Motherboards with board-level rootkit??

vacip · March 30, 2023

Hello,

Shopping for a MOBO for i7 13700k, i watched Gamer's Nexus's recent rant on MOBOs.

https://www.youtube.com/watch?v=bEjH775UeNg

He mentioned that ASUS installs, directly on the freaking board, practically a rootkit that installs Armory Crate on your system. I didn't want to believe this, but a quick search yielded some results where people complained that after clean Windows install on an Asus laptop, some bloatware just magically installs itself, circumventing all OS-level restrictive measures by the user.

Beyond how freaking annoying and invasive this is, this is also a huge vulnerability begging to be exploited that I'm not willing to buy into.

So, please help me:

1. (Rethorical) How the hell is the PC building community not foaming in the mouth?

2. Is this real?

3. Is this only Asus, or do other board manufacturers embed similar artificial vulnerabilities to push their bloatware?

3. a) Are all 700 chipset Asus boards affected?

3. b) Are there manufacturers that don't do this?

(If you think Armoury Crate is a great tool, good, more power to you. But frankly I don't care, this is not what the question is about.)

Thank you!

SorryBella · March 30, 2023

6 minutes ago, vacip said:

Is this real?

Yes.

6 minutes ago, vacip said:

Is this only Asus, or do other board manufacturers embed similar artificial vulnerabilities to push their bloatware?

Gigabyte also known to install their App center off the board for "RGB fusion functionality" on its recent BIOS updates by default unless if you opt out. Honestly its better to find one where you can opt out of it like Gigabyte, or none at all which so far as i know Asrock and MSI havent done.

mariushm · March 30, 2023

Lenovo also does it on some of their motherboards.

They have code in the BIOS to silently install their Lenovo Vantage application in Windows when Windows is started and user is logged in.

I have it disabled on the work computer, because it's almost pointless and started showing ads after some updates.

Technically, it's not a rootkit, and it's a legitimate feature. You can disable the option at any time, a rootkit is more hidden, like DRM ... and in theory there are free tools out there that you can use to edit the bios and make a customized bios that removes those options and the code from the Gigabyte bios. UEFI bioses are kind of modular, and such features are often introduced as sort of extensions or plugins, so they can be disabled or removed completely from bios.

RONOTHAN## · March 30, 2023

23 minutes ago, vacip said:

2. Is this real?

Both the ASUS boards I've used recently (Z690 Apex and X670-P Prime) did this.

23 minutes ago, vacip said:

Is this only Asus, or do other board manufacturers embed similar artificial vulnerabilities to push their bloatware?

Gigabyte has started doing this, and I'm pretty sure I remember an MSI board doing it to me at some point but I forget which one and my current one doesn't so take that for what you will.

25 minutes ago, vacip said:

3. a) Are all 700 chipset Asus boards affected?

3. b) Are there manufacturers that don't do this?

a) I'm not aware of one that doesn't.

b) I haven't seen that behavior on an ASRock board ever, but the last ASRock board I used was a Taichi in 2020, and a lot can happen in 3 years. I'd say it's a safe assumption that all the major board vendors do this.

Personally it's more annoying that anything, it's generally one of the first things I disable and it stays disabled, and I can understand why they want to push their motherboard utilities with it, but I can understand the cyber security concerns with this type of feature if ASUS inevitably gets hacked, this would be a pretty good target.