![]() ![]() We poked and prodded with the service a bit. If nothing else, a person's IP address will be transmitted to ASUS without consent, possibly more, including details like motherboard model, system specs and installed hardware. Our motherboard was supplied within the European Union, and yet the software lacks a GPDR-compliant user consent dialog. ![]() They automatically installed a rootkit, which logged data and pushed bloatware into the user's system. Lenovo has used the same method in 2015, which resulted in a huge scandal. It should normally take a lot of privilege for anything to write to your System32 folder without user-intervention, at least a UAC dialog authenticating the user's consent. This method of writing data to protected areas of the boot drive may not be uncommon with OEM pre-built desktops and notebooks, but for the PC DIY space, in which consumers seek a higher degree of control and privacy over their hardware and software, it is a first and comes across as intrusive. Windows 10 doesn't support the new Z390 integrated Ethernet controller out of the box. Interestingly, it also installs a basic driver to get the integrated network controller working, which is a nice feature. Once the desktop is loaded, it manifests itself as a bloatware-looking notification near our system tray, requesting you to install the ASUS Armoury Crate software, by fetching the rest of its installer payload from the Internet. The ASUS executable unpacks two more files, registers the "AsusUpdateCheck" service and launches it. This gives pretty much full control over everything, including protected folders and the registry. According to the Microsoft WPBT reference, which describes this feature as useful for "anti-theft software", this binary is a "native, user-mode application that is executed by the Windows Session Manager during operating system initialization.", which means "before all other programs, with administrative privileges". WPBT is used in the pre-built OEM industry, and is referred to as "the Vendor's Rootkit." Put simply, it is a script that makes Windows copy data from the BIOS to the System32 folder on the machine and execute it during Windows startup - every single time the system is booted. The ASUS UEFI firmware exposes an ACPI table to Windows 10, called "WPBT" or "Windows Platform Binary Table". After digging around in the UEFI BIOS, we managed to find a fairly nondescript option "Download and Install ARMOURY CRATE app", which of course defaults to "on" and it's not easy to find, being located in the "Tool" section of the BIOS setup. This is a very useful feature, as it establishes a method to install network driver and other drivers easily, without the need for a physical driver disc (in times where nobody has an optical drive anymore). The files themselves, which total around 3.6 MB in size, appear harmless, and belong to an ASUS-made program called "ASUS Armoury Crate." This program fetches the latest drivers for your hardware from ASUS servers, and installs them for you in an automated process with little user-intervention. These files could not have come from either our Windows image or the network, leaving the motherboard's 16-megabyte UEFI BIOS as the only suspect. Upon further investigation we also found a new, already running, system service called "AsusUpdateCheck." We discovered three ASUS-signed files in our Windows 10 System32 folder, which, so it seems, magically appeared on our harddrive out of thin air. This got us curious and we scanned the system for any files that aren't part of the standard MS Windows installation. Upon first boot, with the machine having no LAN or Internet connectivity, we were greeted by an ASUS-specific window in the bottom right corner of our screen, asking whether we'd like to install the network drivers and download "Armoury Crate". Our Windows 10 image is based on Windows 10 April 2018 Update and lacks in-built drivers for the integrated network controllers. the machine has no Internet or LAN access). This process happens in complete network-isolation (i.e. During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |