Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!dali.cs.montana.edu!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: padgett%tccslr.dnet@mmc.com (Padgett Peterson)
Newsgroups: comp.virus
Subject: Software Upgradable BIOS (PC)
Message-ID: <0007.9105231331.AA02851@ubu.cert.sei.cmu.edu>
Date: 22 May 91 17:55:21 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 16
Approved: krvw@sei.cmu.edu

>From:    "William Walker C60223 x4570" <walker@aedc-vax.af.mil>

>I feel that the prominent anti-virus researchers (and some of us
>others) ought to collectively rise up and protest the software-
>upgradable BIOS before it gets any acceptance.

As one who a few careers ago made a living designing digital control systems
("flew" some digitally controlled gas-turbine engines with  8080s at
Tullahoma in the seventies - Hi Bill), there does not have to be a problem
if the hardware designers do their job. A EEPROM requires a special signal
on one lead to tell it to write. If that lead is under hardware control and
accessable only with the case open and a special plug in place that disables
everything except a "load & verify BIOS" program, risk can be minimal.

The point is not to "protest" the concept, it sounds like a good idea, but
demand adequate safeguards (dare I say "standards") for its use.