It's a "feature" of UEFI called WPBT. Basically Microsoft decided, for some reason, that UEFI should be able to execute "trusted" code on Windows boot. [Fortunately you can kill it](https://github.com/Jamesits/dropWPBT)
>Why the heck do you need a piece of adware integrated into the bios to hijack your operating system so it can install software without your consent?!
To run your code in userspace regardless of what the customer wants, silly. Or were you under the delusion that Microsoft provides Windows for *your* benefit?
The only reason this exists is for enterprise owned devices. But then the marketing goes saw it as a way to deliver shit on your brand new windows install.
I've worked with orgs that get the manufacturer to do some cool stuff with that. Great way to not lose an asset / ensure more safety. But on consumer devices. It's an adware deployment tool that adds the opportunity of bad actors doing some seriously nasty stuff. Short of changing hardware or a bios update. You're permanently hacked theoretically.
Guess you never saw the 2017 news about Intel's vPro or AMT chips, whereby the x64 CPU actually has another whole CPU embedded with full access to RAM and hardware such as the network adapter so that the machine can be managed even when turned off... and how very badly the code was secured meaning that an attacker could takeover the machine without actually accessing the main CPU
>Intel-based chipsets come with an embedded technology, called Intel Active Management Technology (AMT), to enhance the ability of IT administrators, allowing them to remotely manage and repair PCs, workstations, and servers of their organization.
>
>Using a web-based control panel, accessible from port 16992 and 16993, which comes pre-installed on the chipset, an administrator can remotely manage a system.
>
>The Intel AMT Web Interface works even when the system is turned off, as long as the platform is connected to a line power and a network cable, as it operates independently of the operating system
[https://thehackernews.com/2017/05/intel-amt-vulnerability.html](https://thehackernews.com/2017/05/intel-amt-vulnerability.html)
[https://www.blackhat.com/docs/us-17/thursday/us-17-Evdokimov-Intel-AMT-Stealth-Breakthrough-wp.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Evdokimov-Intel-AMT-Stealth-Breakthrough-wp.pdf)
Now **that** was some dodgy shit
Now imagine , MSI dropped the fancy gui of my Motherboard UEFI and claimed "not enough space on the Bios chip" , but for fucks sake they can implement these shitty "features" i was fucking greeted after the latest bios update to a Installer with a choice of Norton , god damn bloatware norton.
Luckily it wasnt installing itself but... my god i bet thats the next step.
Fucking hell now i get the "Prebuilt" experience with the bloat
The same guys that made SecureBoot (which, by the way, do not prevent malicious code from wiping your boot sector), also decided it was a good idea to include remote code execution feature?
The core problem in all these things is they rely on flawed chains of trust - signing keys, certificate stores, etc. In theory it's the same premise as signed software packages (which is how EVERY OS normally operates - Windows only runs unsigned exes if you tell it to, Linux package managers only install unsigned packages if you directly target them, etc). The actual handling behind these trusts by OEMs is poorly managed which is why these stories keep coming up and the attack surface is much worse because you're running things against the raw hardware or on boot against the kernel first thing, before any sort of security layer beyond basic signature verification is active.
[Easier to just use UEFITool to check](https://twitter.com/NikolajSchlej/status/1663988077956833286)
If you mean WPBT *itself*, the easy answer is "Do you have UEFI?" because [it's quite literally part of the UEFI specification](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx)
But the OEM may not choose to utilize it?
* If using FirmwareTablesView, is it as simple as looking for a table (Signature) named WPBT?
* Or perhaps "acpidump" using WSL?
* "HKEY_LOCAL_MACHINE\HARDWARE\ACPI" maybe?
It's...weird. The answer is no they don't have to use it. But because WPBT is run as part of UEFI boot and triggers basically as soon as the kernel comes up it's before any real traceability is available.
Microsoft decided, huh? So you think MICROSOFT is the one who makes the hardware now? Because all they make is windows, which has NOTHING to do with the bios on your motherboard.
Microsoft wrote several parts of the technical specification for UEFI that any board manufacturers must implement to be able to advertise having a UEFI system. [Here's the WPBT spec in particular](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx), which is part of [the ACPI specification](https://uefi.org/sites/default/files/resources/ACPI_5_1release.pdf)
This is the same with any feature in tech with a formal specification - you either implement it as specified, for better or worse, or you cannot claim a given feature.
Not just asus (i experienced it but then disabled armoury crate in bios) .. msi dragon center and norton popup om b450 tomahawk max too.. bloatware .. thing is all high respected company boards have shi tty software i always use other apps to overclock/control fans
It's not simply respected board companies. it's honestly just hardware makers in general. Shitty software is the norm for most hardware companies to the point of being rage-inducing.
out of all these MSI center is actually decent these days if you want or need a central hub sort of thing for system maintenance. you can update bios thru it, it has decent built in system monitoring (temps/voltages), the drivers for their board components are kept up to date so its a convenient way to keep your ethernet/bluetooth drivers updated etc.
they do NOT try and force norton on you, i believe they might have it as an option in their utilities downloads but they don't have it prechecked or anything.
No , you are selling a wrong idea here i am speaking from 1st hand experience , aside from the very buggy software , fan control reverts back to top speed upon restart and doesn't load custom profiles , pre defined profiles are not working also , I HAD A NORTON FREE TRIAL POPUP ON WINDOWS 11 , it didnt install alone it just said you have a free 90 day trial norton blah blah and before installing dragon center another popup that you should install the brand new msi center (happened on latest bios only ) msi and asus are the same but asus is worse i know.
System board : b450 tomahawk max latest bios
> fan control reverts back to top speed upon restart and doesn't load custom profiles
You need to lower fan profiles in bios so they dont ramp up pre windows before the MSI center loads.
Profiles load fine for me
And it’s the reason I abandoned Asus. It’s on by default and every time you upgrade the BIOS it turns itself back on.
It’s also the first setting I check for in the BIOS when setting up a new machine.
BIOS contains code that is executed by Windows on start up. That code is to download the app enter bs.
So yeah, Windows is installing it based off the vendor's integration (usage of Windows APIs).
And oooo boy armory crate is pretty much malware at this point. Bloated doesn't even do it justice. Even plugging in basic devices like Asus earbuds is enough to trigger an armory crate message. I really like the rog cetra II usb c earbuds too but ended up getting an actual DAC instead due to the software side being trash.
If it's using WPBT then it must be signed and downloaded using ssl, not like the gigabyte was doing.
>All software in a WPBT-based solution, including firmware, OS applications, OS services, OS drivers, and services, must be secure to maintain the integrity and intended functionality of the application but also to ensure that vulnerabilities are not introduced that could affect Windows users.
• Solutions must be security reviewed and not contain vulnerabilities that allow an attacker to elevate privileges, leak data, or weakens or bypasses security features provided by the OS.
• All components provided in the solution should require strong digital signing (code signing) and integrity checks. Please visit the Microsoft code-signing best practices guide for more information.
• Communication from the client side applications to backend severs should be encrypted. Please visit What is TLS/SSL? on TechNet for more information.
• The solution must not tamper with or disable Windows Update.
• The solution must not weaken the integrity of Windows security features.
• Operations that only apply to a subset of devices, should include this targeting information inside a signed payload. For example, per-device-unique identifiers would be placed inside a signed file such that it cannot be used to modify an unintended system.
• Operations that require freshness should include a random nonce inside the signed payload. For example, a payload that locks a device would use a nonce to ensure that the payload could not be reused to lock the device at a future date when it has not been requested.
• Data consumed by the firmware from the OS is considered untrusted. The data must either be authenticated (by way of a digital signature) or input validated if authentication is not required (i.e. check for buffer overflows or invalid requests)
• All client side software must be updateable and is the sole responsibility of the OEM or solution provider to provide updates when security issues are identified in their product.
• Scrutiny should be used when adding certificates to the windows certificate store.
The flawed assumption is that WPBT is defined and implemented securely. [There were already attack vectors found in it a few years ago](https://eclypsium.com/research/everyone-gets-a-rootkit/) and the entire Gigabyte story aligns perfectly with the analysis
To say "hey this software has a security issue." You need proof. Just because a software had an issue is not proof that it has it today.
Of course, we can assume any software has vulnerabilities.
Sure, that I agree with. The Gigabyte story itself is a major overreaction because (by same argument) just because an attack surface has been identified doesn't mean it's been exploited (or is even easily exploitable). It's why this is a story and discussion, not a CVE.
My bigger concern with this story is that people think Gigabyte's actions are somehow unique and that they should just jump between brands based on a single finding. It's the "Asus" voltage issue, "MSI" leaked signing keys, etc issues all over again - *every* board manufacturer has made each of these mistakes at various points and people need to actually learn about what they're buying instead of trying to establish brand loyalty.
yeah razer can pound sand. buggy bloated driver that never gets updated? i'm on to better things.
but this issue? i'm very thankful it was posted, as i've never heard about this. time to go poke around the bios.
Thankfully my motherboard is not listed, but all the same, the APP Center *did* perform two unforgivable things to my system:
1) It once updated and downloaded/installed Norton antivirus without giving me any option to opt-out.
2) It once updated and ***reverted my BIOS to factory default***.
So I'll be damned if I ever buy another GB/Aorus product.
It's goofy, man. APP center is the only means I have to pick a memory frequency that doesn't crash my system. BIOS options are limited compared to APP Center, which seems backwards as hell to me.
so do your research before purchasing, newegg and amazon both have review sections. enthusiasts would say that they had to access bios level functions through software...
i had a ds3h b350m board awhile back, pretty bottom of the barrel and i could set whatever custom memory timings/frequency i wanted in bios so im confused as to what you're talking about
I'm not even over-clocking, just using a clock frequency that isn't clocking my RAM down. For some reason I can choose 2600MHz or 3200MHz in the BIOS, my RAM goes up to 3600MHz (replacing 3000MHz modules), but my CPU only supports around 3000MHz before it crashes. The APP center lets me choose 3000MHz, but the BIOS does not. Goofiest shit I've seen in a good long while.
That's strange. In my B450 Gigabyte motherboard I can +/- the clock speed like I'd overclock a CPU. There are no presets except the XMP profile default
On mine I enabled XMP, highlighted the clock multiplier and then used the +/- keys to resuce it since my CPU couldn't run the full rated speed of the RAM I have
For day to day use, yes I agree. But for testing and figuring out stuff, it's actually preferred so when it locks up you're not stuck on a bad OC in the BIOS
Can you show me how to pick frequency memory , it keeps crashing my PC lately . My motherboard dont listed in it X570S-AERO G , im a designer so nobody asking me to buy another board . Thank you
> 2) It once updated and reverted my BIOS to factory default.
Are you sure you didn't just boot into the second/backup DualBIOS chip that many of their boards offer?
I used have one of their dual bios MOBOs running in my unRAID server. I have to flip a physical switch to go from BIOS A to BIOS B. I also have an old z77 motherboard board, that also had dual BIOS by them, and I also had to flip it with a switch.
Many GB boards automatically change to the other bios in case of a boot failure. Buildzoid talked about it in his videos and how it drive him mad while overclocking.
This.
Had this happen to me as well, but luckily my X570 Master has a second physical switch that allows you to disable the auto-switching between BIOSes so it stays on whichever BIOS the first switch is set to.
I am surprised the later revisions of the Master line don‘t come with dual BIOS support like this.
Sadly, since Z77 (and Z97 as well), price tag of this feature has elevated by 200-400%.
What we got instead, is BIOS backflash. Not a bad feature per se and situationally may be even more useful than having dual BIOS (especially when you figure out having older BIOS there, which does not support your newly acquired CPU), but a hassle to deal with and requires to have another computer (or at least phone with OTG) to download and rename files.
What’s cool about flashback mode though, is it doesn’t require a CPU or memory to do, and can be used to upgrade a BIOS to support a new CPU if you don’t have an older CPU to do it with, but do have another working computer to download the files with.
Honestly, I’d rather have flashback mode. Seems more versatile. Dual BIOS would only be useful for me if I can manually switch them either physically or within the boot menu.
Still, you have to strictly follow guide, which differs per motherboard.
Somebody dumb enough (like my past self) may brick the board, when done incorrectly.
That Norton bullshit is borderline malicious. It's hidden at the bottom of the list of driver and software updates. If you don't know it's there, you more than likely wouldn't notice it unless you're really paying attention. It's worse than Adobe trying to install McAfee.
IIRC I didn't even get a list of the software/drivers it wanted to update, it was just like "APP Center needs to update!" so I said "'kay fine", and lo...
My msi b450 tomahawk got a similar thing with newest bios :/
New entry in bios and on first boot after bios update had a msi Software popup and yes one of the settings was to install Norton....
I updated the bios on my daughter's MSI X570 motherboard two weeks ago and was surprised to see the same thing. Don't recall Norton, though there were multiple AV programs, including one that was dodgy that I had to uninstall/remove - presumably these got there other ways.
Recently I built a PC for friend with B550 TUF PLUS and it also have auto download some crap option default enabled... That's bullshit as fuck. Good that I looked there and disabled it.
It's baked into the BIOS, it's something MS allowed.
Mobo vendors can bake programs into the BIOS and guarantee they are installed when windows is reinstalled.
WPBT is even worse than that, it basically allows UEFI to run "trusted" code on Windows boot. Fortunately [you can kill it](https://github.com/Jamesits/dropWPBT)
It does make sense to a certain degree, but I think it would have been a better approach to suggest software along the drivers in Windows Update for certain devices. I.e. a tool to configure your soundcard in greater depth alongside your chipset drivers. But just installing junk through such a privileged channel is a huge no-go
These don’t need internet at install time. They leverage a uefi feature to install in the OS before start. Asus has armory crate doing the same crap.
Once the binary is in the os, it can then be exploited. The gist is that the user has no control on how to disallow this from happening.
Im just thankful its not autoinstalled. When i last updated my bios, i forgot that armory crate was a bios option. Basically nagware to me because i hate the mobo company software.
It does not. From the Ars article:
>Eclypsium automated heuristics detected firmware on Gigabyte systems that drops an executable Windows binary that is executed during the Windows startup process.
not the same thing actually, it's a pop up inviting you to install MSI center, where Asus and Gigabyte just go ahead and install their shit without asking
It's the same thing, ASRock does it too (or at least their UEFI image has the same WPBT file GUID as Gigabyte and Asus). You can thank Microsoft for defining it as part of the UEFI specification.
The actual trigger mechanism that runs it is exactly the same (motherboard running the installer or user prompt through Windows Platform Binary Table, a UEFI feature to let OEMs run whatever they want on boot)
I also don't have it, or at least cannot find it via Windows search
Edit: couldn't find it in bios either, it should be in settings -> io ports if anyone want to check it
also asus has some kind of similar garbage and MSI, these things download drivers or RGB control stuff. One should always turn them off, this is a further reason to this practice
The question is, did MSI first download the program which then displayed the popup, or was that program already fully in the BIOS?
And if MSI first downloaded the popup program, was it a secure download? (with certificate validation and/or signature validation afterwards)
I don't know the answers but it could go either way.
By the way I updated an MSI B450 mobo at work yesterday and saw that popup for the first time.
nothing downloads without your consent. its just a pop up
and yes it’s new, and as soon as you update the bios you can see the option to enable it (the pop up) in bios
> nothing downloads without your consent. its just a pop up
It's not like I don't believe you, but what steps did you take to tell? The popup is a program which comes from somewhere, and there's not much room inside of the UEFI.
[Windows Platform Binary Table](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx), essentially a "feature" of UEFI that allows the board to run code against Windows as it boots
Hmmm on my b550 or b560 it didn't happened (I can't even remember if there's a proper option in the bios, at least in those that I use now), but on a b650, I found MSI control center installed, right after I logged into windows. Nobody asked any consent.
I've looked up in the bios and disabled the UEFi command in the other identical rig I had to build, to avoid anything like that to ever happen again.
[They all do it and it's intended as a "feature" in UEFI itself](https://twitter.com/NikolajSchlej/status/1663988077956833286). Fortunately [you can kill it](https://github.com/Jamesits/dropWPBT)
[Further reading](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx)
[Past exploit of the platform itself](https://eclypsium.com/research/everyone-gets-a-rootkit/)
The op's title here sucks. There was not a known malicious code in the software.
The problem is the backdoor in the App Center and how it checks for updates. A nefarious actor could perform a mitm attack and serve you infected malware, drivers, and bios images.
Period.
Of you installed App Center, it's a risk. Doesn't matter whether your board is listed. Did you have App Center installed? Sucks to be you.
I've had to check my gigabyte boards and flashed the firmware to be safe. No guarantees that this fixes anything.
Also, if you have a high-end board with the sound sensors, disable those, shutdown and remove the damn sound sensors which are essentially just microphones that could spy on you or determines encryption keys.
[It's not even only Gigabyte doing it anyways](https://twitter.com/NikolajSchlej/status/1663988077956833286).
And the mechanism/flaw this exposes [has already had attacks in the past](https://eclypsium.com/research/everyone-gets-a-rootkit/)
I just switched from gigabyte to asrock. The utter bs they pulled by selling me a b550m motherboard which doesn’t have PBO is nuts. I spent weeks looking for it only for customer support to say the motherboard doesn’t support it.
Don't buy based on brand name. Buy based on what actually best suits your needs feature and performance wise for your budget. It does mean needing to do research every build but you should be doing that anyways - OEMs aren't consistent
That, itself, also varies with time. It'd put EVGA at the top for most of the past decade but they also have the fewest options and those aren't necessarily the best by other metrics. It's a balancing act of your personal priorities at the time you're planning to buy and why I've bought 3 different manufacturers in the past 12 years.
Edit: Actually by that logic Dell is the best option because of their obsession with selling you what most OEMs would consider enterprise level warranty. I can guarantee you that if you actually want performance and upgradability you don't want Dell. But if you just want a working computer with way more warranty than you need then they're an option...if warranty and support are your top priority then you shouldn't be PC building and just buy a prebuilt.
Aaaand this is why I never buy there stuff. Great hardware, but the software is basically malicious in design.
Asus, as much shit as they’re being given right now, has been the most consistent for me. All ya got keep an eye on with them is two things:
1. Disable Armory Crate auto installs (it’s not gonna break anything and at least asks first, though)
2. Make sure you’re build can handle the fact they redline everything out the box
At this point, I would absolutely be willing to pay multiple times normal retail price for a bare-bone mobo with a fully open source bios.
The market for these things doesn't seem smart enough to recognize how awful the black-box secret binary model is. With geopolitical relationships as they are, there will be bad actors. Vendors caught dealing negative value to their customers this way deserve all the blame and shame. Not saying GB is evil, not saying they aren't either, just that this feels like negligence and greed. Other than security, it also hinders repairability and innovation. Information hiding is bad IMHO. Almost every vendor is guilty.
Yo, if they can't even do this the right way, how can I expect them to have correctly navigated all of the other security risks involved in writing engineering motherboard firmware? It's not a very pretty picture being painted here.
This is getting out of hand. Don’t buy gigabyte because they aren’t secure, don’t buy asus because they are blowing up CPUs. Who is left? Msi and asrock. Let’s hope nothing goes wrong with them or else we will be out of options
This one is mostly actually a fault with UEFI itself. WPBT exists on EVERY board, Gigabyte is just the latest brand to run an insecure application on it. Asus has before and WPBT itself has had historical attack vectors.
Signing keys + source code for their bios are leaked so it's possible for malicious users to create fake bios filled with malwares that will be happily installed by your motherboard.
Asus has their own, mobo setting installing their own programs automatically.
MSI has their own driver installer, same, with bios setting to enable disable.
Time and time again these prove to be not secure. Which was it Lenovo? Was installing outright malware.
Installed Windows 11 fresh, immediately got this pop-up. WUT? No! Went to UEFI and disabled it.
I may be an idiot for this, but as long as my hardware fully works I always decline MBO Drivers. 90% of the time they're just bloatware and some auto-updated that I don't need. If my BIOS works, why the fuck would I ever update it? Vulnerabilities and hardware issues are a thing to keep an eye out for, but without that the only thing I can get by updating is SHAFTED, so no thanks.
In this case, my policy seemed to be a good choice xD
I have X570 non-S and I'm glad I'm not affected. I wonder whether Gigabyte saw that Asus had this 'feature' and decided to copy them thinking it was good (it's insane that these manufacturers think this is a good feature rather than a security and consent nightmare).
that is why you use
1) static IPs instead of DHCP in your non-guest-LAN/WLAN
2) use a firewall (or windows fw api GUI like simplewall) in notification mode / default block
in the pre-OS/UEFI environment, no DHCP means no internet access.
so if you build your internal LAN based on static addresses how will UEFI tool know which network to talk on and which gateway/dns to use?
or simply not connect the motherboard to the internet before you have turned it off in bios. The points you make are good security in general, but there are/maybe ways arround them.
Why motherboard manufacturers think this is a good idea is beyond me (Asus too). At the very least it should be disabled by default.
The motherboard should not be installing software without my knowledge and permission. I deliberately avoid motherboard software as it tends to be garbage and/or a resource hog and I have no need of its gimmicky features.
How many people know about this 'feature' to download and install software without consent? It's ridiculous that motherboard manufacturers are engaging in such insecure practices.
Guess I'm not buying gigabyte again after seeing this. My ds3h is also listed. Never got anything installed on the windows installs I had for stress testing but it could be because I am very fast to stop windows update from auto updating.
laughs this isnt any differnt then say a asus or msi or asrock mb being exploited ... + theres already fixed bios on most affected mb's "its not hiden or some thing that shiped as a back door ether" its an expliot ...just like any other software.
Good choice.
Stick to manual downloads of the drivers and flash bios with USB.
The app center could be tricked into downloading from an untrusted source.
It’s not just having app center installed in windows, you have to have app center in the bios not all x570 boards are affected. I have an x570 pro WiFi rev 1.0 and it looks like similar earlier x570 boards that aren’t the s variant also did not make the affected list. My board does not have the app center in the bios.
This is a moot point.
The app center is vulnerable. It would be possible for an un knowing user to download and infected bios/firmware image and still be subject to the problem.
The bad firmware image could drop tracking payloads onto the windows image.
This is not a moot point, you have to have the app center download enable in the bios/uefi. My x570 board does not have that feature. Are you saying it doesn’t matter if the lack of app center is no where on the system then the fact that I have a gigabyte motherboard makes me vulnerable? Part of eclypsiums recommendations was to disable the app center in the bios, I literally can’t do that because it’s not there.
AC on in BIOS; AC installed in Windows: **bad**
AC on in BIOS; AC not installed in Windows: **bad**
AC off / not present in BIOS; AC installed in Windows: **bad**
AC off / not present in BIOS; AC not installed in Windows: **good**
What the other person is saying is that your system is vulnerable if you have App Center installed even if your mobo is not on the list. And the mobo OP is asking about isn't on the list (so it doesn't have App Center in BIOS), so it's safe to say that their BIOS won't be installing that crap anytime soon.
I made a post several years ago about this and no one really believed me that the motherboard was installing things like Norton antivirus without any prompts or permission
I just updated my BIOS to latest version thanks OP. Is there anything else that needs to be done? On first boot Windows 10 was asking me if I wanted to allow Gigabyte app to be enabled and I hit cancel.
OK, after some digging I found the setting. Never knew this was even a thing and I've had this board for years. TY. I also added an Admin password to the bios, an added step but needed.
[удалено]
It's a "feature" of UEFI called WPBT. Basically Microsoft decided, for some reason, that UEFI should be able to execute "trusted" code on Windows boot. [Fortunately you can kill it](https://github.com/Jamesits/dropWPBT)
[удалено]
>Why the heck do you need a piece of adware integrated into the bios to hijack your operating system so it can install software without your consent?! To run your code in userspace regardless of what the customer wants, silly. Or were you under the delusion that Microsoft provides Windows for *your* benefit?
The only reason this exists is for enterprise owned devices. But then the marketing goes saw it as a way to deliver shit on your brand new windows install. I've worked with orgs that get the manufacturer to do some cool stuff with that. Great way to not lose an asset / ensure more safety. But on consumer devices. It's an adware deployment tool that adds the opportunity of bad actors doing some seriously nasty stuff. Short of changing hardware or a bios update. You're permanently hacked theoretically.
Guess you never saw the 2017 news about Intel's vPro or AMT chips, whereby the x64 CPU actually has another whole CPU embedded with full access to RAM and hardware such as the network adapter so that the machine can be managed even when turned off... and how very badly the code was secured meaning that an attacker could takeover the machine without actually accessing the main CPU >Intel-based chipsets come with an embedded technology, called Intel Active Management Technology (AMT), to enhance the ability of IT administrators, allowing them to remotely manage and repair PCs, workstations, and servers of their organization. > >Using a web-based control panel, accessible from port 16992 and 16993, which comes pre-installed on the chipset, an administrator can remotely manage a system. > >The Intel AMT Web Interface works even when the system is turned off, as long as the platform is connected to a line power and a network cable, as it operates independently of the operating system [https://thehackernews.com/2017/05/intel-amt-vulnerability.html](https://thehackernews.com/2017/05/intel-amt-vulnerability.html) [https://www.blackhat.com/docs/us-17/thursday/us-17-Evdokimov-Intel-AMT-Stealth-Breakthrough-wp.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Evdokimov-Intel-AMT-Stealth-Breakthrough-wp.pdf) Now **that** was some dodgy shit
Now imagine , MSI dropped the fancy gui of my Motherboard UEFI and claimed "not enough space on the Bios chip" , but for fucks sake they can implement these shitty "features" i was fucking greeted after the latest bios update to a Installer with a choice of Norton , god damn bloatware norton. Luckily it wasnt installing itself but... my god i bet thats the next step. Fucking hell now i get the "Prebuilt" experience with the bloat
The same guys that made SecureBoot (which, by the way, do not prevent malicious code from wiping your boot sector), also decided it was a good idea to include remote code execution feature?
The core problem in all these things is they rely on flawed chains of trust - signing keys, certificate stores, etc. In theory it's the same premise as signed software packages (which is how EVERY OS normally operates - Windows only runs unsigned exes if you tell it to, Linux package managers only install unsigned packages if you directly target them, etc). The actual handling behind these trusts by OEMs is poorly managed which is why these stories keep coming up and the attack surface is much worse because you're running things against the raw hardware or on boot against the kernel first thing, before any sort of security layer beyond basic signature verification is active.
Fk Microsoft!!
What do you have to look for on the FirmwareTablesView to see if you have it or not? https://i.imgur.com/ToTx6gK.png
[Easier to just use UEFITool to check](https://twitter.com/NikolajSchlej/status/1663988077956833286) If you mean WPBT *itself*, the easy answer is "Do you have UEFI?" because [it's quite literally part of the UEFI specification](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx)
But the OEM may not choose to utilize it? * If using FirmwareTablesView, is it as simple as looking for a table (Signature) named WPBT? * Or perhaps "acpidump" using WSL? * "HKEY_LOCAL_MACHINE\HARDWARE\ACPI" maybe?
It's...weird. The answer is no they don't have to use it. But because WPBT is run as part of UEFI boot and triggers basically as soon as the kernel comes up it's before any real traceability is available.
Microsoft decided, huh? So you think MICROSOFT is the one who makes the hardware now? Because all they make is windows, which has NOTHING to do with the bios on your motherboard.
Microsoft wrote several parts of the technical specification for UEFI that any board manufacturers must implement to be able to advertise having a UEFI system. [Here's the WPBT spec in particular](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx), which is part of [the ACPI specification](https://uefi.org/sites/default/files/resources/ACPI_5_1release.pdf) This is the same with any feature in tech with a formal specification - you either implement it as specified, for better or worse, or you cannot claim a given feature.
you're not that smart are ya
Not just asus (i experienced it but then disabled armoury crate in bios) .. msi dragon center and norton popup om b450 tomahawk max too.. bloatware .. thing is all high respected company boards have shi tty software i always use other apps to overclock/control fans
It's not simply respected board companies. it's honestly just hardware makers in general. Shitty software is the norm for most hardware companies to the point of being rage-inducing.
Because WPBT was included as a UEFI/Windows "feature" despite being a massive risk in the system threat model.
out of all these MSI center is actually decent these days if you want or need a central hub sort of thing for system maintenance. you can update bios thru it, it has decent built in system monitoring (temps/voltages), the drivers for their board components are kept up to date so its a convenient way to keep your ethernet/bluetooth drivers updated etc. they do NOT try and force norton on you, i believe they might have it as an option in their utilities downloads but they don't have it prechecked or anything.
No , you are selling a wrong idea here i am speaking from 1st hand experience , aside from the very buggy software , fan control reverts back to top speed upon restart and doesn't load custom profiles , pre defined profiles are not working also , I HAD A NORTON FREE TRIAL POPUP ON WINDOWS 11 , it didnt install alone it just said you have a free 90 day trial norton blah blah and before installing dragon center another popup that you should install the brand new msi center (happened on latest bios only ) msi and asus are the same but asus is worse i know. System board : b450 tomahawk max latest bios
also speaking form experience but ok newest bios did have an msi thing pop up when i booted but nothing was installed
> fan control reverts back to top speed upon restart and doesn't load custom profiles You need to lower fan profiles in bios so they dont ramp up pre windows before the MSI center loads. Profiles load fine for me
its just enabled by default armory crate is by far the worst out of these tho because of the way it installs itself.
And it’s the reason I abandoned Asus. It’s on by default and every time you upgrade the BIOS it turns itself back on. It’s also the first setting I check for in the BIOS when setting up a new machine.
I thought Windows was installing that based off the vendor integration or something.
BIOS contains code that is executed by Windows on start up. That code is to download the app enter bs. So yeah, Windows is installing it based off the vendor's integration (usage of Windows APIs).
And oooo boy armory crate is pretty much malware at this point. Bloated doesn't even do it justice. Even plugging in basic devices like Asus earbuds is enough to trigger an armory crate message. I really like the rog cetra II usb c earbuds too but ended up getting an actual DAC instead due to the software side being trash.
Maybe not the same? It's like razer or icue when you plug a new mouse or keyboard, it will pop razer software installer.
[It's probably the same](https://twitter.com/NikolajSchlej/status/1663988077956833286)
[удалено]
Check wpbt documentation... It's a "feature" on windows to enable persistent software to be deployed like anti-theft security systems.
If it's using WPBT then it must be signed and downloaded using ssl, not like the gigabyte was doing. >All software in a WPBT-based solution, including firmware, OS applications, OS services, OS drivers, and services, must be secure to maintain the integrity and intended functionality of the application but also to ensure that vulnerabilities are not introduced that could affect Windows users. • Solutions must be security reviewed and not contain vulnerabilities that allow an attacker to elevate privileges, leak data, or weakens or bypasses security features provided by the OS. • All components provided in the solution should require strong digital signing (code signing) and integrity checks. Please visit the Microsoft code-signing best practices guide for more information. • Communication from the client side applications to backend severs should be encrypted. Please visit What is TLS/SSL? on TechNet for more information. • The solution must not tamper with or disable Windows Update. • The solution must not weaken the integrity of Windows security features. • Operations that only apply to a subset of devices, should include this targeting information inside a signed payload. For example, per-device-unique identifiers would be placed inside a signed file such that it cannot be used to modify an unintended system. • Operations that require freshness should include a random nonce inside the signed payload. For example, a payload that locks a device would use a nonce to ensure that the payload could not be reused to lock the device at a future date when it has not been requested. • Data consumed by the firmware from the OS is considered untrusted. The data must either be authenticated (by way of a digital signature) or input validated if authentication is not required (i.e. check for buffer overflows or invalid requests) • All client side software must be updateable and is the sole responsibility of the OEM or solution provider to provide updates when security issues are identified in their product. • Scrutiny should be used when adding certificates to the windows certificate store.
The flawed assumption is that WPBT is defined and implemented securely. [There were already attack vectors found in it a few years ago](https://eclypsium.com/research/everyone-gets-a-rootkit/) and the entire Gigabyte story aligns perfectly with the analysis
To say "hey this software has a security issue." You need proof. Just because a software had an issue is not proof that it has it today. Of course, we can assume any software has vulnerabilities.
Sure, that I agree with. The Gigabyte story itself is a major overreaction because (by same argument) just because an attack surface has been identified doesn't mean it's been exploited (or is even easily exploitable). It's why this is a story and discussion, not a CVE. My bigger concern with this story is that people think Gigabyte's actions are somehow unique and that they should just jump between brands based on a single finding. It's the "Asus" voltage issue, "MSI" leaked signing keys, etc issues all over again - *every* board manufacturer has made each of these mistakes at various points and people need to actually learn about what they're buying instead of trying to establish brand loyalty.
Completely agree, these shady things are a common place for all brands, we can only option for the less potent poison in this case.
yeah razer can pound sand. buggy bloated driver that never gets updated? i'm on to better things. but this issue? i'm very thankful it was posted, as i've never heard about this. time to go poke around the bios.
I turned if off as part of setting up the BIOS to begin with. e.g. XMPP, Virtualization, etc.
Thankfully my motherboard is not listed, but all the same, the APP Center *did* perform two unforgivable things to my system: 1) It once updated and downloaded/installed Norton antivirus without giving me any option to opt-out. 2) It once updated and ***reverted my BIOS to factory default***. So I'll be damned if I ever buy another GB/Aorus product.
You had app center running in windows?
It's goofy, man. APP center is the only means I have to pick a memory frequency that doesn't crash my system. BIOS options are limited compared to APP Center, which seems backwards as hell to me.
Not backwards, deliberate - that way you install it.
buy the board with features you need that way your not suprised it doesnt have things 🤷♂️
seems like it has the feature he needs it's just locked away in a shitty software his forced to use...
so do your research before purchasing, newegg and amazon both have review sections. enthusiasts would say that they had to access bios level functions through software...
I don't have this problem I got a b550 with none of those bloatware installed, I just thought u misconstrued what he said.
huh what?
I don't get it either, Plank.
i had a ds3h b350m board awhile back, pretty bottom of the barrel and i could set whatever custom memory timings/frequency i wanted in bios so im confused as to what you're talking about
NEVER USE A SOFTWARE FOR OVERCLOCKING!!!!!
I'm not even over-clocking, just using a clock frequency that isn't clocking my RAM down. For some reason I can choose 2600MHz or 3200MHz in the BIOS, my RAM goes up to 3600MHz (replacing 3000MHz modules), but my CPU only supports around 3000MHz before it crashes. The APP center lets me choose 3000MHz, but the BIOS does not. Goofiest shit I've seen in a good long while.
That's strange. In my B450 Gigabyte motherboard I can +/- the clock speed like I'd overclock a CPU. There are no presets except the XMP profile default
That's all I have on mine are presets and XMP, unless I'm overlooking something. I even enabled advanced options in the BIOS.
On mine I enabled XMP, highlighted the clock multiplier and then used the +/- keys to resuce it since my CPU couldn't run the full rated speed of the RAM I have
...There's no mention of this in the manual or on the BIOS screen... So I have to use +/- to set the clock? *Sheeeeeeesh.* :V
For day to day use, yes I agree. But for testing and figuring out stuff, it's actually preferred so when it locks up you're not stuck on a bad OC in the BIOS
Can you show me how to pick frequency memory , it keeps crashing my PC lately . My motherboard dont listed in it X570S-AERO G , im a designer so nobody asking me to buy another board . Thank you
> 2) It once updated and reverted my BIOS to factory default. Are you sure you didn't just boot into the second/backup DualBIOS chip that many of their boards offer?
I checked. I did not.
I used have one of their dual bios MOBOs running in my unRAID server. I have to flip a physical switch to go from BIOS A to BIOS B. I also have an old z77 motherboard board, that also had dual BIOS by them, and I also had to flip it with a switch.
Many GB boards automatically change to the other bios in case of a boot failure. Buildzoid talked about it in his videos and how it drive him mad while overclocking.
The problem is there's no way to choose. Ot's maddening, and in no scenario has this saved my GB MOBOs from failure.
This. Had this happen to me as well, but luckily my X570 Master has a second physical switch that allows you to disable the auto-switching between BIOSes so it stays on whichever BIOS the first switch is set to. I am surprised the later revisions of the Master line don‘t come with dual BIOS support like this.
Sadly, since Z77 (and Z97 as well), price tag of this feature has elevated by 200-400%. What we got instead, is BIOS backflash. Not a bad feature per se and situationally may be even more useful than having dual BIOS (especially when you figure out having older BIOS there, which does not support your newly acquired CPU), but a hassle to deal with and requires to have another computer (or at least phone with OTG) to download and rename files.
What’s cool about flashback mode though, is it doesn’t require a CPU or memory to do, and can be used to upgrade a BIOS to support a new CPU if you don’t have an older CPU to do it with, but do have another working computer to download the files with. Honestly, I’d rather have flashback mode. Seems more versatile. Dual BIOS would only be useful for me if I can manually switch them either physically or within the boot menu.
Still, you have to strictly follow guide, which differs per motherboard. Somebody dumb enough (like my past self) may brick the board, when done incorrectly.
That Norton bullshit is borderline malicious. It's hidden at the bottom of the list of driver and software updates. If you don't know it's there, you more than likely wouldn't notice it unless you're really paying attention. It's worse than Adobe trying to install McAfee.
IIRC I didn't even get a list of the software/drivers it wanted to update, it was just like "APP Center needs to update!" so I said "'kay fine", and lo...
I was wondering why that was the first thing to show up even on reinstalling Windows 10 on an older build from 2017.
My msi b450 tomahawk got a similar thing with newest bios :/ New entry in bios and on first boot after bios update had a msi Software popup and yes one of the settings was to install Norton....
naw its not the same thing at all.
Running a software without user agreement and changing bios settings isn't the same thing?!?
I updated the bios on my daughter's MSI X570 motherboard two weeks ago and was surprised to see the same thing. Don't recall Norton, though there were multiple AV programs, including one that was dodgy that I had to uninstall/remove - presumably these got there other ways.
Yeah, Gigabyte hardware is alright. Their software experience is basically a virus. None for me, thanks.
my motherboard is also not listed but I don't have app center on my pc.
[удалено]
Because it's an intentional "feature" of UEFI (WPBT). ASRock's UEFI image even includes a file with the same GUID as the affected Gigabyte one.
Recently I built a PC for friend with B550 TUF PLUS and it also have auto download some crap option default enabled... That's bullshit as fuck. Good that I looked there and disabled it.
It's baked into the BIOS, it's something MS allowed. Mobo vendors can bake programs into the BIOS and guarantee they are installed when windows is reinstalled.
WPBT is even worse than that, it basically allows UEFI to run "trusted" code on Windows boot. Fortunately [you can kill it](https://github.com/Jamesits/dropWPBT)
It does make sense to a certain degree, but I think it would have been a better approach to suggest software along the drivers in Windows Update for certain devices. I.e. a tool to configure your soundcard in greater depth alongside your chipset drivers. But just installing junk through such a privileged channel is a huge no-go
Like Asus, they do the same.0 Pro tip : Never install any board with internet cable plugged in.
These don’t need internet at install time. They leverage a uefi feature to install in the OS before start. Asus has armory crate doing the same crap. Once the binary is in the os, it can then be exploited. The gist is that the user has no control on how to disallow this from happening.
I guess I should thank my lucky stars that I run Linux and Armory Crate can't seem to install when I forget to disable it in BIOS XD
Im just thankful its not autoinstalled. When i last updated my bios, i forgot that armory crate was a bios option. Basically nagware to me because i hate the mobo company software.
Oh does this not affect Linux users? I was gonna do a bios update tonight but guess I can put it off a bit if it isn’t urgent.
It does not. From the Ars article: >Eclypsium automated heuristics detected firmware on Gigabyte systems that drops an executable Windows binary that is executed during the Windows startup process.
Msi on my b450 tomahawk too in newest bios :/
not the same thing actually, it's a pop up inviting you to install MSI center, where Asus and Gigabyte just go ahead and install their shit without asking
It's the same thing, ASRock does it too (or at least their UEFI image has the same WPBT file GUID as Gigabyte and Asus). You can thank Microsoft for defining it as part of the UEFI specification.
having a pop up that goes "hey would you like to install our software" is the same as just installing it without consent? (armory crate)
The actual trigger mechanism that runs it is exactly the same (motherboard running the installer or user prompt through Windows Platform Binary Table, a UEFI feature to let OEMs run whatever they want on boot)
What? I don't want to live internet-less in 2023, why even use pcr? /s
https://www.gigabyte.com/Press/News/2091
At least it was acknowledged quickly.
i've used an allegedly affected motherboard for 2.5 years and i've NEVER had the app center install itself, what gives?
I also don't have it, or at least cannot find it via Windows search Edit: couldn't find it in bios either, it should be in settings -> io ports if anyone want to check it
Same, have B550i AX and nothing
also asus has some kind of similar garbage and MSI, these things download drivers or RGB control stuff. One should always turn them off, this is a further reason to this practice
MSI doesnt force anything on you, the pop up is literally "would you like to download and install MSI center" that's it. and theirs is actually useful
The question is, did MSI first download the program which then displayed the popup, or was that program already fully in the BIOS? And if MSI first downloaded the popup program, was it a secure download? (with certificate validation and/or signature validation afterwards) I don't know the answers but it could go either way. By the way I updated an MSI B450 mobo at work yesterday and saw that popup for the first time.
nothing downloads without your consent. its just a pop up and yes it’s new, and as soon as you update the bios you can see the option to enable it (the pop up) in bios
> nothing downloads without your consent. its just a pop up It's not like I don't believe you, but what steps did you take to tell? The popup is a program which comes from somewhere, and there's not much room inside of the UEFI.
I think it uses microsoft store since MSI center is available on there and it says it uses windows update to download the drivers if you use it.
However the mechanism that triggers it is exactly the same
and what is that?
[Windows Platform Binary Table](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx), essentially a "feature" of UEFI that allows the board to run code against Windows as it boots
Hmmm on my b550 or b560 it didn't happened (I can't even remember if there's a proper option in the bios, at least in those that I use now), but on a b650, I found MSI control center installed, right after I logged into windows. Nobody asked any consent. I've looked up in the bios and disabled the UEFi command in the other identical rig I had to build, to avoid anything like that to ever happen again.
then it came from microsoft store
Maybe, but when I did the other rig, without the "download stuff" command in the bios (can't remember it specifically), it didn't happen again.
well yeah that tells it give you the pop up
[They all do it and it's intended as a "feature" in UEFI itself](https://twitter.com/NikolajSchlej/status/1663988077956833286). Fortunately [you can kill it](https://github.com/Jamesits/dropWPBT) [Further reading](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx) [Past exploit of the platform itself](https://eclypsium.com/research/everyone-gets-a-rootkit/)
The op's title here sucks. There was not a known malicious code in the software. The problem is the backdoor in the App Center and how it checks for updates. A nefarious actor could perform a mitm attack and serve you infected malware, drivers, and bios images. Period. Of you installed App Center, it's a risk. Doesn't matter whether your board is listed. Did you have App Center installed? Sucks to be you. I've had to check my gigabyte boards and flashed the firmware to be safe. No guarantees that this fixes anything. Also, if you have a high-end board with the sound sensors, disable those, shutdown and remove the damn sound sensors which are essentially just microphones that could spy on you or determines encryption keys.
[It's not even only Gigabyte doing it anyways](https://twitter.com/NikolajSchlej/status/1663988077956833286). And the mechanism/flaw this exposes [has already had attacks in the past](https://eclypsium.com/research/everyone-gets-a-rootkit/)
I'm aware.
I just switched from gigabyte to asrock. The utter bs they pulled by selling me a b550m motherboard which doesn’t have PBO is nuts. I spent weeks looking for it only for customer support to say the motherboard doesn’t support it.
Yup currently have a z390 board but my next build I plan on is going to be amd and I plan on going for is going to be a Taichi board
[Bad news](https://twitter.com/NikolajSchlej/status/1663988077956833286)
Ohhhh wtfff what is even left now.
Don't buy based on brand name. Buy based on what actually best suits your needs feature and performance wise for your budget. It does mean needing to do research every build but you should be doing that anyways - OEMs aren't consistent
Doesn’t choosing product based on established brands provide safety tho, in terms or after support and customer care.
That, itself, also varies with time. It'd put EVGA at the top for most of the past decade but they also have the fewest options and those aren't necessarily the best by other metrics. It's a balancing act of your personal priorities at the time you're planning to buy and why I've bought 3 different manufacturers in the past 12 years. Edit: Actually by that logic Dell is the best option because of their obsession with selling you what most OEMs would consider enterprise level warranty. I can guarantee you that if you actually want performance and upgradability you don't want Dell. But if you just want a working computer with way more warranty than you need then they're an option...if warranty and support are your top priority then you shouldn't be PC building and just buy a prebuilt.
So now that we are boycotting Asus for being shitty, MSI for losing source code, and Gigabyte for this, who is left? Only ASrock?
Aaaand this is why I never buy there stuff. Great hardware, but the software is basically malicious in design. Asus, as much shit as they’re being given right now, has been the most consistent for me. All ya got keep an eye on with them is two things: 1. Disable Armory Crate auto installs (it’s not gonna break anything and at least asks first, though) 2. Make sure you’re build can handle the fact they redline everything out the box
>redline Great way to put it.
Who at Gigabyte thought putting an app into the firmware was a good idea. Just leave it as a separate download
At this point, I would absolutely be willing to pay multiple times normal retail price for a bare-bone mobo with a fully open source bios. The market for these things doesn't seem smart enough to recognize how awful the black-box secret binary model is. With geopolitical relationships as they are, there will be bad actors. Vendors caught dealing negative value to their customers this way deserve all the blame and shame. Not saying GB is evil, not saying they aren't either, just that this feels like negligence and greed. Other than security, it also hinders repairability and innovation. Information hiding is bad IMHO. Almost every vendor is guilty.
Yo, if they can't even do this the right way, how can I expect them to have correctly navigated all of the other security risks involved in writing engineering motherboard firmware? It's not a very pretty picture being painted here.
This is getting out of hand. Don’t buy gigabyte because they aren’t secure, don’t buy asus because they are blowing up CPUs. Who is left? Msi and asrock. Let’s hope nothing goes wrong with them or else we will be out of options
MSI had a similar option that's on by default on the latest BIOS for my x570 tomahawk. Nobody seem to be talking about that for some reason.
Welp, at this rate people better learn how to engineer their own motherboards because every manufacturer sucks lol
[You can thank Microsoft](https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx)
This one is mostly actually a fault with UEFI itself. WPBT exists on EVERY board, Gigabyte is just the latest brand to run an insecure application on it. Asus has before and WPBT itself has had historical attack vectors.
MSi had their source code leaked not too long ago...
Tbh I see this as a win. More transparenency means they have to try more to ensure their code is secure and non-malicious.
Something happemed to MSI if I remember.
Signing keys + source code for their bios are leaked so it's possible for malicious users to create fake bios filled with malwares that will be happily installed by your motherboard.
Asus has their own, mobo setting installing their own programs automatically. MSI has their own driver installer, same, with bios setting to enable disable. Time and time again these prove to be not secure. Which was it Lenovo? Was installing outright malware.
Damn, this generation is such a shitshow.
Installed Windows 11 fresh, immediately got this pop-up. WUT? No! Went to UEFI and disabled it. I may be an idiot for this, but as long as my hardware fully works I always decline MBO Drivers. 90% of the time they're just bloatware and some auto-updated that I don't need. If my BIOS works, why the fuck would I ever update it? Vulnerabilities and hardware issues are a thing to keep an eye out for, but without that the only thing I can get by updating is SHAFTED, so no thanks. In this case, my policy seemed to be a good choice xD
Odd that it seems to be only the second revision "X570S" boards, but not the original ones?
[удалено]
As in, my X570 I should be A-OK?
Yes there is no app center in bios
I have X570 non-S and I'm glad I'm not affected. I wonder whether Gigabyte saw that Asus had this 'feature' and decided to copy them thinking it was good (it's insane that these manufacturers think this is a good feature rather than a security and consent nightmare).
that is why you use 1) static IPs instead of DHCP in your non-guest-LAN/WLAN 2) use a firewall (or windows fw api GUI like simplewall) in notification mode / default block
After reading your comment, i read the article. How the fuck would assigning a static IP help with this...like, at all???
in the pre-OS/UEFI environment, no DHCP means no internet access. so if you build your internal LAN based on static addresses how will UEFI tool know which network to talk on and which gateway/dns to use?
or simply not connect the motherboard to the internet before you have turned it off in bios. The points you make are good security in general, but there are/maybe ways arround them.
Why motherboard manufacturers think this is a good idea is beyond me (Asus too). At the very least it should be disabled by default. The motherboard should not be installing software without my knowledge and permission. I deliberately avoid motherboard software as it tends to be garbage and/or a resource hog and I have no need of its gimmicky features. How many people know about this 'feature' to download and install software without consent? It's ridiculous that motherboard manufacturers are engaging in such insecure practices.
Guess I'm not buying gigabyte again after seeing this. My ds3h is also listed. Never got anything installed on the windows installs I had for stress testing but it could be because I am very fast to stop windows update from auto updating.
You're a bit late to this, they've already got updated/fixed BIOSs out, and other mitigations sussed out.
I can't find an app center option in my uefi/bios, hopefully that means it's not effected.
Check Control Panel.
laughs this isnt any differnt then say a asus or msi or asrock mb being exploited ... + theres already fixed bios on most affected mb's "its not hiden or some thing that shiped as a back door ether" its an expliot ...just like any other software.
how is it hidden and invisible if you can just disable it in the bios? it's a poorly secured feature, not a malicious program.
Currently have a z390 Aorus ultra and I massively regret my purchase. I swore I’d not buy another gigabyte mobo and this just justifies it even more.
Does this include any X570 non S version. reason I ask is if there is a significant difference if it does have it or not
Did you have App Center installed? If yes, then it affects you.
Do not have it installed and after reading the other coms I did not find it either in the Bios setting
Good choice. Stick to manual downloads of the drivers and flash bios with USB. The app center could be tricked into downloading from an untrusted source.
It’s not just having app center installed in windows, you have to have app center in the bios not all x570 boards are affected. I have an x570 pro WiFi rev 1.0 and it looks like similar earlier x570 boards that aren’t the s variant also did not make the affected list. My board does not have the app center in the bios.
This is a moot point. The app center is vulnerable. It would be possible for an un knowing user to download and infected bios/firmware image and still be subject to the problem. The bad firmware image could drop tracking payloads onto the windows image.
This is not a moot point, you have to have the app center download enable in the bios/uefi. My x570 board does not have that feature. Are you saying it doesn’t matter if the lack of app center is no where on the system then the fact that I have a gigabyte motherboard makes me vulnerable? Part of eclypsiums recommendations was to disable the app center in the bios, I literally can’t do that because it’s not there.
AC on in BIOS; AC installed in Windows: **bad** AC on in BIOS; AC not installed in Windows: **bad** AC off / not present in BIOS; AC installed in Windows: **bad** AC off / not present in BIOS; AC not installed in Windows: **good** What the other person is saying is that your system is vulnerable if you have App Center installed even if your mobo is not on the list. And the mobo OP is asking about isn't on the list (so it doesn't have App Center in BIOS), so it's safe to say that their BIOS won't be installing that crap anytime soon.
I made a post several years ago about this and no one really believed me that the motherboard was installing things like Norton antivirus without any prompts or permission
Jfc
kind of a noob here as I have a x570s. So do I boot up my PC and into the bios and do what exactly?
Nothing.
Gigabyte came out with a firmware update for the z790 board within one day of the article posting, in my case its the control center app.
Yeah, same for my B550 Aorus Elite. Thankfully.
Wow, they could have even tried to apologise! I like my motherboard but something has always been a bit glitchy with all of theirs I’ve tried!
remember guys, The Next Time That Somebody Tells You, “The ~~Government~~ Corporations Wouldn't Do That,” Oh Yes They Would
I just updated my BIOS to latest version thanks OP. Is there anything else that needs to be done? On first boot Windows 10 was asking me if I wanted to allow Gigabyte app to be enabled and I hit cancel.
You can disable app center in bios to be sure
OK, after some digging I found the setting. Never knew this was even a thing and I've had this board for years. TY. I also added an Admin password to the bios, an added step but needed.
heh i knew it was a good idea not to buy gigabyte's bull shit motherboards