ASUS Z390 Motherboards Install bloatware from the UEFI onto your "Clean" Windows Installation

That’s right, they packed a EXE installer that autoruns during Windows Installation to add ASUS bloatware onto your supposedly clean OS installation.

This is pretty much the perfect attack vector for replacing that executable with pretty much ANY executable, which is the scariest part. Let alone the privacy implications, where the software doesn’t prompt the user regarding data collection policies in the EU.

Remember that botched version of Audacity on FossHub a while back? As an April Fools prank, a technician can basically load that EXE which deletes your MBR/GPT so that Windows can never be installed on that motherboard.


Seems to be option which is great, and think this news should be more upfront about that, but still for myself that’d be annoying if its like having to go disable motherboard audio every damn time

aaaand, basically that means that I get to restart and go disable that

TBH, I think that there should be option to download OS installer and I first thought this one when my internet became faster than regular USB stick :man_shrugging:t2:

The worst fact is that MS ALLOWED Mobo vendors to do this under ACPI WPBT specification.

If you are wrapped in foil, now is the best time to go Coreboot.

This also puts risk to duel booting if you’re wrapped in foil.

1 Like

I agree that this is indeed a suitable vector, however, wouldn’t that require physical access the the machine?

Like I said, a technician with physical access before the end user gets their machine can easily pull a April Fools prank and replace the WPBT binary with a MBR wiper and give that to someone.

Considering how easy it was for FossHub to get compromised with MBR wiping binaries, You bet someone can replace the WPBT binary with a MBR wiper or a rootkit. (Which this ASUS software is already a rootkit)

The fact they pull this without any prompting and by default is absurd, it should be an opt in. For WIndows, you should have some kind of optional menu to add additional modules from the Mobo and prompt you as well.

Now, if you could customize what gets preloaded, that would actually be a pretty neat feature. For example, say you have a device you’ve added in your computer that requires drivers (a GPU for example). Being able to repload these into the Motherboard, and choosing to install it during the windows install process, that would actually be very convenient and neat.

Also, if bloatware is there, it can probably be overwritten, so mabye we’ll see someone do something cool with it?

But the devil’s advocate side is this is a perfect way to load a rootkit.

1 Like

Like have a socketed bios that has a set of basic stuff you always insatll so you can install clean and the chip with add what you need by default and then you can swap it back to a regular bios, once your PC is set up.

Oh no, I totally agree it’s a huge security risk. All it would take is for the ftp server that services the files that would update that section of the BIOS to be compromised to do exactly as you say.

It would be much better if they had it off by default, and the Marketing team advertised it as a feature of the board, something like Driver Store or whatever and be something that has to be explicitly enabled and setup.

This would be a mostly useless feature to enterprises, as enterprises typically use SCCM to image a device with the drivers already as part of the image.

But, I can see how not having to have AD infrastructure for similar functionality would be neat.

Well it kinda depends on what kind of ¨bloatware¨ they install.
laptop brands also do this like HP, packardbell, Dell etc.
So its not really anything new imo.

I would agree with you that it is useless for the enterprise, but realistically, would an enterprise be buying all the individual PC parts and putting them together? Nah, they’d just buy OEM PCs from Dell or HP in bulk and mass deploy them, both from lower total cost and for homogeneous deployments to reduce troubleshooting issues with specific hardware.

The Driver Store bit I think would be neat for individuals who are building their PC and just don’t want to deal with Drivers on later installs/reinstalls.

1 Like

From what I understand the exe is not on the board ever. It´s being downloaded sometime before it´s needed for the installation. Kinda like you can update your asus bios via the internet instead of an USB stick.

It´s optional too, so I don´t see that being a big deal. In theory there would be an attack vector when someone get´s hold of your router and can change the DNS service to a custom one that uses a different Server instead of the Asus one. I´d imagine it´s not actually all that easy to pull this off. First gotta probably reverse engineer what those ASUS servers are doing and then gain access to your router to then change the DNS.

This does not really look like bloatware. It´s a software that installs and updates all the drivers your asus board needs to function properly. I can see it being convinient if you intend to use it. Otherwise you can turn it off.

I’ll also point out that not a single Techtuber is talking about this. A search for “ASUS Z390 Bloatware” on YouTube ends up with fully SEO optimized results from all the top techtubers about how good the mobos are without diving into why this is.

@wendell, you could be the first to investigate this claim. And to see if the infosec claims I’m making hold weight.

1 Like