I learned about the BIOS being able to be written to by malware. It reminded me I have a used laptop that performs noticeably slower than any comparable devices, so I went ahead an downloaded BIOS update installers (from Dell), and wow, it works so much better! I had tried multiple times in the past to reinstall the OS, and it just would go SO slow (despite decent specs)!
However, the BIOS update installers were .exe files - so even though they seem to have seemingly worked, what's to prevent a more sophisticated BIOS malware from simply reinfecting the BIOS as soon as I run that BIOS update .exe? If the slowness was infact a BIOS malware on that device, then it seemed to be infecting the OS I installed on the device on boot. So I presume any more modern version of that BIOS malware would simply reinstall itself right away / ensure it's still written to the BIOS.
Let me know if that makes sense.
Essentially, how could I effectively update the BIOS, if I have to log into a standard OS, and the BIOS is infecting the OS? Dell for example ONLY provided Windows .exe for BIOS updates annoyingly (for my device), and I checked for an old HP tower I have and they too only provide a .exe for BIOS updates.
Yet that OS is what BIOS malware may be infecting upon boot... and could in theory just ensure the BIOS is written a certain way (infected) even after a BIOS update via the .exe...
I know there are some motherboards that allow you to update the BIOS via a USB device, without an OS (only desktops as far as I know of atm). Perhaps those are more secure to update the BIOS of, than a motherboard that requires BIOS updates via a .exe?
But mainly, how do I update the BIOS before BIOS re-infects the host with these .exe BIOS updaters?