this post was submitted on 24 Dec 2024
772 points (99.2% liked)

Technology

61081 readers
2836 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] CaptDust 381 points 1 month ago (2 children)

When you turn on your PC and notice that there’s a huge Christmas banner on your desktop, do not panic – your device is not compromised.

Hah, well a vendor just pushed unapproved executable to the device and ran it without consent. Under any definition or other context it's definitely compromised.

[–] [email protected] 112 points 1 month ago (27 children)

This is why I boycott Logitech, they started pushing the Logitech Download Assistant through Windows Update as soon as you connect a Logitech mouse/keyboard.

It autoruns not only when it is first installed but on every startup.

It is rather annoying to try and uninstall it, I don't get why there has been so little backlash against this....

Microsoft permitting this is devaluing Windows Update, the driver (.inf) should be installed automatically, any executable file that WU wants to download and run on your computer should just bring up a small Windows notification saying something like this:

The device you just installed requests to download and run the following program from Windows Update:

Logitech Download Assistant

Will you approve or reject this request? Approve/Reject

It is just terrible that this is permitted

[–] [email protected] 25 points 1 month ago (1 children)

I never knew about this (using Linux) but when I plugged my mouse onto a friend's laptop and suddenly a big banner animated onscreen, my heart sank lol. No idea how this works but it was pretty unexpected.

load more comments (1 replies)
load more comments (26 replies)
[–] [email protected] 42 points 1 month ago (8 children)

Welp, seems ASUS motherboards also push this by default: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation

During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access).

load more comments (8 replies)
[–] conciselyverbose 379 points 1 month ago (3 children)

If it's unwanted, disruptive, and (allegedly) impacts performance, that's not "malware-like". It's malware.

[–] [email protected] 205 points 1 month ago (17 children)

Confirmed, windows 11 is malware.

load more comments (17 replies)
[–] [email protected] 17 points 1 month ago* (last edited 1 month ago) (2 children)

~~I think the title indicates that it's like the malware known as "Christmas.exe".~~

Edit: I have too much faith in humanity..

[–] conciselyverbose 73 points 1 month ago (1 children)

The title is pushing the narrative that "real companies" doing hostile bullshit isn't "real malware".

When companies ship malware, it should be called malware.

load more comments (1 replies)
[–] [email protected] 30 points 1 month ago* (last edited 1 month ago) (1 children)

From the article:

Even worse, the malware-looking Christmas wreath is linked to a process called “Christmas.exe.”

So the process was actually called that. It popped up on my machine this morning and I immediately started scanning the whole system for malware and searching to see if anyone else had this problem.

load more comments (1 replies)
[–] [email protected] 17 points 1 month ago

It also automatically reinstalls itself through a BIOS feature. That's advanced level malware.

[–] [email protected] 167 points 1 month ago* (last edited 1 month ago) (8 children)

Who green lit this? I really hope that person gets fired immediately.

The lack of any visual link to ASUS isn't even the biggest problem for me; it's that ASUS rolls out a program that (presumably) puts itself in autostart by default and just pops up without prompt at all.

Edit: There's a fucking setting in the BIOS to auto-install ASUS' bullshit software? And it's enabled by default.... jesus fucking christ

[–] [email protected] 56 points 1 month ago* (last edited 1 month ago) (1 children)

Most computers firmware can store a Windows executable. Microsoft pushed for an addition to the ACPI tables called WPBT. That stores a Windows exectuable in the firmware. It is of course totally used for the intended purpose...

[–] [email protected] 49 points 1 month ago

I'm always dismayed but not surprised by how many people don't know about Windows Platform Binary Table, which has existed since Windows 8. It's not exactly the type of feature that Microsoft or the board vendors would want to publicize, seeing as it gives them persistent rootkit capabilities on the same level as UEFI rootkits.

Most normal people's model of Windows security is "if something goes wrong then I wipe the disk and reinstall Windows," and WPBT completely breaks that model, and has been doing so for 12 years.

Thankfully there are ways to disable it:

https://github.com/Jamesits/dropWPBT

load more comments (7 replies)
[–] [email protected] 137 points 1 month ago* (last edited 1 month ago) (16 children)

It is a part of the ASUS Armoury Crate software that is pre-installed on some ASUS PCs.

Always flash new OS if you buy a computer.

[–] [email protected] 123 points 1 month ago* (last edited 1 month ago) (7 children)

That won’t get rid of it unless you also manually go into the BIOS and disable the install ASUS Armoury Crate setting as explained in the article.

If you don’t do this it will automatically reinstall even on a fresh install of Windows. Some of these bloatware programs will even install without an internet connection! This absolutely ludicrously stupid feature is called WPBT and is used by lots of manufacturers. Luckily it doesn’t work on Linux (at least for now…).

[–] [email protected] 55 points 1 month ago (4 children)

That's wild that it's a BIOS setting. Just an extra level of fuck you.

load more comments (4 replies)
[–] [email protected] 18 points 1 month ago (1 children)

I don't think it reinstalls itself if you install Linux

load more comments (1 replies)
load more comments (5 replies)
[–] [email protected] 69 points 1 month ago (3 children)

That's in the bios, it's a pcie device that windows allows to inject root level code into your environement, you have to turn it off and hope nothing ever spoofs that pcie id because that's a permanent hardware rootkit into your pc like EFI

[–] [email protected] 37 points 1 month ago (12 children)

That's in the bios, it's a pcie device that windows allows to inject root level code into your environement

What. The. Fuck. Are they the only one to install their crap so deep?

load more comments (12 replies)
load more comments (2 replies)
[–] [email protected] 20 points 1 month ago (2 children)

This will be executed even on new fresh installation oob.

[–] [email protected] 15 points 1 month ago* (last edited 1 month ago)

Yet another vendor-bootkit?

load more comments (1 replies)
load more comments (13 replies)
[–] [email protected] 66 points 1 month ago (1 children)

I'd love to know if this was just some guy who went 'let's ship it to all our customers!' or if this was a C-level 300 hours of meetings type of thing which concluded that spreading christmas ~~malware~~ cheer was the right move.

[–] [email protected] 36 points 1 month ago (1 children)

this was downloaded and 'installed' by asus armory crate, which came from malware baked right into the bios of new and 'newish' asus motherboards (how to disable)

load more comments (1 replies)
[–] [email protected] 59 points 1 month ago (2 children)

You just cant make this shit up. Truly is year of the linux desktop.

[–] [email protected] 19 points 1 month ago (1 children)
[–] [email protected] 48 points 1 month ago (2 children)
[–] [email protected] 16 points 1 month ago

I don't use Linux much, and I still agree. If the market share for Linux continues to rise every year, then it's absolutely true.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 58 points 1 month ago (2 children)

"do not panic – your device is not compromised."

meme(always has been)

[–] [email protected] 23 points 1 month ago (2 children)

There is nothing wrong with your device. Do not attempt to adjust the picture. We control the horizontal. We control the vertical.

[–] [email protected] 18 points 1 month ago (1 children)

...We control the treble, and all your bass belongs to us too.

/incredibly ancient joke

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 22 points 1 month ago

if someone not you installing crap you dont want isn't compromised then i dont what is

[–] [email protected] 45 points 1 month ago* (last edited 1 month ago) (2 children)

Why don't every vendor with an installed app make a similar banner?
It would be so festive, and I bet people would love it, to have 20 or 30 such occurrences every time you need to use your computer during holidays.
It would of course be optimal if each has an animation and a tune, that need to finish before you can escape.
Weird that only Asus had this brilliant idea? It's so awesome when you are not in control of what happens on your computer.
/s

If you want to take back control, Linux is your best option.

[–] [email protected] 23 points 1 month ago (2 children)

Oooh, make one of them a little purple animated gorilla, I'd like that too.

load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 40 points 1 month ago

The manager who approved this need to be fired. Programs need to ask permission to the user before installing, especially when they're not device drivers.

This is literal malware and there's also a chance that it might be exploited (example: a mitm Attack exchanges the file that armory crate is downloading)

This kind of Easter egg is not funny at all, developers must avoid undocumented time bombs. I still remember that day 15 years ago when I turned on my Wii and it said that the system files were corrupted. After hours of reverting a full nand backup via bootmii (and losing 2 years of game saves) it turned out that it was a funny April's fool by crediar, which put a fake system corruption message when you run his program on April 1st. Problem is that his program was a loader for the system menu so it was unavoidable if you didn't know that.

Like me, there must be someone paranoid that saw that black bar on the screen, saw a weird Christmas.exe running on their system, and starting wiping or restoring old images to "clean" that.

[–] [email protected] 39 points 1 month ago* (last edited 1 month ago)

everyone submit a help desk ticket to Asus asking wtf is going on

[–] [email protected] 31 points 1 month ago

WDYM "malware like"? It is malware.

[–] [email protected] 30 points 1 month ago

Somebody should create a windows executable to be placed in the WPBT that silently install Linux on first windows boot....

[–] [email protected] 29 points 1 month ago (1 children)

the wreath has a memory leak

modern app design and its consequences

load more comments (1 replies)
[–] [email protected] 22 points 1 month ago

An unsolicited Christmas card through a letterbox would have at least been less worrying.

[–] [email protected] 19 points 1 month ago (1 children)

Now ask the non-Christians need to do a class action lawsuit lol

load more comments (1 replies)
[–] [email protected] 17 points 1 month ago* (last edited 1 month ago)

Another reason to not buy any Asus stuff.

[–] [email protected] 16 points 1 month ago

How was this even approved for deployment?

[–] [email protected] 15 points 1 month ago

Haha, how fortuitous for me that my new SDD arrived over the weekend and I used the opportunity to install Linux on my Asus laptop.

load more comments
view more: next ›