The manager who approved this need to be fired. Programs need to ask permission to the user before installing, especially when they’re not device drivers.
This is literal malware and there’s also a chance that it might be exploited (example: a mitm Attack exchanges the file that armory crate is downloading)
This kind of Easter egg is not funny at all, developers must avoid undocumented time bombs. I still remember that day 15 years ago when I turned on my Wii and it said that the system files were corrupted. After hours of reverting a full nand backup via bootmii (and losing 2 years of game saves) it turned out that it was a funny April’s fool by crediar, which put a fake system corruption message when you run his program on April 1st. Problem is that his program was a loader for the system menu so it was unavoidable if you didn’t know that.
Like me, there must be someone paranoid that saw that black bar on the screen, saw a weird Christmas.exe running on their system, and starting wiping or restoring old images to “clean” that.
the wreath has a memory leak
modern app design and its consequences
More like old app design. It’s much harder (but of course fully doable) to have a memory leak in modern languages.
Another reason to not buy any Asus stuff.
Windows is a choice. You made it. Congratulations.
This doesn’t have anything to do with Windows. This is ASUS’s fault
Nothing to do with Windows? Are we sure about that? Asus is a Windows OEM that pre installs Windows and has enough privileged access to insert a surreptitious executable compiled specifically for Windows.
Yes, agreed, if they chose a *nix like OS and they had root, they could do the same thing and that would be equally shitty. It is Windows OEMs that exhibit this kind of fsckery and yes we do have a choice.
Nobody could ever execute an installer as root on a Linux system 🙄
Linux squashes root over ssh. An OEM could preinstall a sudo user to get around this but that kind of BS would be their death knell as a vendor.
“do not panic – your device is not compromised.”
meme(always has been)
if someone not you installing crap you dont want isn’t compromised then i dont what is
There is nothing wrong with your device. Do not attempt to adjust the picture. We control the horizontal. We control the vertical.
…We control the treble, and all your bass belongs to us too.
/incredibly ancient joke
If you think the zoomers don’t know about Zero Wing you got another thing coming, buster 😎
I suddenly have the UHF theme song stuck in my head. We gonna make a couch potatah outta you!
When you turn on your PC and notice that there’s a huge Christmas banner on your desktop, do not panic – your device is not compromised.
Hah, well a vendor just pushed unapproved executable to the device and ran it without consent. Under any definition or other context it’s definitely compromised.
Welp, seems ASUS motherboards also push this by default: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation
During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access).
This is how cheats are installed on LAN competitions
Holy shit. I got Logitech peripherals, and an ASUS motherboard. I’m glad I’m on Linux. I still have Windows installed, and booted into it around 2 weeks ago, after it having lied dormant for four months. I didn’t notice anything being installed, but maybe I had to reboot first.
Quite possibly, my peripherals and motherboard are all too old to have this anti-feature. Do you know if there is a list of which of their hardware this is the case for?
Damnit, I always preferred Logitech mice. I guess I might have bought my last one.
What does it do with Linux?
The ASUS UEFI firmware exposes an ACPI table to Windows 10, called “WPBT” or “Windows Platform Binary Table”. WPBT is used in the pre-built OEM industry, and is referred to as “the Vendor’s Rootkit.” Put simply, it is a script that makes Windows copy data from the BIOS to the System32 folder on the machine and execute it during Windows startup - every single time the system is booted.
So, sounds like a Windows-specific
vulnerabilityfeature.Make a read only file/folder with the same name and the script should fail. But that is horseshit.
Similarly (above), I can’t confirm this either, on two different Asus boards, still in support/updates. I’m assuming this requires their software to be installed, which there’s no point to, so I didn’t bother… Maybe it’s part of their armory crate system, which can (should) be disabled in the bios…
Somebody should create a windows executable to be placed in the WPBT that silently install Linux on first windows boot…
If it’s unwanted, disruptive, and (allegedly) impacts performance, that’s not “malware-like”. It’s malware.
Confirmed, windows 11 is malware.
The seven windows 11 users disagree with you
(I am not one of them)
Hey Nocture you didn’t respond to my private message so I’m asking publicly, when you reported me to myself here, what did you expect me to do about it? Ban myself? And what rule did I break? My instance (yes, I’m the owner) doesn’t require AskLemmy to have open-ended question format. In fact, the sidebar explicitly states this. Not sure what your expectation was.
Next time it would be polite to answer the private message. Happy holidays.
I did not reply because it was obvious I made a mistake (as a partially blind person does when reading small text.) And you took a widely accepted community name and format and gave it your own twist, then sent a PM that was obviously looking for drama. Which is further obvious here.
banned lol
Ban me too, please? I’d prefer to not stumble across whatever you’re hosting.
Not a good look
banned lol
From where, exactly?
I think the title indicates that it’s like the malware known as “Christmas.exe”.Edit: I have too much faith in humanity…
The title is pushing the narrative that “real companies” doing hostile bullshit isn’t “real malware”.
When companies ship malware, it should be called malware.
From the article:
Even worse, the malware-looking Christmas wreath is linked to a process called “Christmas.exe.”
So the process was actually called that. It popped up on my machine this morning and I immediately started scanning the whole system for malware and searching to see if anyone else had this problem.
Jesus Christ what the fuck.
every submit a help desk ticket to Asus asking wtf is going on
It is a part of the ASUS Armoury Crate software that is pre-installed on some ASUS PCs.
Always flash new OS if you buy a computer.
This will be executed even on new fresh installation oob.
He didn’t say to flash Windows. 😉
Yet another vendor-bootkit?
That won’t get rid of it unless you also manually go into the BIOS and disable the install ASUS Armoury Crate setting as explained in the article.
If you don’t do this it will automatically reinstall even on a fresh install of Windows. Some of these bloatware programs will even install without an internet connection! This absolutely ludicrously stupid feature is called WPBT and is used by lots of manufacturers. Luckily it doesn’t work on Linux (at least for now…).
That’s wild that it’s a BIOS setting. Just an extra level of fuck you.
It’s for the more novice users who can assemble a PC but don’t ever think go download / install drivers afterwards.
Most of the motherboard OEMs do this. I get a lot fewer tickets where the root cause of the issue can be boiled down to “never installed drivers afterwards installing Windows”, which is also helped by the fact that many drivers are also served through Windows Update.
Operational drivers, sure i can see some valid use there.
But this is crapware.
I’m quite happy to install it, disable its startup background functions, and then use it to install / update drivers periodically. Much less tedious than doing it the manual way, especially when managing 10-20 systems per week.
There’s a bunch of other potential functions but I simply don’t bother with them.
I don’t think it reinstalls itself if you install Linux
For now…
Yup. And here i am, always telling people to first read the linked article, before they write.
automatically reinstall
The user is prompted to install the application.
According to this article: https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-windows-installation it has already installed services on your computer that persist restarts by the time you are prompted to install Armoury Crate. In my opinion that is not acceptable at all.
I understand and respect your preference.
A “power user” is typically going to go through the UEFI/BIOS settings immediately after assembling their machine to configure them to their liking. Having that preference, you likely fall within that category. I would add that, at this point, this practice is about 6 generations old at this point and in use by most motherboard vendors.
As the article mentions, the feature could be considered useful. These products aren’t designed specifically for power users. Having network access and a frictionless path to driver deployment is ultimately beneficial to the majority of consumers who are going to interact with this hardware.
I would completely agree with you if that was what this feature was being used for, however most manufacturers use it to install bloatware instead of drivers which is not acceptable in my opinion.
Not to mention the huge security risk of running exe files at boot up that could be exploited by malicious people. I’m sure manufacturers aren’t releasing a new bios update every time they update their software so old versions could have unpatched vulnerabilities…
Which distro do you recommend?
If you want minimal hassle, Mint is the deal.
Universal Blue is my go-to. Their OSs feel like the future. They are so easy to use and low maintenance. The upgrades happen in the background and apply automatically when you restart your computer.
There are three flavors: Bazzite for gaming Bluefin and Aurora for basic workstations and developers
I went with Aurora for myself because I like the developer focused stuff. But I also do a lot of gaming. Even though it’s not gaming focused, it’s still great for gaming.
My wife uses it on her laptop, too. She doesn’t give a shit what her OS is as long as it works and she can use the browser.
Aurora works very well on my dell laptop
This cracks me up that everyone has a different distro to recommend… But I’ve tried many and OpenSUSE Tumbleweed was the standout that I’ve decided to stick with indefinitely.
EndeavourOS
Even for beginners it’s got a fantastic starting layout and default packages, but it’s still basically “just Arch Linux” where it counts so you get the best of both worlds.
+1 for EndeavourOS here. For 90% of what I do, it was a virtually seamless transition. Only hang up is a few games, VR, etc.
Linux Mint or de-snapped Kubuntu.
Hi there. I just installed Kubuntu on a spare machine, but I ran into a problem with the snaps. How would one “de-snap” it? Can you point me in the right direction?
- Remove Snap packages
snap remove <package-name>(To check snap PKG installed, run
snap list)
- Uninstall Snapd
sudo apt purge snapd- Remove leftover files
sudo rm -rf /var/cache/snapd/and/snap`.- Optionally install Flatpak if you want an alternative.
sudo apt install flatpak. Don’t forget to visit flathub.
Lemmy Gold 🥇
Depends on your skills and what you want. I’m currently configuring a setup on Void, to learn about login, Wayland & Flatpak. Is that up your alley?
awesome, merry christmas
Just like the Mozilla Mr. Robot “Easter egg”
The what?
Who green lit this? I really hope that person gets fired immediately.
The lack of any visual link to ASUS isn’t even the biggest problem for me; it’s that ASUS rolls out a program that (presumably) puts itself in autostart by default and just pops up without prompt at all.
Edit: There’s a fucking setting in the BIOS to auto-install ASUS’ bullshit software? And it’s enabled by default… jesus fucking christ
Most computers firmware can store a Windows executable. Microsoft pushed for an addition to the ACPI tables called WPBT. That stores a Windows exectuable in the firmware. It is of course totally used for the intended purpose…
I’m always dismayed but not surprised by how many people don’t know about Windows Platform Binary Table, which has existed since Windows 8. It’s not exactly the type of feature that Microsoft or the board vendors would want to publicize, seeing as it gives them persistent rootkit capabilities on the same level as UEFI rootkits.
Most normal people’s model of Windows security is “if something goes wrong then I wipe the disk and reinstall Windows,” and WPBT completely breaks that model, and has been doing so for 12 years.
Thankfully there are ways to disable it:
There has been for years now. Disabling it is part of my first-time setup for a new board.
My ASUS X470 board doesn’t have it, though; guess it’s a bit too old for that
Stop buying ASUS junk imo
Curious, what do you run? Gigabyte is still meh, ASRock I’ve heard is questionable, MSI is blacklisted garbage for me after a failed bios update and failed flashback restore…
I’ve only heard good things about Aorus (which is basically Gigabyte), though
I helped a friend spec and build their first machine and they got an Aorus (that’s so weird to spell) board but it’s literally just branding. The board is fine but has nothing fancy, and it’s not crazy expensive but it’s sure not cheap either. We have flashed new bios on it twice and the instructions are well over 15 years old and very wrong. It’s a word document and like 4 steps, and they can’t even be bothered to do that much? What set are they leaving on autopilot? (oh, owners, update your bios as there is a recent exploit in the bios due to lack of ssl/tls… as in, there is none when checking for updates which can lead to you installing a malicious bios…)
Just… questionable.
I have a while ago…
You just cant make this shit up. Truly is year of the linux desktop.
I feel like there would be no “Year of the Linux Desktop”, but rather the year of “Oh wow when did we hit 20% already?” A death of a thousand cuts is more plausible.
They say that every year
And every year it is.
I don’t use Linux much, and I still agree. If the market share for Linux continues to rise every year, then it’s absolutely true.
There must have been at least one crappy one though, statistically speaking
I’d love to know if this was just some guy who went ‘let’s ship it to all our customers!’ or if this was a C-level 300 hours of meetings type of thing which concluded that spreading christmas
malwarecheer was the right move.this was downloaded and ‘installed’ by asus armory crate, which came from malware baked right into the bios of new and ‘newish’ asus motherboards (how to disable)
Remember when Lenovo did this?
