Why is BIOS insecure on new Windows 8 laptop?

Discussion in 'Windows 8 Help and Support' started by flroots, Dec 20, 2012.

  1. flroots

    flroots New Member

    Joined:
    Nov 29, 2012
    Messages:
    27
    Likes Received:
    0
    I just received my new Dell Inspiron 15R-5520 64 bit laptop running Windows 8. It came with a new BIOS that supports both UEFI and Legacy. Compared to the BIOS on my old Dell Inspiron laptop it seems very insecure. I'm referring to access to the boot order. In my old BIOS I could set a password which was necessary for changing the boot order and either enabling or disabling devices within the boot list. Thus one could select the HDD and disable all other devices such as CD/DVD and Flashdrives. The new BIOS includes passwords as well, but they don't restrict access to the boot order and there doesn't seem to be any way to disable devices from the boot list. In the case that my laptop is stolen it's nice to prevent the thief from quickly booting off a CD or flashdrive and accessing all my files, etc. Can anyone explain why the new BIOS removed this seemingly important security feature?
    Pete
     
    #1 flroots, Dec 20, 2012
    Last edited by a moderator: Dec 20, 2012
  2. AceInfinity

    AceInfinity Senior Member
    Microsoft MVP

    Joined:
    Aug 12, 2011
    Messages:
    159
    Likes Received:
    11
    The BIOS doesn't change for Windows 8, the BIOS is still the BIOS, unless you've updated it. Can you show us a screenshot of what you're talking about?

    Perhaps the bootmgr changed, but not much from that.
     
  3. flroots

    flroots New Member

    Joined:
    Nov 29, 2012
    Messages:
    27
    Likes Received:
    0
    Thanks. I wasn't suggesting that the BIOS changed because of Windows 8. It changed because this new technology called UEFI has been incorporated into it. As mentioned, it seems to have lost the security features of the BIOS on my last Dell Inspiron. I was wondering why they removed what I considered an important security feature?
    Pete
    PS I'm not sure how to do a screenshot while in the BIOS
     
  4. AceInfinity

    AceInfinity Senior Member
    Microsoft MVP

    Joined:
    Aug 12, 2011
    Messages:
    159
    Likes Received:
    11
  5. flroots

    flroots New Member

    Joined:
    Nov 29, 2012
    Messages:
    27
    Likes Received:
    0
    Thanks. I've now managed to do a clean install of both Windows 7 and 8 to UEFI/GPT partitions on my new Dell Inspiron 15R-5520 laptop. I've confirmed that the new UEFI BIOS is very insecure. One can simply press F12 during boot up and change boot order to any of the following without having to enter my set password:
    a. UEFI with secure boot
    b. UEFI without secure boot
    c. Legacy without secure boot​
    As mentioned above, this would have been impossible with my older Dell Inspiron. Also, Windows 7 won't boot with secure boot since the BIOS doesn't recognize it. It will boot with UEFI without secure boot. Also, your referenced article doesn't inspire confidence either.
    Pete
     
  6. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    Let's go at this from another direction. On most Dell Laptops, you never really get into the bios, but only their bios setup utility. But when you enter a password which will lock access to the bios setup, what exactly does that do?

    You mention being able to boot from a CD and access your system. On my system, you can disable the DVD drive as a boot device. Once you do that, will it still boot to a MBR DVD? On UEFI systems, removing the UEFI media may remove the entry in the bios and thereby remove any lockout. Is that happening?

    But on my system, the options to boot with a type of boot, are not included in a Boot Device Menu. That option is set on the boot page and should not be accessible without using an F2 key during boot and a password. But I do not have your computer so I cannot check.

    A secure boot condition for Windows 8 needs to have specific conditions fulfulled. You will not be able to boot to Windows 7 if you turn on secure boot for Windows 8, at least on my system you can't. I will assume that you new laptop was able to perform secure boots when you received it.

    I have no way of knowing why Dell set up their systems the way they did. One factor might have been to achieve useability by the user and a desire to have a system that would not completely lock out the normal user. Hard drives can be removed from systems and read by other systems, so perhaps some security steps may not be worth the possible downside.
     
  7. flroots

    flroots New Member

    Joined:
    Nov 29, 2012
    Messages:
    27
    Likes Received:
    0
    Thanks. I have set the admin password and that prevents me from changing certain parameters without entering the password. On the other hand, I can change the boot order, change from UEFI to Legacy and back, etc all without entering the password. The BIOS on my old Dell Inspiron would prevent any changes to boot order and enabling or disabling any bootable device without first entering the password. I can't imagine why that security feature was not carried forward to the newer UEFI/Legacy BIOS.

    I can boot windows 8 in UEFI mode with secure boot since the signature for that OS is recorded in BIOS. I must boot Windows 7 in UEFI without secure boot since no signature exists for that OS. BTW, the security feature that should have been included wouldn't have reduced usability since the owner has the option to set a password or not. Prior to entering of password, all changes should be prevented IMHO.
    Pete
     
    #7 flroots, Dec 24, 2012
    Last edited by a moderator: Dec 24, 2012
  8. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    I think what I am getting at is the problem seems to lie in the Utility Dell gives you to change the Bios. I cannot get into my bios to change anything without a password. I can get a boot device menu, but there is no option for changing the type of boot, just the boot device.

    Is there anything in the Dell interface that would allow you to hide certain options so as to make them not accessible without a password?
     
    #8 Saltgrass, Dec 24, 2012
    Last edited by a moderator: Dec 24, 2012
  9. flroots

    flroots New Member

    Joined:
    Nov 29, 2012
    Messages:
    27
    Likes Received:
    0
    Thanks. As explained everything related to boot order and selection of boot devices can be changed without entering any password ie, totally insecure. So far, I've received no explanation why they would choose to remove this level of security.
    Pete
     
  10. mtRoom

    mtRoom New Member

    Joined:
    Apr 13, 2013
    Messages:
    1
    Likes Received:
    0
    Probably because you're on a Windows 8 forum; not a Dell forum.
     

Share This Page

Loading...