On 2014-08-06 12:00 PM, David W. Hodgins wrote:
> On Tue, 05 Aug 2014 16:45:16 -0400, Wolf K  wrote:
>
>
>> I think there is some confusion there.
>> Unless I am much mistaken,
>> a) The BIOS chip has a file system on it, else there could be no BIOS.
>
> I totally disagree. The bios and mbr both do contain code, but they are
> both just blocks of code, with no names, no index, and each can only
> contain the code (though the mbr also contains the partition table).

If there is no index, then how can you change the boot sequence? BIOS 
has to have some ind of index to user-changeable data. An index to data 
is a file system. The partition table on MBR is located at fixed 
locations, a structure that constitutes a primitive file system. There 
is a good deal more to BIOS and MBR than "blocks of code". As I've 
pointed out before: BIOS is in fact a collection of small programs plus 
data. BIOS has been growing, too, as more and more functions have been 
added to it.

> When the computer starts, it loads the block of code stored in the
> bios, and then runs it. It does not search through a file system to
> decide which "file" to load, as it doesn't yet have any code to run
> that could search a file system.

IOW, it addresses a storage location, copies a block of data from there 
into RAM, and then treats that block of code as a program. The fact that 
this storage location is physically on a chip instead of a disk is 
immaterial. The simplest BIOS would simply fetch the block of data from 
track 0 (and possibly more) on the disk. That would mean that every 
bootable disk would have to come preloaded with information about where 
to find the bootloader, etc. That could be done, in fact was done with 
bootable floppies, which some of you may be old enough to remember.

> See https://en.wikipedia.org/wiki/BIOS for more details about the
> bios usage.
>
> Regards, Dave Hodgins

I think what's at issue here is the notion that what an OS does is 
somehow fundamentally different from what BIOS does. It ain't. The 
process is always the same: fetch data, and deal with it. BIOS is a 
minimal OS: it does very little, but that little is essential. Mess up 
the code, and the computer will not boot.

There is also the notion that a "real" file has to have a name in order 
to be accessible to the OS. It doesn't. Basically, a directory is a set 
of pointers to blocks of data, ie, the files. Names are added for human 
convenience. The OS doesn't need them. You can in fact read the BIOS 
from any OS, given a suitable utility. You can even write to BIOS, given 
a suitable utility. This utility is in practice packaged with the BIOS 
update.

A filemanager could be written to allow you to see the files that 
constitute the BIOS, the MBR, etc. There are of course good reasons 
that's not done. But the malware makers have no scruples about reading 
and writing these files. The fact the filemanager can't see them is a 
bonus from their POV. Rootkit removers do the same as the malware 
installers: they read and write to BIOS, the MBR, and other hidden files 
in order to destroy the evil stuff residing there.

I fail to see why a file needs a name etc, and needs to be found by a 
file manager, in order to be a "true" file. In fact, I think this usage 
misleads people, as the Subject of this thread the subsequent discussion 
illustrates. Of course the malware consists of files. If you think these 
files are somehow not files, it may be difficult for you to understand 
a) how they can do their evil work; and b) how they can be destroyed.

Granted, in common usage "file" means "a block of data with a name, 
locatable by the OS". In most contexts, this is the proper usage. But 
when it comes to malware that hides from the OS, it is IMO bad usage. In 
such contexts, nit-picking insistence on technical precision is important.

Have a good day.

-- 
Best,
Wolf K
kirkwood40.blogspot.ca
--- NewsGate v1.0 gamma 2