Wait, they actually modified the underlying SOURCE CODE of Windows and compiled their own version to install? Not just changed some of the default settings in their image, like bundling software? How is that even allowed? If I'm not getting code that was finalized and signed by Microsoft, I'm not getting Microsoft Windows which I paid for and it may as well be a backdoored-to-hell Chinese knockoff. Or is this a mistranslation or poor wording by someone who doesn't speak strong English (and maybe depended on AI)?
Chinese PC-maker Acemagic customized its own machines to get infected with malware
Chinese PC maker Acemagic has admitted some of its products shipped with pre-installed malware. YouTuber The Net Guy found malware on Acemagic mini PCs when he tested them in early February. He didn't have to work hard to find it: within a few minutes of booting the machine, Windows Defender reported the presence of the …
COMMENTS
-
-
Thursday 29th February 2024 08:17 GMT Anonymous Coward
In this context I am assuming the Source Code is the default windows install image and the changes made were OEM modifications to install additional software & drivers as part of the windows install.
This used to be known as slipstreaming (probably still is) and was / is a fairly normal way for a manufacturer to ensure that the drivers for all hardware in the machine are already present & installed before the first time the end user boots the machine. this was also the way most of the pre-installed extra software (trial anti-virus etc) are added.
The key difference is that normally these extra install packages are signed and won't install without the signature but this manufacturer told the windows installer to use unsigned driver / software packages and skip the signature checks for those drivers, this meant those drivers could be replaced (in the factory or via some other transmission method) without windows kicking up a stink.
-
Thursday 29th February 2024 09:17 GMT Anonymous Coward
They're previously said - before the more recent videos came out, sparking off the current PR push - that a subcontractor who made their Windows images had dumped malware into the images and that it totally wasn't their fault, guys.
Making a clean slipstream/OEM/OOBE is something that any semi-competent engineer should be able to do, and making sure it's clean before signing it off for release is something any competent engineer should be able to verify. Malware in the image is either dangerous incompetence, or extremely deliberate malicious actions. Nothing else.
AceMagic - and whatever ODM group owns that brand and ultimately calls the shots - need to just get out of the industry.
-
Friday 1st March 2024 00:30 GMT Anonymous Coward
OEM imaging has been a dumpster fire for ages
Due to lack of co-ordination, complacency, and a total absence of QC resources to keep the firmware/software up do date, most contract manufactures and OEMs rarely update their shipping images, and signature checks and supply chain validation have been slow going.
I had to help one of the companies I work for mop up the mess when our hardware partner used an infected thumb drive to transfer our latest production image onto the live environment on the production line. For bonus points (and extra egg on their face) the same people that were on the call to ream out our overseas counterparts made the exact same mistake less than six months later. All calls during the post incident investigation to tighten up both our internal and our partner's workflows fell on deaf ears, beyond issuing both parties a new pair of thumb drives that were to be used exclusively for the task.
Thankfully the shame of the two incidents gave both the people responsible a shared bond of trauma, and since they were on a first name basis managed to personally make sure the new images made it to production without touching tainted media for the duration I was there. No idea what happened after that.
-
-
-
Thursday 29th February 2024 09:07 GMT Necrohamster
Modifying source code?
I'd imagine that modding the source code is a big no-no in the OEM's agreement with MS.
Most likely they were imaging their machines with a dodgy copy of Windows they got from BitTorrent.
I guess the infection was unwitting as it got picked up by Defender when the end user turned on the PC. Also shows they don't do much (or any?) post-install testing.
It's hardly a first though. We've seen the same kind of thing before with cheap Android phones and TV boxes.
-
Thursday 29th February 2024 17:29 GMT doublelayer
Re: Modifying source code?
Probably not. A lot of the companies making hardware with low margins outsource large chunks of the work to other companies that do it in bulk. This is how you end up with a thousand Android products that all use the same update server. This works because that update server only ever returns the "you are up to date" message. They don't have to modify the source as the thread above this one explains what was almost certainly the mode of infection. Whoever made the image, whether at this company or at someone they contracted with, included, either through malice or incompetence, some malware, and nobody checked it. If the person was being malicious, they were still incompetent because they couldn't infect it well enough to prevent it being detected and removed by Defender immediately on boot, so we're not dealing with a criminal genius here.
That is still probably a good reason not to buy from this company because they're making it clear that they don't care about doing anything correctly. I am willing to buy Windows machines from dodgy-looking companies for myself since I am comfortable wiping and reimaging them when received, but I wouldn't buy them for anyone else. This is also why I tend not to buy any Android devices from companies like this; I know what's likely to be in there and I do not have any reason to think I can get it all out. My rule is that, if I don't know where the update server is, it's an immediate rejection.
-
Thursday 29th February 2024 22:50 GMT david 12
Re: Modifying source code?
A big chunk of the Chinese electronics industry is basically open source -- schematics, layout, components, documentation and software. The entry bar is low, because everything is available for copying. There's no requirement that the producer actually understand any particular part of the process -- just a production company, not a design company.
-
-
-
-
-
Friday 1st March 2024 00:36 GMT Anonymous Coward
Sadly, yes I can
That doesn't take the ring of something like truth out of what you said. But I have had to wipe and re-install so many HP machines to get rid of the shitware they pack on that they may not be the right example. Worse, it's totally obvious that HP is getting PAID to do it, where this at least plausibly COULD be an innocent screw up.
HP also uses the same overseas ODMs to build most of their laptops and SFF machines. Could literally be coming off the next assembly line over from the same factory that screwed up these machines.
-
-
Thursday 29th February 2024 21:44 GMT HastobeV8
There's more to this story
There is more to this than they are saying. I bought a similar mini pc from a sister brand (same parent company) called nipogi. That also contained a browser spyware pre installed in Google Chrome (which was odd in itself in being pre installed). Feels like this is a systemic problem at the company.
-
Thursday 29th February 2024 22:48 GMT captain veg
pre-installed
I've bought a fair few mini-PCs over the years, but none came with Windows (or anything else) pre-installed. A small number ended up with it installed by me, but without, rather obviously, all the crapware that's normally "bundled" on to the unwitting consumers. This is how it should be.
-A.
-
Monday 4th March 2024 09:27 GMT Anonymous Coward
I ended up getting one of these mini PC shipped to me from Amazon. Complete with the spyware mentioned in the article. I immediately called Amazon support to inform them of this. The Amazon CSR I spoke with apologize to me at least five times, before transferring my call transcript to their internal security department. I was thanked profusely for bringing this to their attention, and was told the matter would be dealt with on their end.