On 9/1/15, Georgi Guninski <guninski@guninski.com> wrote:
... They protect against trojanized (off the shelf) BIOS.
prevents trojan / arb exec from persistence via BIOS. prevents surreptitious FDE keylogger via BIOS hooks. yes, also off the shelf attacks. which is nearly all of them. :) [ see also HackingTeam dump, and research examples ]
If an adversary has sufficient supply of application and root sploits, how much they will protect you?
separate question; see also defense in depth. however, a robust bespoke BIOS beats otherwise cascade catastrophe.
Instead of rootkit they will root you every boot IMHO.
this also has a different visibility, as executing in priv. or user context & addr space. also why "throw away" VMs per Qubes or Live OS images a useful technique to avoid attempted persistence via weird machines gone rogue... best regards,