Windows 8 and 8.1 Forums


Why is BIOS insecure on new Windows 8 laptop?

  1. #1

    Why is BIOS insecure on new Windows 8 laptop?


    I just received my new Dell Inspiron 15R-5520 64 bit laptop running Windows 8. It came with a new BIOS that supports both UEFI and Legacy. Compared to the BIOS on my old Dell Inspiron laptop it seems very insecure. I'm referring to access to the boot order. In my old BIOS I could set a password which was necessary for changing the boot order and either enabling or disabling devices within the boot list. Thus one could select the HDD and disable all other devices such as CD/DVD and Flashdrives. The new BIOS includes passwords as well, but they don't restrict access to the boot order and there doesn't seem to be any way to disable devices from the boot list. In the case that my laptop is stolen it's nice to prevent the thief from quickly booting off a CD or flashdrive and accessing all my files, etc. Can anyone explain why the new BIOS removed this seemingly important security feature?
    Pete

      My System SpecsSystem Spec

  2. #2


    Orbiting the Moon
    Posts : 2,975
    Windows 10 x64


    No big deal because the new UEFI is more secure than you think. You have secure boot enabled and only signed bootloaders can boot no matter the device.

    On older BIOS, OK you give only boot access to HDD, but all first and best malware that tries to boot on that HDD will boot because the BIOS doesn't check for signatures. Then you go to Windows desktop but malware that already booted is in stealth mode and you cannot detect it.
      My System SpecsSystem Spec

  3. #3


    Quote Originally Posted by Hopachi View Post
    No big deal because the new UEFI is more secure than you think. You have secure boot enabled and only signed bootloaders can boot no matter the device. On older BIOS, OK you give only boot access to HDD, but all first and best malware that tries to boot on that HDD will boot because the BIOS doesn't check for signatures. Then you go to Windows desktop but malware that already booted is in stealth mode and you cannot detect it.
    Thanks. I've now managed to do a clean install of both Windows 7 and 8 to UEFI/GPT partitions on my new Dell Inspiron 15R-5520 laptop. I've confirmed that the new UEFI BIOS is very insecure. One can simply press F12 during boot up and change boot order to any of the following without having to enter my set password:
    a. UEFI with secure boot
    b. UEFI without secure boot
    c. Legacy without secure boot
    As mentioned above, this would have been impossible with my older Dell Inspiron. Also, Windows 7 won't boot with secure boot since the BIOS doesn't recognize it. It will boot with UEFI without secure boot. Also, this article doesn't inspire confidence either:
    Pete
      My System SpecsSystem Spec

  4. #4


    Posts : 5,592
    ME, XP,Vista,Win7,Win8,Win8.1


    As mentioned above, this would have been impossible with my older Dell Inspiron. Also, Windows 7 won't boot with secure boot since the BIOS doesn't recognize it. It will boot with UEFI without secure boot. Also, this article doesn't inspire confidence either:
    You told that some time ago.

    Installing Windows 8 and 7 to new computer
      My System SpecsSystem Spec

  5. #5


    Quote Originally Posted by Hopachi View Post
    No big deal because the new UEFI is more secure than you think. You have secure boot enabled and only signed bootloaders can boot no matter the device.

    On older BIOS, OK you give only boot access to HDD, but all first and best malware that tries to boot on that HDD will boot because the BIOS doesn't check for signatures. Then you go to Windows desktop but malware that already booted is in stealth mode and you cannot detect it.
    Thanks. Secure boot might be good, but no password is required to turn off secure boot or switch to Legacy mode. It's really hard to understand why they would not lock those changes out with a password.
    Pete
      My System SpecsSystem Spec

  6. #6


    Orbiting the Moon
    Posts : 2,975
    Windows 10 x64


    Quote Originally Posted by flroots View Post
    Quote Originally Posted by Hopachi View Post
    No big deal because the new UEFI is more secure than you think. You have secure boot enabled and only signed bootloaders can boot no matter the device.

    On older BIOS, OK you give only boot access to HDD, but all first and best malware that tries to boot on that HDD will boot because the BIOS doesn't check for signatures. Then you go to Windows desktop but malware that already booted is in stealth mode and you cannot detect it.
    Thanks. Secure boot might be good, but no password is required to turn off secure boot or switch to Legacy mode. It's really hard to understand why they would not lock those changes out with a password.
    Pete
    No problem.

    You lock those with the BIOS password. On some models it's called administrator password.
    Then you wouldn't be able to enter bios and change stuff only with the password.
      My System SpecsSystem Spec

  7. #7


    Quote Originally Posted by Hopachi View Post
    Quote Originally Posted by flroots View Post
    Quote Originally Posted by Hopachi View Post
    No big deal because the new UEFI is more secure than you think. You have secure boot enabled and only signed bootloaders can boot no matter the device. On older BIOS, OK you give only boot access to HDD, but all first and best malware that tries to boot on that HDD will boot because the BIOS doesn't check for signatures. Then you go to Windows desktop but malware that already booted is in stealth mode and you cannot detect it.
    Thanks. Secure boot might be good, but no password is required to turn off secure boot or switch to Legacy mode. It's really hard to understand why they would not lock those changes out with a password. Pete
    No problem. You lock those with the BIOS password. On some models it's called administrator password. Then you wouldn't be able to enter bios and change stuff only with the password.
    Thanks. My BIOS has an admin password, but it has no effect on boot order or which devices which you boot from
    Pete
      My System SpecsSystem Spec

  8. #8


    Orbiting the Moon
    Posts : 2,975
    Windows 10 x64


    Wait a sec...
    [QUOTE=flroots;164697][QUOTE=Hopachi;164612]
    Quote Originally Posted by flroots View Post
    Thanks. Secure boot might be good, but no password is required to turn off secure boot or switch to Legacy mode. It's really hard to understand why they would not lock those changes out with a password. Pete
    So I said:
    No problem. You lock those with the BIOS password. On some models it's called administrator password. Then you wouldn't be able to enter bios and change stuff only with the password.
    That fixes it on my machine!

    So:
    Thanks. My BIOS has an admin password, but it has no effect on boot order or which devices which you boot from
    Pete
    Boot order is launched out of the BIOS and that's normal not to be affected.
    Depends on machine and manufacturer as well.


    You should be able to stop the boot order (from the bios) from being initiated.
    But here also: some manufacturers allow it, other don't.
    And most laptop BIOSes are all locked and redistricted (I got some of those here).

    However secure boot will stop all unsigned boot-loaders whatever you choose from the list.

    Cheers
    Hopachi
      My System SpecsSystem Spec

Why is BIOS insecure on new Windows 8 laptop?
Related Threads
Hi folks, Clue is in the title. Have a toshiba laptop with the UEFI encrypted windows 8 key. The hard drive was broken as it was dropped. No sticker on the bottom as is now microsoft policy. Download of the windows install needs the windows key. Cant get it as it's encrypted. Found generic...
Hi All - I have just bought a Toshiba Satellite laptop. Before installing everything I wanted to partition the hard drive, for various reasons. To do so, I installed EASUS Pro. (Have used that many, many times on my W7 PC without a problem.) Anyway, it went away to resize the boot partition and now...
I have a new W8 laptop and have acquired Windows 8.1 RTM. The install, unlike the W8 install, prompts me for a key. When I installed W8, the installer simply picked up the key stored in the BIOS, as there was no prompt. Now, however, in 8.1, there is a prompt, and of course I have no way of...
My laptop got no Bios option. in General Support
In the advanced option I got no BIOS options there. How do I find it or I missed something?
Hello, I recently purchased an Asus X501A laptop. It's an i3 2330M with 4GB of RAM, 320GB HDD. I used it for a few days before deciding to upgrade the storage and RAM (even though it states on the Asus website this laptop supports only 4GB, Crucial said it supported 8GB). So I upgraded the...
My laptop is Acer aspire V5-571P-6815 with EFI/GPT system windows 8 -64 bit. I had windows 8, ubuntu, lubuntu and mint. Boot options in both bios and also while getting boot options pressing F12 i got same and working as per selection. I installed OSX distro iATKOS and that spoiled the whole...
Read more at: Gen Y: The insecure generation? | ZDNet
Eight Forums Android App Eight Forums IOS App Follow us on Facebook