752
Asus bombards Windows 11 with christmas.exe malware-like Christmas wreath banner (www.windowslatest.com)
submitted 7 months ago by floofloof@lemmy.ca to c/technology@lemmy.world
138 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] CaptDust@sh.itjust.works 371 points 7 months ago

When you turn on your PC and notice that there’s a huge Christmas banner on your desktop, do not panic – your device is not compromised.

Hah, well a vendor just pushed unapproved executable to the device and ran it without consent. Under any definition or other context it's definitely compromised.

[-] user224@lemmy.sdf.org 41 points 7 months ago

Welp, seems ASUS motherboards also push this by default: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation

During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access).

[-] skaffi@infosec.pub 7 points 7 months ago

Holy shit. I got Logitech peripherals, and an ASUS motherboard. I'm glad I'm on Linux. I still have Windows installed, and booted into it around 2 weeks ago, after it having lied dormant for four months. I didn't notice anything being installed, but maybe I had to reboot first.

Quite possibly, my peripherals and motherboard are all too old to have this anti-feature. Do you know if there is a list of which of their hardware this is the case for?

Damnit, I always preferred Logitech mice. I guess I might have bought my last one.

[-] dubyakay@lemmy.ca 6 points 7 months ago

What does it do with Linux?

[-] user224@lemmy.sdf.org 29 points 7 months ago* (last edited 7 months ago)

The ASUS UEFI firmware exposes an ACPI table to Windows 10, called "WPBT" or "Windows Platform Binary Table". WPBT is used in the pre-built OEM industry, and is referred to as "the Vendor's Rootkit." Put simply, it is a script that makes Windows copy data from the BIOS to the System32 folder on the machine and execute it during Windows startup - every single time the system is booted.

So, sounds like a Windows-specific ~~vulnerability~~ feature.

[-] Grabthar@lemmy.world 2 points 7 months ago

Make a read only file/folder with the same name and the script should fail. But that is horseshit.

[-] wreckedcarzz@lemmy.world 3 points 7 months ago

Similarly (above), I can't confirm this either, on two different Asus boards, still in support/updates. I'm assuming this requires their software to be installed, which there's no point to, so I didn't bother... Maybe it's part of their armory crate system, which can (should) be disabled in the bios...

[-] xavier666@lemm.ee 2 points 7 months ago

This is how cheats are installed on LAN competitions

this post was submitted on 24 Dec 2024
752 points (100.0% liked)

Technology

73370 readers
4146 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws