Does adding a password to BIOS prevent malware from infecting it?

Absolutely not. The BIOS password is only an authentication mechanism presented when the system boots or when a manual change to the configuration is made during boot. Malware which overwrites the BIOS typically does so by writing over SPI, the interface which the BIOS resides on. If malware gets enough privileges to write to SPI, and your BIOS does not set the proper lock bits that deny access to this interface at runtime, then it is game over. The contents of your BIOS flash chip can be modified completely, including the contents which execute the password authenticating code.

The only two ways to ensure malware cannot overwrite the BIOS is either to:

  1. Have a BIOS which properly sets all the lock bits at boot, and the only way to make sure of that is to use the chipsec framework and understand the results it gives

  2. Use a system which supports BootGuard, an Intel feature in some newer CPUs which causes the chipset to verify the BIOS itself before loading it, ensuring that it can only boot from a BIOS signed with an OEM signing key. This should prevent malicious BIOSes from running (as well as 3rd-party, open-source BIOSes like Coreboot and Libreboot).


BIOS passwords offer absolutely no protection against viruses. Its just there to slow people down who are trying to use your computer without your permission. Most computers have a "bios password ignore" or "bios password reset" jumper somewhere so its not even that secure. Might slow someone down maybe 5 minutes.

The blanket recommendation is to get a good antivirus program and let it hog your cpu in the background. That's not what I do. The problem with antivirus programs is that they are generally no good for viruses that are not in their database. Likewise, when a new one comes out, several thousand people usually get infected until the antivirus people can update their database. Then don't get me started on mutating viruses.

The simplest thing to make it really hard for viruses to infect your computer is to create a user with limited privileges and use that, rather than admin. That way, if you get tricked into loading a virus, it doesn't have enough system privilege to do any real harm. Just don't let them con you into entering the admin password when you weren't really doing anything that would call for it.


The short answer is no. Setting a password on the BIOS will protect your computer from Physical access (Though that could possibly be bypassed as well).

To protect against malware infection I suggest two things:

  1. Install an Anti-Virus and keep it up to date

  2. Setup a backup solution to backup your data daily (This will help you to quickly recover in case you had an infection that your AV couldn't prevent)