hello and welcome to P C Security Intermediate course.
And in this lesson, I will be talking about protection of PC Harder meaning the,
uh pc Firmer. So I'm going to talk about how to protect you if I and I'm going to talk about confirming que if identity. So when we talk of protecting you, if I we have to approach is one is prevention, the other is detection.
And because we talk about about computer viruses, we used term virus, which is biological term from from the
real world, and so viruses are there to infect the device and then replicate.
And when we talk about fighting, the
the pathogens in biological terms we have to approach is one is a septic and the other is antiseptic, so a septic means be. Prevent the infection by making sure that
the environment is not infected. So during viruses around or bacteria's
and the other is antiseptic. Where we act with agents in orderto kill, the possible eight infected. It's
in PC World. In the year five World prevention means that you don't let your when you talk about you. If I we don't let the you If I get infected and we detection. We
detect that it's it's been compromised, and then we take steps to immediate the problem.
So they're two different approaches,
and I will give you the examples of these two approaches.
And this is when their specific So this one is done by HB and the way they doing things, they call it the market. It is HB short start bias,
but it's actually much more than bias. So they have a harbor protection off buyer. So they say, Okay, we cannot have software protection off software things,
because if suffered gets
manipulated, then the protection is down. So they have a tripped on the mother board physical chip that is proprietary, unique for for this manufacturer.
And it does several functions in the beginning that was doing one simple thing, which is
when you when you buy your PC, it has, uh, what's called the golden copy of biasing store there,
and when you boot checks, the buyers that you have in that is booting up
that is supposed to boot up with your with your PC. So it physically holds this this phase between fervor. Frommer's being loaded into into components and boots off the bias
and checks it. And if it's ah, matching, then everything goes on. And if these two copies are not identical, then it simply really rights
ah Golden copy over the working copy and then rebuilds the machine again.
So it's very simple.
So if somebody has tempered with the bias,
then you have the way to really storage to the last original known state. And don't let it interfere with the machine that's being influenced by this change.
the next step that the next thing that this harder trip does is to detect riel time in real time, the possibilities of somebody trying to write something in the bias.
And then it sends some kind off message to the operating system, which can be really toe administrator. It can even block the function off operating system, basically freezes your PC
these things they have actually added to this a little bit more, because now they can also monitored from from buyers. They can monitor
the some some crucial security processes within the operating system, so if they're compromised, they or stop today restart.
So this is this is the whole concept off that is essentially prevention. So you say Okay, I have, ah have
safe bias. And if the other is not identical, then I will rewrite it.
This thing has some downsides. 1st 1 it really complicates by sub dates because then you have to somehow
in very secure way disabled dysfunction off checking. Because if you flush the bias with the new one, which is completely legit, which comes from the BC Men official So H B. In this case,
you have to tell somehow to this trip that
it should stop the whole
and actually allow this golden copy be rewritten with the new one.
And it requires more than one restart. During bias of the process. It can take up to 20 minutes.
So it's, um it's a thing, and this thing cannot be initiated from USB drive. It has to be done from the application that has keys that unlock these features. It has to be initiated from operating system, at least as far as I know. Maybe
maybe there are some new things in which we sure start. But this is essentially the way it's done,
of course, because there is additional piece of hardware and the mother board. It slightly increases the unit price, and because of that, it's not available on low end business PC. So these air downsides of this approach
the example of detection approaches, something that Dell is doing,
and what they do is they install a piece off a piece of software on your PC,
and it compares buys on a PC to hash off the last known correct version of PC, actually off every version off bias,
which is stored in del service. So if you need to have access to Internet at the moment when the Checker checking is happening
and the bias doesn't pass this trick process,
then they and notify administrator
and then you need to manually restore by us toe last known correct state. So you have to do manual reflects. So what?
The procedure is from this point, pretty much the same. Like what HB is doing, only it has to be initiated. Administrator.
The solution is almost foolproof, but it's not 100% foolproof, but it's huge.
Um, it's advantage towards,
uh, but was previously being on most of vendors machines, which was nothing.
Also in this way the administrator can or less a human being can have some insight in the validity of buyers off,
off PC, unlike the HP solution, which you just simply trust that this process is foolproof,
and so far it has been proven full full, so there is no need the reason not to trust it, just
in this case, some kind. Some help buddy who is administrator. If they're vigilant enough, they know what's happening, or they can have incited what's happening.
So what are the downsides? It's not automatic recovery. Somebody has to initiate it, and it's has spread to the entire network than can be a problem.
And this after a solution. And this is why it's not 100% proof foolproof. If somebody finds the way to temper with this this piece of software, I'm just just to do one simple thing to make sure that it gives the
clean bill of health to buy us every time, regardless of what you have done, then you have a problem because then your system is failing.
Okay, so there is 1 13 that people confused with protection of buyers, which is called Microsoft Secure Boot, and it's a feature in your if I bios, which Microsoft is pushing toe vendors
in order to have Windows compatible. Stamp on their PC's understand compatible. So you have, Ah, Microsoft difficult that is stored in your five and basically what you, if I does, is checks the book loader
before it's launching it. Remember the sequence. You have the Windows Book flow there
and to wear five. It's signed by Microsoft. So if it's not,
then if I won't allow the PC to boot, so say okay, but Loader is compromised and it won't boot.
What is not doing isn't it's not preventing you if I from being changed. So this is very important thing.
This is just making sure between those book loader will load the boot the windows in the correct way. And it's not booting something that it's not Windows, but something else. So,
um, this is also with this feature you were having a little bit more problem toe. Have dual boot, for example. If you want to have Lennox on the same machine,
it's a little bit more difficult to do it, but it can be done so it's not fully preventing Lennox from living on the same machine. It just makes the life for the whoever has to make it work a little bit more difficult.
So essential downside of this this is
it's not actually preventing you if I for being changed. So if somebody wants to add something to unify, which has nothing to do with the Windows bulk loader,
But you had some low level functionality like a backdoor into into the PC on a low level below operating system, it can still do it, and this is secure. Boot function will not
just to check, if you have been listening carefully, what is Microsoft's secure but not preventing? Is it prevent not preventing bags or packages
or the placing of the boot loader or tempering with the boot loader?
And you have? If you have listened carefully, you know that it's not preventing Bystrov packages.
So it just preventing from tempering off Windows boot loader.
In this video, you learned about ways to establish trust in harder. So you learned about prevention and detection approach, and well, you have also learned about Microsoft secure boot. So
all these three things are very important in protecting your
physical hardware and in next lesson, I will continue talking about these things for some other components of PC.