If it’s unwanted, disruptive, and (allegedly) impacts performance, that’s not “malware-like”. It’s malware.
Confirmed, windows 11 is malware.
The seven windows 11 users disagree with you
(I am not one of them)
I think the title indicates that it’s like the malware known as “Christmas.exe”.Edit: I have too much faith in humanity…
The title is pushing the narrative that “real companies” doing hostile bullshit isn’t “real malware”.
When companies ship malware, it should be called malware.
Most malware is corporate shitware.
Compared to the wealth of pop-ups, ads and tracker cookies ubiquitous in every website that are burning down forests so they can run black box algorithms to optimize dark patterns for extracting as much revenue as possible while working the sweatshop poor to the bone - worming their way into everything without the condom of extensions - a cryptostealer disguised as ChatGPT_NFT_money_explosion.exe made by some teenager in albania feels… benign.
From the article:
Even worse, the malware-looking Christmas wreath is linked to a process called “Christmas.exe.”
So the process was actually called that. It popped up on my machine this morning and I immediately started scanning the whole system for malware and searching to see if anyone else had this problem.
Jesus Christ what the fuck.
When you turn on your PC and notice that there’s a huge Christmas banner on your desktop, do not panic – your device is not compromised.
Hah, well a vendor just pushed unapproved executable to the device and ran it without consent. Under any definition or other context it’s definitely compromised.
Who green lit this? I really hope that person gets fired immediately.
The lack of any visual link to ASUS isn’t even the biggest problem for me; it’s that ASUS rolls out a program that (presumably) puts itself in autostart by default and just pops up without prompt at all.
Edit: There’s a fucking setting in the BIOS to auto-install ASUS’ bullshit software? And it’s enabled by default… jesus fucking christ
Most computers firmware can store a Windows executable. Microsoft pushed for an addition to the ACPI tables called WPBT. That stores a Windows exectuable in the firmware. It is of course totally used for the intended purpose…
I’m always dismayed but not surprised by how many people don’t know about Windows Platform Binary Table, which has existed since Windows 8. It’s not exactly the type of feature that Microsoft or the board vendors would want to publicize, seeing as it gives them persistent rootkit capabilities on the same level as UEFI rootkits.
Most normal people’s model of Windows security is “if something goes wrong then I wipe the disk and reinstall Windows,” and WPBT completely breaks that model, and has been doing so for 12 years.
Thankfully there are ways to disable it:
There has been for years now. Disabling it is part of my first-time setup for a new board.
My ASUS X470 board doesn’t have it, though; guess it’s a bit too old for that
Stop buying ASUS junk imo
Curious, what do you run? Gigabyte is still meh, ASRock I’ve heard is questionable, MSI is blacklisted garbage for me after a failed bios update and failed flashback restore…
I’ve only heard good things about Aorus (which is basically Gigabyte), though
I helped a friend spec and build their first machine and they got an Aorus (that’s so weird to spell) board but it’s literally just branding. The board is fine but has nothing fancy, and it’s not crazy expensive but it’s sure not cheap either. We have flashed new bios on it twice and the instructions are well over 15 years old and very wrong. It’s a word document and like 4 steps, and they can’t even be bothered to do that much? What set are they leaving on autopilot? (oh, owners, update your bios as there is a recent exploit in the bios due to lack of ssl/tls… as in, there is none when checking for updates which can lead to you installing a malicious bios…)
Just… questionable.
I have a while ago…
It is a part of the ASUS Armoury Crate software that is pre-installed on some ASUS PCs.
Always flash new OS if you buy a computer.
That’s in the bios, it’s a pcie device that windows allows to inject root level code into your environement, you have to turn it off and hope nothing ever spoofs that pcie id because that’s a permanent hardware rootkit into your pc like EFI
Can this “feature” be turned off on Windows?
Edit: nvm, I read the article
You can turn it off in the bios, but windows will still execute code with root privileges from devices with the right PCI and USB ID As far as I know, that one cannot be turned off. I assume it is also a police/intel backdoor for PCs with secure boot and encryption turned on.
This will be executed even on new fresh installation oob.
Yet another vendor-bootkit?
He didn’t say to flash Windows. 😉
Which distro do you recommend?
If you want minimal hassle, Mint is the deal.
Universal Blue is my go-to. Their OSs feel like the future. They are so easy to use and low maintenance. The upgrades happen in the background and apply automatically when you restart your computer.
There are three flavors: Bazzite for gaming Bluefin and Aurora for basic workstations and developers
I went with Aurora for myself because I like the developer focused stuff. But I also do a lot of gaming. Even though it’s not gaming focused, it’s still great for gaming.
My wife uses it on her laptop, too. She doesn’t give a shit what her OS is as long as it works and she can use the browser.
Aurora works very well on my dell laptop
This cracks me up that everyone has a different distro to recommend… But I’ve tried many and OpenSUSE Tumbleweed was the standout that I’ve decided to stick with indefinitely.
Depends on your skills and what you want. I’m currently configuring a setup on Void, to learn about login, Wayland & Flatpak. Is that up your alley?
Linux Mint or de-snapped Kubuntu.
Hi there. I just installed Kubuntu on a spare machine, but I ran into a problem with the snaps. How would one “de-snap” it? Can you point me in the right direction?
- Remove Snap packages
snap remove <package-name>(To check snap PKG installed, run
snap list)
- Uninstall Snapd
sudo apt purge snapd- Remove leftover files
sudo rm -rf /var/cache/snapd/and/snap`.- Optionally install Flatpak if you want an alternative.
sudo apt install flatpak. Don’t forget to visit flathub.
Lemmy Gold 🥇
The manager who approved this need to be fired. Programs need to ask permission to the user before installing, especially when they’re not device drivers.
This is literal malware and there’s also a chance that it might be exploited (example: a mitm Attack exchanges the file that armory crate is downloading)
This kind of Easter egg is not funny at all, developers must avoid undocumented time bombs. I still remember that day 15 years ago when I turned on my Wii and it said that the system files were corrupted. After hours of reverting a full nand backup via bootmii (and losing 2 years of game saves) it turned out that it was a funny April’s fool by crediar, which put a fake system corruption message when you run his program on April 1st. Problem is that his program was a loader for the system menu so it was unavoidable if you didn’t know that.
Like me, there must be someone paranoid that saw that black bar on the screen, saw a weird Christmas.exe running on their system, and starting wiping or restoring old images to “clean” that.
everyone submit a help desk ticket to Asus asking wtf is going on
Why don’t every vendor with an installed app make a similar banner?
It would be so festive, and I bet people would love it, to have 20 or 30 such occurrences every time you need to use your computer during holidays.
It would of course be optimal if each has an animation and a tune, that need to finish before you can escape.
Weird that only Asus had this brilliant idea? It’s so awesome when you are not in control of what happens on your computer.
/sIf you want to take back control, Linux is your best option.
the wreath has a memory leak
modern app design and its consequences
Somebody should create a windows executable to be placed in the WPBT that silently install Linux on first windows boot…
An unsolicited Christmas card through a letterbox would have at least been less worrying.
awesome, merry christmas
I got on this on Windows 10 too.
At first I thought I got a virus or something, but then realized this was some ASUS bullshit.
it is a very subtile ad for linux
Make no mistake, they will backpedal and apologize, but this was a flex. They want the public to know that their machines are fucking pwnt from top to bottom and they shouldn’t try any funny shit.
Thank god I was using Linux
Edit:Nvm its Armory crate shenanigansIs a Linuc a single Linux?
Yes
