while I'm sure there's stuff it wouldn't run that well, it would still render them acceptably for my usage). I'm planning on upgrading the card in another year. After that? Short of something breaking, I can't imagine what else I could need for several years after that.
So basically, for all but the most taxing of applications (various video processing things and CAD remain resource hogs), computers last people for a long, long time now. Something off the shelf now could easily last a typical user a decade. Manufacturers would benefit greatly from a lot of consumer hardware suddenly becoming unusable, because they'd either be selling the individual motherboards to various shops and companies to fix the various computers whose BIOS had been ruined, or they'd be selling entire systems to people whose hardware was so old that a replacement isn't easily obtainable or they just don't want to bother. It'd be a huge bump in sales for those companies. Now, please note that I don't actually think this is what happened. I think the NSA, who admit to being liars, are doing it again. They're lying to us at a time when people are thinking about them in a negative fashion in the hopes of convincing us that their infringement of our natural rights is actually helping us. That's certainly more plausible than the plothole-ridden TV script they presented us with.
