[SOLVED] Motherboards with built-in rootkit??

vacip

Distinguished
Apr 23, 2013
22
4
18,515
Hello,

Shopping for a MOBO for i7 13700k, i watched Gamer's Nexus's recent rant on MOBOs.

View: https://www.youtube.com/watch?v=bEjH775UeNg




He mentioned that ASUS installs, on the freaking board, practically a rootkit that installs Armory Crate on your system. I didn't want to believe this, but a quick search yielded some results where people complained that after clean Windows install on an Asus laptop, some bloatware just magically installs itself, circumventing all OS-level restrictive measures by the user.

Beyond how freaking annoying and invasive this is, this is also a huge vulnerability that I'm not willing to buy into.



So, please help me:

1. (Rethorical) How the hell is the PC building community not foaming in the mouth?

2. Is this real?

3. Is this only Asus, or do other board manufacturers embed similar artificial vulnerabilities to push their bloatware?

3. a) Are all 700 chipset Asus boards affected?

3. b) Are there manufacturers that don't do this?



(If you think Armoury Crate is a great tool, good, more power to you. But frankly I don't care, this is not what the question is about.)



Thank you!
 
Solution
....

3. a) Are all 700 chipset Asus boards affected?

...

Can't say for 700 chipset boards but I have an Asus TUF B550m Gaming Plus and I can definitely say it has the same Armoury Crate auto-install rootkit. And yes, there is a BIOS option to disable the download and install, but you have to know ahead of time to disable it or at first boot into Windows it will download and install the services.

But lets add more to the root-kit aspect of this thing: You have to go looking for another Asus application to un-install it as they don't include un-installers with the distribution. Even then the services do not get removed, you have to find them and then use another Windows command line administrative tool - SC, System Control...
Hello,

Shopping for a MOBO for i7 13700k, i watched Gamer's Nexus's recent rant on MOBOs.

View: https://www.youtube.com/watch?v=bEjH775UeNg

He mentioned that ASUS installs, on the freaking board, practically a rootkit that installs Armory Crate on your system. I didn't want to believe this, but a quick search yielded some results where people complained that after clean Windows install on an Asus laptop, some bloatware just magically installs itself, circumventing all OS-level restrictive measures by the user.

Beyond how freaking annoying and invasive this is, this is also a huge vulnerability that I'm not willing to buy into.

So, please help me:

1. (Rethorical) How the hell is the PC building community not foaming in the mouth?

2. Is this real?

3. Is this only Asus, or do other board manufacturers embed similar artificial vulnerabilities to push their bloatware?

3. a) Are all 700 chipset Asus boards affected?

3. b) Are there manufacturers that don't do this?

(If you think Armoury Crate is a great tool, good, more power to you. But frankly I don't care, this is not what the question is about.)

Thank you!
NO, there are bios options to not install the Armoury Crate and the My Asus apps. You just have to turn them off but some builders are too lazy to examine each of their bios options so they don't know they need to change them.

Some people will rant about anything for clicks and advertising dollars.
 
  • Like
Reactions: vacip
well, the Asus logo on back of motherboard being a "feature" is pushing it a little too far. Only if Asus has invented transparent Cases and motherboard trays will having anything on back of the board make any sense. Or doublesided MB that don't need a backplate... not sure how you mount them... but anyway.

It is an BIOS option to turn it off but not many people do read the manuals anymore and the response to that from MB makers is to use even smaller print and try to reduce costs... but if I compare an Asus manual from 20 years ago to one from 5 years ago, the newer one lacks so much detail.

It is not a well advertised feature, we started seeing its effects about a year or so ago. It would run after the 1st start up of windows and install hopefully the newest version of armory crate. You can't get drivers from Asus any other way.

Replacing useful features with non useful ones that look good isn't progress.
 
  • Like
Reactions: vacip
Yeah, my Asus Tuff x570 use to always yell at me to install Armory create, terrible software, though my board also allows you to control the colors in the bios, so I don't need it, thankfully my board does have an option to stop it asking to download Armory create though it was hidden pretty well.
 
  • Like
Reactions: vacip
....

3. a) Are all 700 chipset Asus boards affected?

...

Can't say for 700 chipset boards but I have an Asus TUF B550m Gaming Plus and I can definitely say it has the same Armoury Crate auto-install rootkit. And yes, there is a BIOS option to disable the download and install, but you have to know ahead of time to disable it or at first boot into Windows it will download and install the services.

But lets add more to the root-kit aspect of this thing: You have to go looking for another Asus application to un-install it as they don't include un-installers with the distribution. Even then the services do not get removed, you have to find them and then use another Windows command line administrative tool - SC, System Control Manager - to delete them.

If you ever reset CMOS or update BIOS you have to be VERY DILIGENT and disable that BIOS option at first restart or you go through it all over again if the system's connected to the internet.

Even if you take issue with calling it a root-kit, mainly because it's not exactly nefarious, it's definitely a back-door into your system that Asus plants without your knowledge and without your opt-in. I'd like to think the signed WHQL requirements Microsoft is imposing ever more strictly would rectify the blind installing, lack of bundled uninstaller and incomplete uninstallation. I'm certainly not going to take any chances by putting myself through all that again to test it out though.

I do get motherboard drivers by direct download from the motherboard's support site. Available are AMD chipset, audio, LAN, RAID and maybe some others. All I use are the audio drivers; I'd get them direct from Realtek except Asus uses a propietary variant of the codec chip so I can't.

These problems in addition to a couple other annoying cheap-outs (no VRM temp sensor report, no DIMM voltage sensor report) make this up-market priced board a bad deal. This is the last Asus board I'll ever buy, to be sure.
 
Last edited:
  • Like
Reactions: vacip
Solution
How the hell is the PC building community not foaming in the mouth?
Well, they sure didn't complain when Intel put an always-running computer within all Intel chipsets starting in 2008, which can read and modify the contents of system memory and even send what it likes out over the internet with its own networking stack that the main computer cannot detect. Because the goobermint asked them nicely to, or else the terrorists win. And of course AMD did the same in 2013.

Sure, having software embedded in the BIOS is a security risk because it runs below Ring 0 (kernel), in Ring -1 so nothing kernel level can detect it. Especially when it calls for the installation of software (Ring 3) to be downloaded over the internet--such a thing could obviously be hijacked. But it's probably way less risky than an entire undocumented computer monitoring everything you do and which has since been found to have a string of security vulnerabilities.
 
Well, they sure didn't complain when Intel...

And then there's Windows10/11's constant telemetry stream back to the developers. That certainly got a lot of attention with the launch of Win10, but seems to have died down now.

But there is a difference, mainly that Microsoft and Intel (WinTel) are (IBM aside) pretty much the inventor of the PC and still at the very top of the tech train that drives it's future development, especially important where it concerns security and privacy. AMD is too, maybe to a lesser extent but they have to be part of the extreme low-level security measures (watch-dog processors, TPM's) increasingly necessary for them to be effective on their systems. Point being: these firms not only have a HUGE financial interest in doing what they do right but they already get a massive amount of oversight by the technology working groups where much of their work is reviewed and discussed in order for it (and everyone else) to be standards compliant.

So to me it's not so much that these things are built-in as how readily they may be subverted for nefarious purposes. In the case of Microsoft, Intel and AMD: they get enough oversight from tech working groups, white-hat hackers and etc. I think they'll find out their weakness to vulnerabilities in short order, as they have by finding the several vulnerabilities that have required BIOS updates for many Intel and AMD systems.

Asus, however, gets very little oversight for this sort of thing...even this article from GamersNexus seems to come as a big surprise. But there's much more: remember that they are just another of the many PC components mfr's that are highly dependent on facilities in mainland China to make a buck in a cut-throat competitive market. We all know the CCP is eager to spy on the private lives not only of their own citizens but the rest of the world. They have to be slathering to have access to this kind of back-door into so many computers throughout the world.

Just how soon before their military grade hacking teams crack whatever security Asus has and manage to squeeze in their own code with these BIOS initiated un-requested installs?

Might they not already have?

Would Asus care if they had? might they instead want to preserve whatever special relationships they have with the CCP?
 
Last edited: