This is a most excellent place for technology news and articles.
If it's unwanted, disruptive, and (allegedly) impacts performance, that's not "malware-like". It's malware.
It also automatically reinstalls itself through a BIOS feature. That's advanced level malware.
~~I think the title indicates that it's like the malware known as "Christmas.exe".~~
Edit: I have too much faith in humanity..
The title is pushing the narrative that "real companies" doing hostile bullshit isn't "real malware".
When companies ship malware, it should be called malware.
From the article:
Even worse, the malware-looking Christmas wreath is linked to a process called “Christmas.exe.”
So the process was actually called that. It popped up on my machine this morning and I immediately started scanning the whole system for malware and searching to see if anyone else had this problem.
When you turn on your PC and notice that there’s a huge Christmas banner on your desktop, do not panic – your device is not compromised.
Hah, well a vendor just pushed unapproved executable to the device and ran it without consent. Under any definition or other context it's definitely compromised.
This is why I boycott Logitech, they started pushing the Logitech Download Assistant through Windows Update as soon as you connect a Logitech mouse/keyboard.
It autoruns not only when it is first installed but on every startup.
It is rather annoying to try and uninstall it, I don't get why there has been so little backlash against this....
Microsoft permitting this is devaluing Windows Update, the driver (.inf) should be installed automatically, any executable file that WU wants to download and run on your computer should just bring up a small Windows notification saying something like this:
The device you just installed requests to download and run the following program from Windows Update:
Logitech Download Assistant
Will you approve or reject this request? Approve/Reject
It is just terrible that this is permitted
I never knew about this (using Linux) but when I plugged my mouse onto a friend's laptop and suddenly a big banner animated onscreen, my heart sank lol. No idea how this works but it was pretty unexpected.
I get this request sometimes on my work machine. Guess what? I don't even have the rights to install it. Insanity
Welp, seems ASUS motherboards also push this by default: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation
During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access).
Who green lit this? I really hope that person gets fired immediately.
The lack of any visual link to ASUS isn't even the biggest problem for me; it's that ASUS rolls out a program that (presumably) puts itself in autostart by default and just pops up without prompt at all.
Edit: There's a fucking setting in the BIOS to auto-install ASUS' bullshit software? And it's enabled by default.... jesus fucking christ
Most computers firmware can store a Windows executable. Microsoft pushed for an addition to the ACPI tables called WPBT. That stores a Windows exectuable in the firmware. It is of course totally used for the intended purpose...
I'm always dismayed but not surprised by how many people don't know about Windows Platform Binary Table, which has existed since Windows 8. It's not exactly the type of feature that Microsoft or the board vendors would want to publicize, seeing as it gives them persistent rootkit capabilities on the same level as UEFI rootkits.
Most normal people's model of Windows security is "if something goes wrong then I wipe the disk and reinstall Windows," and WPBT completely breaks that model, and has been doing so for 12 years.
Thankfully there are ways to disable it:
It is a part of the ASUS Armoury Crate software that is pre-installed on some ASUS PCs.
Always flash new OS if you buy a computer.
That won’t get rid of it unless you also manually go into the BIOS and disable the install ASUS Armoury Crate setting as explained in the article.
If you don’t do this it will automatically reinstall even on a fresh install of Windows. Some of these bloatware programs will even install without an internet connection! This absolutely ludicrously stupid feature is called WPBT and is used by lots of manufacturers. Luckily it doesn’t work on Linux (at least for now…).
That's wild that it's a BIOS setting. Just an extra level of fuck you.
That's in the bios, it's a pcie device that windows allows to inject root level code into your environement, you have to turn it off and hope nothing ever spoofs that pcie id because that's a permanent hardware rootkit into your pc like EFI
That's in the bios, it's a pcie device that windows allows to inject root level code into your environement
What. The. Fuck. Are they the only one to install their crap so deep?
I'd love to know if this was just some guy who went 'let's ship it to all our customers!' or if this was a C-level 300 hours of meetings type of thing which concluded that spreading christmas ~~malware~~ cheer was the right move.
this was downloaded and 'installed' by asus armory crate, which came from malware baked right into the bios of new and 'newish' asus motherboards (how to disable)
You just cant make this shit up. Truly is year of the linux desktop.
They say that every year
And every year it is.
I don't use Linux much, and I still agree. If the market share for Linux continues to rise every year, then it's absolutely true.
"do not panic – your device is not compromised."
meme(always has been)
There is nothing wrong with your device. Do not attempt to adjust the picture. We control the horizontal. We control the vertical.
...We control the treble, and all your bass belongs to us too.
/incredibly ancient joke
if someone not you installing crap you dont want isn't compromised then i dont what is
Why don't every vendor with an installed app make a similar banner?
It would be so festive, and I bet people would love it, to have 20 or 30 such occurrences every time you need to use your computer during holidays.
It would of course be optimal if each has an animation and a tune, that need to finish before you can escape.
Weird that only Asus had this brilliant idea? It's so awesome when you are not in control of what happens on your computer.
/s
If you want to take back control, Linux is your best option.
Oooh, make one of them a little purple animated gorilla, I'd like that too.
The manager who approved this need to be fired. Programs need to ask permission to the user before installing, especially when they're not device drivers.
This is literal malware and there's also a chance that it might be exploited (example: a mitm Attack exchanges the file that armory crate is downloading)
This kind of Easter egg is not funny at all, developers must avoid undocumented time bombs. I still remember that day 15 years ago when I turned on my Wii and it said that the system files were corrupted. After hours of reverting a full nand backup via bootmii (and losing 2 years of game saves) it turned out that it was a funny April's fool by crediar, which put a fake system corruption message when you run his program on April 1st. Problem is that his program was a loader for the system menu so it was unavoidable if you didn't know that.
Like me, there must be someone paranoid that saw that black bar on the screen, saw a weird Christmas.exe running on their system, and starting wiping or restoring old images to "clean" that.
everyone submit a help desk ticket to Asus asking wtf is going on
WDYM "malware like"? It is malware.
Somebody should create a windows executable to be placed in the WPBT that silently install Linux on first windows boot....
An unsolicited Christmas card through a letterbox would have at least been less worrying.
Another reason to not buy any Asus stuff.
How was this even approved for deployment?
awesome, merry christmas
