The new solution prevents stealth malware code execution in UEFI-enabled computers
Kaspersky Lab today announced the release of a groundbreaking new product – Kaspersky Anti-Virus for UEFI (KUEFI) – an anti-malware solution which can protect the user’s PC before the operating system even starts loading.
UEFI, or "Unified Extensible Firmware Interface", has been developed by Unified EFI Forum. It is a new model for the interface between personal-computer operating systems and platform firmware. Hailed as the ‘spiritual successor’ to BIOS (Basic Input/Output System), UEFI offers support for new technologies, improved development, and enhanced customer experience during the time after the computer is turned on but before the operating system loads. Across multiple interfaces, the Specification supports a more secure system, a faster boot time, improved performance, platform feature innovation, and a quicker, more cost-effective time-to-market product shipment.
Among its other features, the UEFI specification makes it possible to embed a security solution ‘on the chip’. Kaspersky Lab seized this opportunity to develop the World’s first – and, at the moment, only – UEFI-compliant anti-malware product, which will be able to to scan selected system files and memory addresses before the operating system even starts loading. The advantages of such an approach cannot be overstated. Previously, rootkits and bootkits could embed themselves deeply into the system and load before any conventional anti-malware solution, thus hiding their activity from the anti-virus, or even preventing it from loading altogether.
But now, by loading from a ROM chip that is guaranteed to be clear of bugs, KUEFI will be able to scan system files before they are loaded and detect any malware that might be lurking there. Based on Kaspersky Lab’s cutting-edge technologies and the award-winning Kaspersky Anti-Virus core, the solution offers flexible scan settings to reach the desired ‘performance vs. detection rate’ tradeoff and achieve the exact performance level each user needs. Depending on the usage mode, once a threat is detected, KUEFI can either alert the user or completely block the system boot-up until a qualified specialist resolves the issue.
"I’m incredibly excited by this announcement – the release of KUEFI might just grant us the leverage we’ve been looking for so long in our struggle against malware,” says Nikolay Grebennikov, CTO of Kaspersky Lab. “Previously, our enemies always had the advantage – they were the first to find loopholes, weaknesses, or zero-day vulnerabilities, and we had to find a cure after the fact. But now they simply won’t be able to hide their malicious stuff anymore, as KUEFI will run at the lowest level possible and make sure that your system is clean and safe."
The solution is designed to be used in organizations with the most stringent IT security requirements, such as state agencies, military organizations, power plants, industrial companies, and any other entities where the malware-related data loss, data leakage or corruption poses the greatest threat.
About Unified EFI Forum
UEFI is a community effort to modernize the booting process, involving many companies in the personal computer industry. UEFI-capable systems are already shipping, and many more are in preparation. During the transition to UEFI, most platform firmware will continue to support legacy (BIOS) booting as well, to accommodate legacy-only operating systems. The Unified EFI Forum is a non-profit collaborative trade organization formed to promote and manage the UEFI standard. As an evolving standard, the UEFI specification is driven by contributions and support from member companies of the UEFI Forum. Learn more at www.uefi.org.