Posted by: Brein Matturro
Network and application security, Servers and desktop hardware, Systems and systems management
Although harmless at this stage, the viruses could be used to create malware that affects computers with disparate operating systems, according to Vincent Weafer, senior director at Symantec Security Response.
“If I can get to the processor level, potentially I can start tying myself into the core hardware,” he told vnunet.com.
While it’s intellectually interesting that someone has figured out how to execute arbitrary code independent of the operating system on Opteron, allegedly independent of the OS, any virus written to do so and actually go after elements of the hardware–like storage, or a network interface–would probably have to be tailored to specific system configurations. On the other hand, if an organization bought enough systems with a single common hardware configuration, that might create an opportunity for someone who really, really had some time on their hands and a desire to make life miserable for that select audience.
Of course, it doesn’t take a virus for that to happen. Any time you have a hardware/software monoculture, simple problems can become huge problems very quickly. Ask anyone who worked with Unisys’ whitebox systems built for the Air Force Desktop III contract, which initially shipped with a SUMO SCSI controller that turned out to be incompatible with Windows. The support hassles, I have been told, ended up costing Unisys more money per deployed system than they were paid for delivery of them.