• Magnetic_dud@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    8
    ·
    4 hours ago

    The manager who approved this need to be fired. Programs need to ask permission to the user before installing, especially when they’re not device drivers.

    This is literal malware and there’s also a chance that it might be exploited (example: a mitm Attack exchanges the file that armory crate is downloading)

    This kind of Easter egg is not funny at all, developers must avoid undocumented time bombs. I still remember that day 15 years ago when I turned on my Wii and it said that the system files were corrupted. After hours of reverting a full nand backup via bootmii (and losing 2 years of game saves) it turned out that it was a funny April’s fool by crediar, which put a fake system corruption message when you run his program on April 1st. Problem is that his program was a loader for the system menu so it was unavoidable if you didn’t know that.

    Like me, there must be someone paranoid that saw that black bar on the screen, saw a weird Christmas.exe running on their system, and starting wiping or restoring old images to “clean” that.

    • Terrasque@infosec.pub
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 hours ago

      More like old app design. It’s much harder (but of course fully doable) to have a memory leak in modern languages.

  • oo1@lemmings.world
    link
    fedilink
    English
    arrow-up
    50
    arrow-down
    1
    ·
    1 day ago

    “do not panic – your device is not compromised.”

    meme(always has been)

    • reksas@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      20
      ·
      22 hours ago

      if someone not you installing crap you dont want isn’t compromised then i dont what is

    • zerofk@lemm.ee
      link
      fedilink
      English
      arrow-up
      22
      ·
      24 hours ago

      There is nothing wrong with your device. Do not attempt to adjust the picture. We control the horizontal. We control the vertical.

      • umbraroze@lemmy.world
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        1
        ·
        22 hours ago

        …We control the treble, and all your bass belongs to us too.

        /incredibly ancient joke

        • Yttra@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          22 hours ago

          If you think the zoomers don’t know about Zero Wing you got another thing coming, buster 😎

  • CaptDust@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    357
    ·
    2 days ago

    When you turn on your PC and notice that there’s a huge Christmas banner on your desktop, do not panic – your device is not compromised.

    Hah, well a vendor just pushed unapproved executable to the device and ran it without consent. Under any definition or other context it’s definitely compromised.

    • stoy@lemmy.zip
      link
      fedilink
      English
      arrow-up
      106
      arrow-down
      1
      ·
      2 days ago

      This is why I boycott Logitech, they started pushing the Logitech Download Assistant through Windows Update as soon as you connect a Logitech mouse/keyboard.

      It autoruns not only when it is first installed but on every startup.

      It is rather annoying to try and uninstall it, I don’t get why there has been so little backlash against this…

      Microsoft permitting this is devaluing Windows Update, the driver (.inf) should be installed automatically, any executable file that WU wants to download and run on your computer should just bring up a small Windows notification saying something like this:

      The device you just installed requests to download and run the following program from Windows Update:

      Logitech Download Assistant

      Will you approve or reject this request? Approve/Reject

      It is just terrible that this is permitted

      • DefederateLemmyMl@feddit.nl
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        3
        ·
        1 day ago

        This is why I boycott Logitech

        You should boycott Microsoft instead. As you say, they’re the ones permitting it.

        • stoy@lemmy.zip
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          24 hours ago

          I would if I could, but I work with Windows and if I migrate to Linux at home, my skills in Windows would dimminish

            • stoy@lemmy.zip
              link
              fedilink
              English
              arrow-up
              12
              arrow-down
              1
              ·
              20 hours ago

              Sigh, why, why do you do feel the need to put other’s down over something as irrelevant as an operating system?

              But since Windows require zero skills, then even you may stand a chance to solve the following tasks that I have had to deal with within Windows.

              1. List all users in the local admin group of all workstations, if a group is part of the local admin group, expand it and list individual users, oh and some users/groups are still on an old domain.
              2. Whitelist a new USB device in GPO.
              3. Make a report of all computers in the organization, get the current system model number, memory, storage space, free storage space, check weather or not the computer is ready for Windows 11, sort the list by department and primary user.
              • dependencyinjection@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                12
                arrow-down
                1
                ·
                19 hours ago

                These weirdos have Linux as their entire identity and it’s become all consuming for some of them.

                I just block anyone who is shilling Linux too much as it gets boring quickly, and I use Linux myself as of recently but it isn’t all that amazing and it requires a good amount of configuration, contrary to what people on here will tell you.

                • stoy@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  17 hours ago

                  Linux is amazing, I use it regularly for diferent projects.

                  I even dailied Ubuntu 15 years ago, but then switched back to Windows for gaming and work.

              • punchmesan@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                4
                ·
                19 hours ago

                I’m in IT too. My experience is that if you use Linux at home and Windows at work you just end up skilled at both. At one point I was even using a Macbook at work (wouldn’t have even been a consideration if WSL was just a little better), using a Windows jump server or a VM for my Windows-y ops, and I became skilled at all 3 OS’s.

                All of that is to say that your skill won’t decrease if Windows is still being used, especially if you’re using it in a professional context.

                • stoy@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  19 hours ago

                  This is really the wrong sub thread to discuss this, this was my reply to someone laughing at the concept of Windows skills.

                  As for you comment, I am glad that it works like that for you, it doesn’t for me.

                • stoy@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  19 hours ago

                  Powershell is very useful to use at home, maybe not in those exact tasks, but it is a Windows skill.

      • mat@linux.community
        link
        fedilink
        English
        arrow-up
        23
        ·
        1 day ago

        I never knew about this (using Linux) but when I plugged my mouse onto a friend’s laptop and suddenly a big banner animated onscreen, my heart sank lol. No idea how this works but it was pretty unexpected.

        • BeardedGingerWonder
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 day ago

          I try not to be too Linux fanboish these days, but what in the ever loving fuck is that about? Windows sounds like it’s reverted to 90s/early 2000s novelty crap and browser toolbars.

      • circuitfarmer@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 day ago

        It sucks because I’ve always liked Logitech hardware. Though I suppose you don’t need to run the software suite (or if you’re on Linux it isn’t an option anyway).

      • Midnight Wolf@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 day ago

        Cannot confirm, I have a g903, paired mouse pad, and their brio webcam. I only have the G Hub, which I installed manually. Maybe they stopped this behavior?

      • A7thStone@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        1 day ago

        I had windows update try to brick the BIOS on my Lenovo workstation recently. I can’t believe Microsoft and manufacturers do this kind of shit. Luckily my workstation had dual BIOS so I could recover it. Between that and the fact that lenovo manufacturer locks their processors I would have waited until I could afford a supermicro had I known.

    • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      41
      ·
      2 days ago

      Welp, seems ASUS motherboards also push this by default: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation

      During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access).

      • skaffi@infosec.pub
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        1 day ago

        Holy shit. I got Logitech peripherals, and an ASUS motherboard. I’m glad I’m on Linux. I still have Windows installed, and booted into it around 2 weeks ago, after it having lied dormant for four months. I didn’t notice anything being installed, but maybe I had to reboot first.

        Quite possibly, my peripherals and motherboard are all too old to have this anti-feature. Do you know if there is a list of which of their hardware this is the case for?

        Damnit, I always preferred Logitech mice. I guess I might have bought my last one.

        • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          26
          ·
          edit-2
          1 day ago

          The ASUS UEFI firmware exposes an ACPI table to Windows 10, called “WPBT” or “Windows Platform Binary Table”. WPBT is used in the pre-built OEM industry, and is referred to as “the Vendor’s Rootkit.” Put simply, it is a script that makes Windows copy data from the BIOS to the System32 folder on the machine and execute it during Windows startup - every single time the system is booted.

          So, sounds like a Windows-specific vulnerability feature.

          • Grabthar@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 day ago

            Make a read only file/folder with the same name and the script should fail. But that is horseshit.

      • Midnight Wolf@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 day ago

        Similarly (above), I can’t confirm this either, on two different Asus boards, still in support/updates. I’m assuming this requires their software to be installed, which there’s no point to, so I didn’t bother… Maybe it’s part of their armory crate system, which can (should) be disabled in the bios…

  • Shimitar@feddit.it
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    4
    ·
    1 day ago

    Somebody should create a windows executable to be placed in the WPBT that silently install Linux on first windows boot…

    • viking@infosec.pub
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 day ago

      It also automatically reinstalls itself through a BIOS feature. That’s advanced level malware.

      • FuCensorship@lemmy.today
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 day ago

        Right? I thought I read that wrong!

        To disable future crap like this you gotta do it in the FUCKING BIOS? Wtf Asus…

      • Amon@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        1 day ago

        The seven windows 11 users disagree with you

        (I am not one of them)

      • stinky@redlemmy.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        39
        ·
        21 hours ago

        Hey Nocture you didn’t respond to my private message so I’m asking publicly, when you reported me to myself here, what did you expect me to do about it? Ban myself? And what rule did I break? My instance (yes, I’m the owner) doesn’t require AskLemmy to have open-ended question format. In fact, the sidebar explicitly states this. Not sure what your expectation was.

        dummy

        Next time it would be polite to answer the private message. Happy holidays.

    • Leate_Wonceslace@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      1
      ·
      edit-2
      1 day ago

      I think the title indicates that it’s like the malware known as “Christmas.exe”.

      Edit: I have too much faith in humanity…

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        74
        arrow-down
        2
        ·
        2 days ago

        The title is pushing the narrative that “real companies” doing hostile bullshit isn’t “real malware”.

        When companies ship malware, it should be called malware.

        • LainTrain@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          1
          ·
          edit-2
          2 days ago

          Most malware is corporate shitware.

          Compared to the wealth of pop-ups, ads and tracker cookies ubiquitous in every website that are burning down forests so they can run black box algorithms to optimize dark patterns for extracting as much revenue as possible while working the sweatshop poor to the bone - worming their way into everything without the condom of extensions - a cryptostealer disguised as ChatGPT_NFT_money_explosion.exe made by some teenager in albania feels… benign.

      • floofloof@lemmy.caOP
        link
        fedilink
        English
        arrow-up
        30
        ·
        edit-2
        2 days ago

        From the article:

        Even worse, the malware-looking Christmas wreath is linked to a process called “Christmas.exe.”

        So the process was actually called that. It popped up on my machine this morning and I immediately started scanning the whole system for malware and searching to see if anyone else had this problem.

  • MonkderVierte@lemmy.ml
    link
    fedilink
    English
    arrow-up
    133
    arrow-down
    1
    ·
    edit-2
    2 days ago

    It is a part of the ASUS Armoury Crate software that is pre-installed on some ASUS PCs.

    Always flash new OS if you buy a computer.

    • interdimensionalmeme@lemmy.ml
      link
      fedilink
      English
      arrow-up
      65
      ·
      1 day ago

      That’s in the bios, it’s a pcie device that windows allows to inject root level code into your environement, you have to turn it off and hope nothing ever spoofs that pcie id because that’s a permanent hardware rootkit into your pc like EFI

      • xavier666@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        5 hours ago

        Can this “feature” be turned off on Windows?

        Edit: nvm, I read the article

      • Etienne_Dahu@jlai.lu
        link
        fedilink
        English
        arrow-up
        35
        ·
        1 day ago

        That’s in the bios, it’s a pcie device that windows allows to inject root level code into your environement

        What. The. Fuck. Are they the only one to install their crap so deep?

          • Sylvartas@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            15
            ·
            1 day ago

            ROG is Asus.

            Also I don’t think I’ve ever had this issue with my previous, nor my current rog boards. I never use their drivers CD so maybe that helps

              • chiliedogg@lemmy.world
                link
                fedilink
                English
                arrow-up
                10
                ·
                22 hours ago

                ROG is model line of Asus, not a secondary brand. ROG is to Asus what F-series trucks are to Ford.

              • GHiLA@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                5
                ·
                edit-2
                20 hours ago

                Or we could all be informed consumers and… research products before we buy them to avoid these kinds of issues.

                I’d never buy an Asus product. I hear they’re a nightmare when it comes to customer service, so in avoiding them, I avoid that problem.

                • Appoxo@lemmy.dbzer0.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  12 hours ago

                  I swore myself to never buy an ROG PSU (very noisy fan. Never had an issue with my seagate one being noisy) or a motherboard (armory crate).
                  Are other (gaming) brands also so shit to have me reset all settings before updating the firmware? e.g Gigabyte, AsRock, EVGA?

          • Netrunner@programming.dev
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 day ago

            Msi tomahawk has it too.

            Gotta go in the bios and make sure your motherboard isn’t “helping” with drivers.

            • Saleh@feddit.org
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 day ago

              I dont know the exact model, but i think it is marketed B2B specifically. It advertises its “wolf security” on boot, which according to HP “offers hardware-enforced security layers, from motherboard to cloud, to prevent and contain malware, phishing, ransomware, and remote access attacks. It also provides solutions for patching, privileged access, remote management, incident recovery, and print security.”

              So it is something that allows HP access on the BIOS level.

              • Appoxo@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 day ago

                If it’s b2b it sounds like elite or pro model.
                But this wolf thingie is something about securing something.
                We usually remove it and it doesnt appear new installations.

    • Link@rentadrunk.org
      link
      fedilink
      English
      arrow-up
      120
      arrow-down
      1
      ·
      edit-2
      1 day ago

      That won’t get rid of it unless you also manually go into the BIOS and disable the install ASUS Armoury Crate setting as explained in the article.

      If you don’t do this it will automatically reinstall even on a fresh install of Windows. Some of these bloatware programs will even install without an internet connection! This absolutely ludicrously stupid feature is called WPBT and is used by lots of manufacturers. Luckily it doesn’t work on Linux (at least for now…).

        • Romkslrqusz@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 day ago

          It’s for the more novice users who can assemble a PC but don’t ever think go download / install drivers afterwards.

          Most of the motherboard OEMs do this. I get a lot fewer tickets where the root cause of the issue can be boiled down to “never installed drivers afterwards installing Windows”, which is also helped by the fact that many drivers are also served through Windows Update.

            • Romkslrqusz@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              20 hours ago

              I’m quite happy to install it, disable its startup background functions, and then use it to install / update drivers periodically. Much less tedious than doing it the manual way, especially when managing 10-20 systems per week.

              There’s a bunch of other potential functions but I simply don’t bother with them.

          • Romkslrqusz@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            19 hours ago

            I understand and respect your preference.

            A “power user” is typically going to go through the UEFI/BIOS settings immediately after assembling their machine to configure them to their liking. Having that preference, you likely fall within that category. I would add that, at this point, this practice is about 6 generations old at this point and in use by most motherboard vendors.

            As the article mentions, the feature could be considered useful. These products aren’t designed specifically for power users. Having network access and a frictionless path to driver deployment is ultimately beneficial to the majority of consumers who are going to interact with this hardware.

            • Link@rentadrunk.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              19 hours ago

              I would completely agree with you if that was what this feature was being used for, however most manufacturers use it to install bloatware instead of drivers which is not acceptable in my opinion.

              Not to mention the huge security risk of running exe files at boot up that could be exploited by malicious people. I’m sure manufacturers aren’t releasing a new bios update every time they update their software so old versions could have unpatched vulnerabilities…

      • chunkystyles@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 day ago

        Universal Blue is my go-to. Their OSs feel like the future. They are so easy to use and low maintenance. The upgrades happen in the background and apply automatically when you restart your computer.

        There are three flavors: Bazzite for gaming Bluefin and Aurora for basic workstations and developers

        I went with Aurora for myself because I like the developer focused stuff. But I also do a lot of gaming. Even though it’s not gaming focused, it’s still great for gaming.

        My wife uses it on her laptop, too. She doesn’t give a shit what her OS is as long as it works and she can use the browser.

      • pool_spray_098@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 day ago

        This cracks me up that everyone has a different distro to recommend… But I’ve tried many and OpenSUSE Tumbleweed was the standout that I’ve decided to stick with indefinitely.

      • WorseDoughnut 🍩@lemdro.id
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 day ago

        EndeavourOS

        Even for beginners it’s got a fantastic starting layout and default packages, but it’s still basically “just Arch Linux” where it counts so you get the best of both worlds.

        • ObsidianZed@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 day ago

          +1 for EndeavourOS here. For 90% of what I do, it was a virtually seamless transition. Only hang up is a few games, VR, etc.

        • Telodzrum@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 day ago

          Garuda is probably a better option if the focus is gaming. It’s the same idea, just with a focus on gaming hardware and software ready to go, out of the gate.

      • MonkderVierte@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 day ago

        Depends on your skills and what you want. I’m currently configuring a setup on Void, to learn about login, Wayland & Flatpak. Is that up your alley?

        • Wiz@midwest.social
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 day ago

          Hi there. I just installed Kubuntu on a spare machine, but I ran into a problem with the snaps. How would one “de-snap” it? Can you point me in the right direction?

          • mitrosus@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            10
            ·
            edit-2
            1 day ago
            • Remove Snap packages
            snap remove <package-name>
            

            (To check snap PKG installed, run

            snap list
            

            )

            • Uninstall Snapd
            sudo apt purge snapd
            
            • Remove leftover files
            sudo rm -rf /var/cache/snapd/
            

            and/snap`.

            • Optionally install Flatpak if you want an alternative.
            sudo apt install flatpak
            

            . Don’t forget to visit flathub.

  • FireWire400@lemmy.world
    link
    fedilink
    English
    arrow-up
    164
    arrow-down
    1
    ·
    edit-2
    2 days ago

    Who green lit this? I really hope that person gets fired immediately.

    The lack of any visual link to ASUS isn’t even the biggest problem for me; it’s that ASUS rolls out a program that (presumably) puts itself in autostart by default and just pops up without prompt at all.

    Edit: There’s a fucking setting in the BIOS to auto-install ASUS’ bullshit software? And it’s enabled by default… jesus fucking christ

    • equivocal@lemm.ee
      link
      fedilink
      English
      arrow-up
      55
      arrow-down
      1
      ·
      edit-2
      2 days ago

      Most computers firmware can store a Windows executable. Microsoft pushed for an addition to the ACPI tables called WPBT. That stores a Windows exectuable in the firmware. It is of course totally used for the intended purpose…

      • drspod@lemmy.ml
        link
        fedilink
        English
        arrow-up
        45
        ·
        2 days ago

        I’m always dismayed but not surprised by how many people don’t know about Windows Platform Binary Table, which has existed since Windows 8. It’s not exactly the type of feature that Microsoft or the board vendors would want to publicize, seeing as it gives them persistent rootkit capabilities on the same level as UEFI rootkits.

        Most normal people’s model of Windows security is “if something goes wrong then I wipe the disk and reinstall Windows,” and WPBT completely breaks that model, and has been doing so for 12 years.

        Thankfully there are ways to disable it:

        https://github.com/Jamesits/dropWPBT

      • Midnight Wolf@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 day ago

        Curious, what do you run? Gigabyte is still meh, ASRock I’ve heard is questionable, MSI is blacklisted garbage for me after a failed bios update and failed flashback restore…

          • Midnight Wolf@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            17 hours ago

            I helped a friend spec and build their first machine and they got an Aorus (that’s so weird to spell) board but it’s literally just branding. The board is fine but has nothing fancy, and it’s not crazy expensive but it’s sure not cheap either. We have flashed new bios on it twice and the instructions are well over 15 years old and very wrong. It’s a word document and like 4 steps, and they can’t even be bothered to do that much? What set are they leaving on autopilot? (oh, owners, update your bios as there is a recent exploit in the bios due to lack of ssl/tls… as in, there is none when checking for updates which can lead to you installing a malicious bios…)

            Just… questionable.

    • EngineerGaming@feddit.nl
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 day ago

      I feel like there would be no “Year of the Linux Desktop”, but rather the year of “Oh wow when did we hit 20% already?” A death of a thousand cuts is more plausible.

        • HeyJoe@lemmy.world
          link
          fedilink
          English
          arrow-up
          18
          arrow-down
          2
          ·
          2 days ago

          I don’t use Linux much, and I still agree. If the market share for Linux continues to rise every year, then it’s absolutely true.