• u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    42
    ·
    3 days ago

    Welp, seems ASUS motherboards also push this by default: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation

    During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access).

    • skaffi@infosec.pub
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      2 days ago

      Holy shit. I got Logitech peripherals, and an ASUS motherboard. I’m glad I’m on Linux. I still have Windows installed, and booted into it around 2 weeks ago, after it having lied dormant for four months. I didn’t notice anything being installed, but maybe I had to reboot first.

      Quite possibly, my peripherals and motherboard are all too old to have this anti-feature. Do you know if there is a list of which of their hardware this is the case for?

      Damnit, I always preferred Logitech mice. I guess I might have bought my last one.

      • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        29
        ·
        edit-2
        2 days ago

        The ASUS UEFI firmware exposes an ACPI table to Windows 10, called “WPBT” or “Windows Platform Binary Table”. WPBT is used in the pre-built OEM industry, and is referred to as “the Vendor’s Rootkit.” Put simply, it is a script that makes Windows copy data from the BIOS to the System32 folder on the machine and execute it during Windows startup - every single time the system is booted.

        So, sounds like a Windows-specific vulnerability feature.

        • Grabthar@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 days ago

          Make a read only file/folder with the same name and the script should fail. But that is horseshit.

    • Midnight Wolf@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 days ago

      Similarly (above), I can’t confirm this either, on two different Asus boards, still in support/updates. I’m assuming this requires their software to be installed, which there’s no point to, so I didn’t bother… Maybe it’s part of their armory crate system, which can (should) be disabled in the bios…