zenith391 / Fuchas

Efficient yet powerful OpenComputers OS
https://zenith391.github.io/Fuchas
MIT License
20 stars 8 forks source link

You said to report viruses #22

Closed CoolCat467 closed 3 years ago

CoolCat467 commented 3 years ago

There was a demonstration of a virus that I would think can work on any OpenComputers OS, don't know if it has a name or not, but it's demonstrated in this video: https://www.youtube.com/watch?v=QpaqY649yPM. Pretty much from what I can understand, it rewrites the EEPROM (pretty much BIOS) and makes an error message of some sort be displayed, and corrupts any connected drives as demonstrated at timestamp 1:20 approximately, and when corrupted drives are attempted to be loaded by a fresh EEPROM it reflashes it again and makes the same issue persist. According to the video, the only way to fix it is to remove all infected drives and the infected EEPROM and boot from another OS to remove the infected bootcode.

Potential fixes (don't know the intricacies of the system so I may be totally wrong): Somehow impose full control over all writes to EEPROM or disks of any kind. Would prevent this from happening, but could cause problems for more sophisticated software or something. Change default load files, but this could also cause problems as it seems there is a community standard of sorts of specific files being loaded. Somehow detect system not booting properly and having a backup in a secure location to mitigate issue.

zenith391 commented 3 years ago

This virus happens way outside of the OS scope (for example even in real life, an OS can't prevent a BIOS from being wiped from the outside). Same for the corrupted drives, as Fuchas has no control over the computer if its init.lua file isn't atleast ran once by the computer (and the virus seems to overwrite it with some malicious code).

About the potential fixes:

Somehow impose full control over all writes to EEPROM or disks of any kind. Would prevent this from happening, but could cause problems for more sophisticated software or something.

This is basically what the permission system permits, since there is no driver for EEPROM (yet), software can only manipulate the EEPROM with the critical.component.get permission, essentially making it so that you can only overwrite the EEPROM by manually replacing it, by using another OS or by intentionally giving privileges to a malicious program.

Change default load files, but this could also cause problems as it seems there is a community standard of sorts of specific files being loaded.

This is literally impossible, when booting, OpenComputers (more specifically the BIOS) will look for an init.lua file on the available drives, and once it finds one it runs it. Overwriting the BIOS to use a different file is only a temporary solution (as the virus can just change the name too) and would also make it impossible to install custom BIOSes unless they explicitely support Fuchas.

Somehow detect system not booting properly and having a backup in a secure location to mitigate issue.

If the malicious init.lua program that the BIOS install still boots the OS, then it's possible to detect tampering. For example a copy of the current BIOS can be saved to drive and with the upcoming disk encryption, the file won't be tampered with. However it will also make it unable to manually replace the EEPROM or even just using another OS to overwrite the EEPROM.

So as conclusion, it's quite impossible to avoid the virus to operate without a comprise. This is because when in the load file (or when the virus is in the EEPROM) it literally have all the permissions and can do whatever it wants to the computer (this is also the case IRL, if you replace your BIOS by a malicious program, there's nothing an OS can do sadly). Thus this issue is out-of-scope of Fuchas security.