Linked by Thom Holwerda on Wed 12th Aug 2015 22:54 UTC
Windows

Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed.

The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that "most" is not "all." Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, calling the feature the "Lenovo Service Engine."

Microsoft provides more detailed on what, exactly, this functionality, dubbed the Windows Platform Binary Table, is supposed to be for (.docx file!), and how it works. From reading the document, it becomes clear that installing tracking software - which is what Lenovo is using this for - is not exactly what Microsoft had in mind.

The Windows PC world is such a mess.

Thread beginning with comment 615939
To read all comments associated with this story, please click here.
Comment by satan666
by satan666 on Thu 13th Aug 2015 02:38 UTC
satan666
Member since:
2008-04-18

I have a Lenovo desktop at work. Not my choice, employer's choice. But at least I could choose the OS. I'm using Fedora. Lenovo can stick the malware where the sun doesn't shine.

Reply Score: 4

RE: Comment by satan666
by shmerl on Thu 13th Aug 2015 03:46 in reply to "Comment by satan666"
shmerl Member since:
2010-06-08

Is there some way on Linux to detect such kind of weird firmware interference? Or it requires signing all the system?

Reply Parent Score: 2

RE[2]: Comment by satan666
by birdie on Thu 13th Aug 2015 08:56 in reply to "RE: Comment by satan666"
birdie Member since:
2014-07-15

Linux doesn't have to.

There isn't a single line of code in any Linux distro which reads this memory region and executes it under the system/root user unquestionably like Windows does.

Reply Parent Score: 2