375 points

When you turn on your PC and notice that there’s a huge Christmas banner on your desktop, do not panic – your device is not compromised.

Hah, well a vendor just pushed unapproved executable to the device and ran it without consent. Under any definition or other context it’s definitely compromised.

permalink
report
reply
108 points

This is why I boycott Logitech, they started pushing the Logitech Download Assistant through Windows Update as soon as you connect a Logitech mouse/keyboard.

It autoruns not only when it is first installed but on every startup.

It is rather annoying to try and uninstall it, I don’t get why there has been so little backlash against this…

Microsoft permitting this is devaluing Windows Update, the driver (.inf) should be installed automatically, any executable file that WU wants to download and run on your computer should just bring up a small Windows notification saying something like this:

The device you just installed requests to download and run the following program from Windows Update:

Logitech Download Assistant

Will you approve or reject this request? Approve/Reject

It is just terrible that this is permitted

permalink
report
parent
reply
25 points

I never knew about this (using Linux) but when I plugged my mouse onto a friend’s laptop and suddenly a big banner animated onscreen, my heart sank lol. No idea how this works but it was pretty unexpected.

permalink
report
parent
reply
11 points

I try not to be too Linux fanboish these days, but what in the ever loving fuck is that about? Windows sounds like it’s reverted to 90s/early 2000s novelty crap and browser toolbars.

permalink
report
parent
reply
15 points

I get this request sometimes on my work machine. Guess what? I don’t even have the rights to install it. Insanity

permalink
report
parent
reply
8 points

It sucks because I’ve always liked Logitech hardware. Though I suppose you don’t need to run the software suite (or if you’re on Linux it isn’t an option anyway).

permalink
report
parent
reply
7 points

This is why I boycott Logitech

You should boycott Microsoft instead. As you say, they’re the ones permitting it.

permalink
report
parent
reply
2 points

I would if I could, but I work with Windows and if I migrate to Linux at home, my skills in Windows would dimminish

permalink
report
parent
reply
-3 points

im guessing you use arch btw

permalink
report
parent
reply
4 points

It’s almost as if the PC doesn’t belong to you anymore

permalink
report
parent
reply
3 points

Cannot confirm, I have a g903, paired mouse pad, and their brio webcam. I only have the G Hub, which I installed manually. Maybe they stopped this behavior?

permalink
report
parent
reply
2 points

It won’t be listed under programs and features, here you have more info:

https://www.tenforums.com/software-apps/147661-how-remove-logitech-download-assistant.html

permalink
report
parent
reply
2 points

I had windows update try to brick the BIOS on my Lenovo workstation recently. I can’t believe Microsoft and manufacturers do this kind of shit. Luckily my workstation had dual BIOS so I could recover it. Between that and the fact that lenovo manufacturer locks their processors I would have waited until I could afford a supermicro had I known.

permalink
report
parent
reply
2 points

That shits on Lenovo because I never had an issue with Microsoft updating the UEFI of HP machines of our clients.

permalink
report
parent
reply

Welp, seems ASUS motherboards also push this by default: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation

During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access).

permalink
report
parent
reply
6 points

What does it do with Linux?

permalink
report
parent
reply

The ASUS UEFI firmware exposes an ACPI table to Windows 10, called “WPBT” or “Windows Platform Binary Table”. WPBT is used in the pre-built OEM industry, and is referred to as “the Vendor’s Rootkit.” Put simply, it is a script that makes Windows copy data from the BIOS to the System32 folder on the machine and execute it during Windows startup - every single time the system is booted.

So, sounds like a Windows-specific vulnerability feature.

permalink
report
parent
reply
6 points

Holy shit. I got Logitech peripherals, and an ASUS motherboard. I’m glad I’m on Linux. I still have Windows installed, and booted into it around 2 weeks ago, after it having lied dormant for four months. I didn’t notice anything being installed, but maybe I had to reboot first.

Quite possibly, my peripherals and motherboard are all too old to have this anti-feature. Do you know if there is a list of which of their hardware this is the case for?

Damnit, I always preferred Logitech mice. I guess I might have bought my last one.

permalink
report
parent
reply
3 points

What’s Logitech have to do with it

permalink
report
parent
reply
3 points

Similarly (above), I can’t confirm this either, on two different Asus boards, still in support/updates. I’m assuming this requires their software to be installed, which there’s no point to, so I didn’t bother… Maybe it’s part of their armory crate system, which can (should) be disabled in the bios…

permalink
report
parent
reply
2 points

This is how cheats are installed on LAN competitions

permalink
report
parent
reply
373 points

If it’s unwanted, disruptive, and (allegedly) impacts performance, that’s not “malware-like”. It’s malware.

permalink
report
reply
203 points

Confirmed, windows 11 is malware.

permalink
report
parent
reply
5 points

The seven windows 11 users disagree with you

(I am not one of them)

permalink
report
parent
reply
-45 points
Removed by mod
permalink
report
parent
reply
26 points

I did not reply because it was obvious I made a mistake (as a partially blind person does when reading small text. And you took a widely accepted community name and format and gave it your own twist, then sent a PM that was obviously looking for drama. Which is further obvious here.

permalink
report
parent
reply
17 points
*

I think the title indicates that it’s like the malware known as “Christmas.exe”.

Edit: I have too much faith in humanity…

permalink
report
parent
reply
73 points

The title is pushing the narrative that “real companies” doing hostile bullshit isn’t “real malware”.

When companies ship malware, it should be called malware.

permalink
report
parent
reply
10 points
*

Most malware is corporate shitware.

Compared to the wealth of pop-ups, ads and tracker cookies ubiquitous in every website that are burning down forests so they can run black box algorithms to optimize dark patterns for extracting as much revenue as possible while working the sweatshop poor to the bone - worming their way into everything without the condom of extensions - a cryptostealer disguised as ChatGPT_NFT_money_explosion.exe made by some teenager in albania feels… benign.

permalink
report
parent
reply
30 points
*

From the article:

Even worse, the malware-looking Christmas wreath is linked to a process called “Christmas.exe.”

So the process was actually called that. It popped up on my machine this morning and I immediately started scanning the whole system for malware and searching to see if anyone else had this problem.

permalink
report
parent
reply
11 points

Jesus Christ what the fuck.

permalink
report
parent
reply
17 points

It also automatically reinstalls itself through a BIOS feature. That’s advanced level malware.

permalink
report
parent
reply
5 points

Right? I thought I read that wrong!

To disable future crap like this you gotta do it in the FUCKING BIOS? Wtf Asus…

permalink
report
parent
reply
165 points
*

Who green lit this? I really hope that person gets fired immediately.

The lack of any visual link to ASUS isn’t even the biggest problem for me; it’s that ASUS rolls out a program that (presumably) puts itself in autostart by default and just pops up without prompt at all.

Edit: There’s a fucking setting in the BIOS to auto-install ASUS’ bullshit software? And it’s enabled by default… jesus fucking christ

permalink
report
reply
55 points
*

Most computers firmware can store a Windows executable. Microsoft pushed for an addition to the ACPI tables called WPBT. That stores a Windows exectuable in the firmware. It is of course totally used for the intended purpose…

permalink
report
parent
reply
48 points

I’m always dismayed but not surprised by how many people don’t know about Windows Platform Binary Table, which has existed since Windows 8. It’s not exactly the type of feature that Microsoft or the board vendors would want to publicize, seeing as it gives them persistent rootkit capabilities on the same level as UEFI rootkits.

Most normal people’s model of Windows security is “if something goes wrong then I wipe the disk and reinstall Windows,” and WPBT completely breaks that model, and has been doing so for 12 years.

Thankfully there are ways to disable it:

https://github.com/Jamesits/dropWPBT

permalink
report
parent
reply
11 points
*

There has been for years now. Disabling it is part of my first-time setup for a new board.

permalink
report
parent
reply
2 points
*

My ASUS X470 board doesn’t have it, though; guess it’s a bit too old for that

permalink
report
parent
reply
9 points

Stop buying ASUS junk imo

permalink
report
parent
reply
9 points

Curious, what do you run? Gigabyte is still meh, ASRock I’ve heard is questionable, MSI is blacklisted garbage for me after a failed bios update and failed flashback restore…

permalink
report
parent
reply
2 points

I’ve only heard good things about Aorus (which is basically Gigabyte), though

permalink
report
parent
reply
4 points

I have a while ago…

permalink
report
parent
reply
136 points
*

It is a part of the ASUS Armoury Crate software that is pre-installed on some ASUS PCs.

Always flash new OS if you buy a computer.

permalink
report
reply
123 points
*

That won’t get rid of it unless you also manually go into the BIOS and disable the install ASUS Armoury Crate setting as explained in the article.

If you don’t do this it will automatically reinstall even on a fresh install of Windows. Some of these bloatware programs will even install without an internet connection! This absolutely ludicrously stupid feature is called WPBT and is used by lots of manufacturers. Luckily it doesn’t work on Linux (at least for now…).

permalink
report
parent
reply
55 points

That’s wild that it’s a BIOS setting. Just an extra level of fuck you.

permalink
report
parent
reply
5 points

It’s for the more novice users who can assemble a PC but don’t ever think go download / install drivers afterwards.

Most of the motherboard OEMs do this. I get a lot fewer tickets where the root cause of the issue can be boiled down to “never installed drivers afterwards installing Windows”, which is also helped by the fact that many drivers are also served through Windows Update.

permalink
report
parent
reply
1 point

It makes sense on my ROG Ally X.

permalink
report
parent
reply
18 points

I don’t think it reinstalls itself if you install Linux

permalink
report
parent
reply
7 points

For now…

permalink
report
parent
reply
8 points

Yup. And here i am, always telling people to first read the linked article, before they write.

permalink
report
parent
reply
4 points

automatically reinstall

The user is prompted to install the application.

permalink
report
parent
reply
5 points

According to this article: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation it has already installed services on your computer that persist restarts by the time you are prompted to install Armoury Crate. In my opinion that is not acceptable at all.

permalink
report
parent
reply
69 points

That’s in the bios, it’s a pcie device that windows allows to inject root level code into your environement, you have to turn it off and hope nothing ever spoofs that pcie id because that’s a permanent hardware rootkit into your pc like EFI

permalink
report
parent
reply
37 points

That’s in the bios, it’s a pcie device that windows allows to inject root level code into your environement

What. The. Fuck. Are they the only one to install their crap so deep?

permalink
report
parent
reply
8 points
*

Haha no. My work computer is HP and has similar shit.

permalink
report
parent
reply
5 points

No my ROG board does the same.

permalink
report
parent
reply
1 point
*

Can this “feature” be turned off on Windows?

Edit: nvm, I read the article

permalink
report
parent
reply
20 points

This will be executed even on new fresh installation oob.

permalink
report
parent
reply
15 points
*

Yet another vendor-bootkit?

permalink
report
parent
reply
9 points

He didn’t say to flash Windows. 😉

permalink
report
parent
reply
6 points

Which distro do you recommend?

permalink
report
parent
reply
16 points

If you want minimal hassle, Mint is the deal.

permalink
report
parent
reply
6 points

Universal Blue is my go-to. Their OSs feel like the future. They are so easy to use and low maintenance. The upgrades happen in the background and apply automatically when you restart your computer.

There are three flavors: Bazzite for gaming Bluefin and Aurora for basic workstations and developers

I went with Aurora for myself because I like the developer focused stuff. But I also do a lot of gaming. Even though it’s not gaming focused, it’s still great for gaming.

My wife uses it on her laptop, too. She doesn’t give a shit what her OS is as long as it works and she can use the browser.

permalink
report
parent
reply
1 point

Aurora works very well on my dell laptop

permalink
report
parent
reply
5 points

EndeavourOS

Even for beginners it’s got a fantastic starting layout and default packages, but it’s still basically “just Arch Linux” where it counts so you get the best of both worlds.

permalink
report
parent
reply
4 points

+1 for EndeavourOS here. For 90% of what I do, it was a virtually seamless transition. Only hang up is a few games, VR, etc.

permalink
report
parent
reply
3 points

Garuda is probably a better option if the focus is gaming. It’s the same idea, just with a focus on gaming hardware and software ready to go, out of the gate.

permalink
report
parent
reply
2 points

This cracks me up that everyone has a different distro to recommend… But I’ve tried many and OpenSUSE Tumbleweed was the standout that I’ve decided to stick with indefinitely.

permalink
report
parent
reply
2 points

Linux Mint or de-snapped Kubuntu.

permalink
report
parent
reply
3 points

Hi there. I just installed Kubuntu on a spare machine, but I ran into a problem with the snaps. How would one “de-snap” it? Can you point me in the right direction?

permalink
report
parent
reply
1 point
*

Depends on your skills and what you want. I’m currently configuring a setup on Void, to learn about login, Wayland & Flatpak. Is that up your alley?

permalink
report
parent
reply
66 points

I’d love to know if this was just some guy who went ‘let’s ship it to all our customers!’ or if this was a C-level 300 hours of meetings type of thing which concluded that spreading christmas malware cheer was the right move.

permalink
report
reply
35 points

this was downloaded and ‘installed’ by asus armory crate, which came from malware baked right into the bios of new and ‘newish’ asus motherboards (how to disable)

permalink
report
parent
reply
9 points
permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 15K

    Monthly active users

  • 13K

    Posts

  • 570K

    Comments