Foistware takes-on a new pervasiveness..

http://blogs.zdnet.com/security/?p=3828

Bad enough the foisted copy of Norton or McAfee that greets you with a
registration demand the first time you use your new computer. This takes the
biscuit, though. LoJack is software burned-into the BIOS which is only of any
use if you subscribe to the third-party service which sponsored this burn-in,
and which (according to researchers) opens your computer to exploits even if
you don't.

Plus, you can't remove it. At least, not without something like an EEPROM
programmer.

From what I've been able to dig-up, the BIOS module, if activated, writes
several DLLs to the windows\system folder such that they are launched at
startup. These phone-home to the vendor's site once a day to report the
computer's security status. They include an function to remotely wipe the
disk on command from the site. The danger here is that malware could
similarly activate the BIOS module, but change the URL it phones-home to,
giving the intruder the ability to wipe the disk, or other malicious acts.
Therefore any computer which has had malware on it is at risk of carrying an
exploited copy of this, and even if the malware has been completely removed
(or even the hard-disk changed!) the compromised BIOS module may still pose
a threat.

As for me, I'm just glad I'm using an unaffected model.

I think.

Anteaus wrote:
http://blogs.zdnet.com/security/?p=3828

Bad enough the foisted copy of Norton or McAfee that greets you with a
registration demand the first time you use your new computer. This takes the
biscuit, though. LoJack is software burned-into the BIOS which is only of any
use if you subscribe to the third-party service which sponsored this burn-in,
and which (according to researchers) opens your computer to exploits even if
you don't.

Plus, you can't remove it. At least, not without something like an EEPROM
programmer.

From what I've been able to dig-up, the BIOS module, if activated, writes
several DLLs to the windows\system folder such that they are launched at
startup. These phone-home to the vendor's site once a day to report the
computer's security status. They include an function to remotely wipe the
disk on command from the site. The danger here is that malware could
similarly activate the BIOS module, but change the URL it phones-home to,
giving the intruder the ability to wipe the disk, or other malicious acts.
Therefore any computer which has had malware on it is at risk of carrying an
exploited copy of this, and even if the malware has been completely removed
(or even the hard-disk changed!) the compromised BIOS module may still pose
a threat.

As for me, I'm just glad I'm using an unaffected model.

I think.

Some of this is just what malware could do to you anyway. The novelty
is that if your computer is stolen and compromised, even Windows reie!
nstalled from what you describe, this thing will override and still
attempt to perform its security function.

Spoofing the service's Web site with DNS interference is one approach
that comes to mind, but you hope the system also has enough security
so that it can distinguish its genuine home site from fake.

If relatively few people are using this service to protect their data,
then either they're paranoid or their data is very, very valuable. An
interesting target for hacking.

However, if "flush" is the only command that can be given from the
server to the PC, malicious opportunities are limited. I'm not sure
exactly how you'd do it, threaten damage maybe, so I suppose I'd
better stay honest. Well, wait. You'd have to hack the server and
get the customer list, and maybe wipe some victim hard disks
randomly. Then write to other customers and say you'll hack the
service /again/ unless they pay ransom on their own data. Well, more
like protection money. And so they say something back to you that I
won't write and they tighten up their data backup process. Huh.
Okay, you hack the web site, steal customer data, /don't/ demonstrate
your powers. . nope. Same problem, you tell your victims about this,
they just make their backups.