this post was submitted on 24 Dec 2024
764 points (99.1% liked)

Technology

60115 readers
2705 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
764
Asus bombards Windows 11 with christmas.exe malware-like Christmas wreath banner (www.windowslatest.com)
submitted 3 days ago by floofloof@lemmy.ca to c/technology@lemmy.world
207 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] Magnetic_dud@discuss.tchncs.de 37 points 2 days ago

The manager who approved this need to be fired. Programs need to ask permission to the user before installing, especially when they're not device drivers.

This is literal malware and there's also a chance that it might be exploited (example: a mitm Attack exchanges the file that armory crate is downloading)

This kind of Easter egg is not funny at all, developers must avoid undocumented time bombs. I still remember that day 15 years ago when I turned on my Wii and it said that the system files were corrupted. After hours of reverting a full nand backup via bootmii (and losing 2 years of game saves) it turned out that it was a funny April's fool by crediar, which put a fake system corruption message when you run his program on April 1st. Problem is that his program was a loader for the system menu so it was unavoidable if you didn't know that.

Like me, there must be someone paranoid that saw that black bar on the screen, saw a weird Christmas.exe running on their system, and starting wiping or restoring old images to "clean" that.

[–] yournamehere@lemm.ee 10 points 1 day ago

it is a very subtile ad for linux

[–] TonyTonyChopper@mander.xyz 29 points 2 days ago (1 children)

the wreath has a memory leak

modern app design and its consequences

[–] theterrasque@infosec.pub 11 points 2 days ago

More like old app design. It's much harder (but of course fully doable) to have a memory leak in modern languages.

[–] LodeMike@lemmy.today 31 points 2 days ago

WDYM "malware like"? It is malware.

[–] CaptDust@sh.itjust.works 377 points 3 days ago (2 children)

When you turn on your PC and notice that there’s a huge Christmas banner on your desktop, do not panic – your device is not compromised.

Hah, well a vendor just pushed unapproved executable to the device and ran it without consent. Under any definition or other context it's definitely compromised.

[–] stoy@lemmy.zip 110 points 3 days ago (28 children)

This is why I boycott Logitech, they started pushing the Logitech Download Assistant through Windows Update as soon as you connect a Logitech mouse/keyboard.

It autoruns not only when it is first installed but on every startup.

It is rather annoying to try and uninstall it, I don't get why there has been so little backlash against this....

Microsoft permitting this is devaluing Windows Update, the driver (.inf) should be installed automatically, any executable file that WU wants to download and run on your computer should just bring up a small Windows notification saying something like this:

The device you just installed requests to download and run the following program from Windows Update:

Logitech Download Assistant

Will you approve or reject this request? Approve/Reject

It is just terrible that this is permitted

[–] xavier666@lemm.ee 5 points 2 days ago

It's almost as if the PC doesn't belong to you anymore

load more comments (27 replies)
[–] user224@lemmy.sdf.org 42 points 3 days ago (8 children)

Welp, seems ASUS motherboards also push this by default: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation

During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access).

load more comments (8 replies)
[–] conciselyverbose@sh.itjust.works 378 points 3 days ago (8 children)

If it's unwanted, disruptive, and (allegedly) impacts performance, that's not "malware-like". It's malware.

[–] nokturne213@sopuli.xyz 205 points 3 days ago (17 children)

Confirmed, windows 11 is malware.

load more comments (17 replies)
load more comments (7 replies)
[–] oo1@lemmings.world 58 points 3 days ago (2 children)

"do not panic – your device is not compromised."

meme(always has been)

[–] reksas@sopuli.xyz 22 points 2 days ago

if someone not you installing crap you dont want isn't compromised then i dont what is

[–] zerofk@lemm.ee 23 points 3 days ago (2 children)

There is nothing wrong with your device. Do not attempt to adjust the picture. We control the horizontal. We control the vertical.

[–] umbraroze@lemmy.world 18 points 2 days ago (1 children)

...We control the treble, and all your bass belongs to us too.

/incredibly ancient joke

load more comments (1 replies)
load more comments (1 replies)
[–] Flashback956@feddit.nl 17 points 2 days ago* (last edited 2 days ago)

Another reason to not buy any Asus stuff.

[–] MonkderVierte@lemmy.ml 137 points 3 days ago* (last edited 3 days ago) (16 children)

It is a part of the ASUS Armoury Crate software that is pre-installed on some ASUS PCs.

Always flash new OS if you buy a computer.

[–] Link@rentadrunk.org 123 points 3 days ago* (last edited 3 days ago) (8 children)

That won’t get rid of it unless you also manually go into the BIOS and disable the install ASUS Armoury Crate setting as explained in the article.

If you don’t do this it will automatically reinstall even on a fresh install of Windows. Some of these bloatware programs will even install without an internet connection! This absolutely ludicrously stupid feature is called WPBT and is used by lots of manufacturers. Luckily it doesn’t work on Linux (at least for now…).

[–] MimicJar@lemmy.world 55 points 3 days ago (4 children)

That's wild that it's a BIOS setting. Just an extra level of fuck you.

load more comments (4 replies)
load more comments (7 replies)
[–] interdimensionalmeme@lemmy.ml 69 points 3 days ago (3 children)

That's in the bios, it's a pcie device that windows allows to inject root level code into your environement, you have to turn it off and hope nothing ever spoofs that pcie id because that's a permanent hardware rootkit into your pc like EFI

[–] Etienne_Dahu@jlai.lu 37 points 3 days ago (12 children)

That's in the bios, it's a pcie device that windows allows to inject root level code into your environement

What. The. Fuck. Are they the only one to install their crap so deep?

load more comments (12 replies)
load more comments (2 replies)
[–] Appoxo@lemmy.dbzer0.com 20 points 3 days ago (2 children)

This will be executed even on new fresh installation oob.

load more comments (2 replies)
load more comments (13 replies)
[–] FireWire400@lemmy.world 166 points 3 days ago* (last edited 3 days ago) (8 children)

Who green lit this? I really hope that person gets fired immediately.

The lack of any visual link to ASUS isn't even the biggest problem for me; it's that ASUS rolls out a program that (presumably) puts itself in autostart by default and just pops up without prompt at all.

Edit: There's a fucking setting in the BIOS to auto-install ASUS' bullshit software? And it's enabled by default.... jesus fucking christ

[–] equivocal@lemm.ee 56 points 3 days ago* (last edited 3 days ago) (1 children)

Most computers firmware can store a Windows executable. Microsoft pushed for an addition to the ACPI tables called WPBT. That stores a Windows exectuable in the firmware. It is of course totally used for the intended purpose...

[–] drspod@lemmy.ml 49 points 3 days ago

I'm always dismayed but not surprised by how many people don't know about Windows Platform Binary Table, which has existed since Windows 8. It's not exactly the type of feature that Microsoft or the board vendors would want to publicize, seeing as it gives them persistent rootkit capabilities on the same level as UEFI rootkits.

Most normal people's model of Windows security is "if something goes wrong then I wipe the disk and reinstall Windows," and WPBT completely breaks that model, and has been doing so for 12 years.

Thankfully there are ways to disable it:

https://github.com/Jamesits/dropWPBT

load more comments (7 replies)
[–] Etterra@discuss.online 19 points 2 days ago (1 children)

Now ask the non-Christians need to do a class action lawsuit lol

load more comments (1 replies)
[–] thermal_shock@lemmy.world 39 points 3 days ago* (last edited 1 day ago)

everyone submit a help desk ticket to Asus asking wtf is going on

[–] Shimitar@feddit.it 30 points 3 days ago

Somebody should create a windows executable to be placed in the WPBT that silently install Linux on first windows boot....

[–] schizo@forum.uncomfortable.business 66 points 3 days ago (2 children)

I'd love to know if this was just some guy who went 'let's ship it to all our customers!' or if this was a C-level 300 hours of meetings type of thing which concluded that spreading christmas ~~malware~~ cheer was the right move.

load more comments (2 replies)
[–] jaxiiruff@lemmy.zip 60 points 3 days ago (5 children)

You just cant make this shit up. Truly is year of the linux desktop.

load more comments (5 replies)
load more comments
view more: next ›