Walking dead Crapware: How the Windows Platform Binary Table Works
Few people noticed at the time, but Microsoft added a new feature to Windows 8 that allows manufacturers to infect the UEFI firmware with crapware. Windows will continue installing and resurrecting this junk software even after you perform a clean-install.
As Lenovo notes:
It’s impossible to write about this questionable feature without noting the case that brought it to public attention. Lenovo shipped a variety of PCs with something called the “Lenovo Service Engine” (LSE) enabled. Here’s what Lenovo claims is a complete list of affected PCs.
It also took several years before this feature even became noticed among the wider tech world, and that only happened due to a nasty security vulnerability. Who knows what other nasty features are baked into Windows for PC manufacturers to abuse. PC manufacturers are dragging Windows’ reputation through the muck and Microsoft needs to get them under control.
Image Credit: Cory M. Grenier on Flickr
Microsoft doesn’t present much information regarding this. Undoubtedly just a one. docx record – not really a web webpage – about Microsoft’s web page with information regarding this characteristic. You can learn all you need to about this by browsing the file. It points out Microsoft’s explanation for which includes this characteristic, using persistent anti-theft software for instance:
Lenovo gone even further, stretching this questionable technique to Windows 7. The UEFI firmware checks the C: Windowssystem32autochk. exe file and overwrites this with Lenovo’s own release. This program operates at footwear to check the file system about Windows, which trick enables Lenovo to generate this nasty practice work on Windows 7, too. It just goes to show that the WPBT isn’t even necessary – PC manufacturers could just have their firmwares overwrite Windows system files.
The revised guidelines instruct OEMs to ensure users can actually disable this feature if they don’t want it, but Microsoft’s guidelines haven’t stopped PC manufacturers from abusing Windows security in the past. Witness Samsung shipping PCs with Windows Update disabled because that was easier than working with Microsoft to ensure the proper drivers were added to Windows Upgrade.
This feature continues to be present on Windows 10, and it’s absolutely mystifying why Microsoft would give PC manufacturers so much power. It highlights the importance of buying PCs from the Microsoft Store – even doing a clean install may well not get rid of each of the preinstalled bloatware.
Microsoft has set up some more rules in this feature inside the wake of Lenovo’s irresponsible security failing. But they have baffling that the feature also exists to begin with – and particularly baffling that Microsoft gives it to PC suppliers without any crystal clear security requirements or guidelines about its work with.
What’s especially troubling regarding the WPBT isn’t just Lenovo’s complete failing in utilizing it to cook security weaknesses and junkware into clean installs of Windows. What especially being concerned is Microsoft providing features like this to PC suppliers in the first place — especially without correct limitations or perhaps guidance.
Microsoft and Lenovo discovered a serious security weeknesses with this kind of that can be used, so Lenovo has thankfully stopped shipping PCs with this unpleasant junk. Lenovo offers an upgrade that will remove LSE from notebook PCs and an update that will remove LSE coming from desktop PCs. However , these aren’t downloaded and installed automatically, so many – most likely most – affected Lenovo PCs will certainly continue to have this junk installed in their UEFI firmware.
On PCs using the WPBT, Windows reads the binary data from the table in the UEFI firmware and copies it to a file named wpbbin. exe at boot.
RELATED: The Only Safe Place to Buy a Windows PC is the Microsoft Store
Beginning with Windows 8, a PC manufacturer can embed a plan – a Windows. exe file, essentially – in the PC’s UEFI firmware. This is stored in the “Windows Platform Binary Table” (WPBT) section of the UEFI firmware. Whenever Windows shoes, it looks at the UEFI firmware for this system, copies it from the firmware to the operating system drive, and runs it. Windows itself provides no way to stop this from happening. If the manufacturer’s UEFI firmware offers it up, Windows will certainly run it without question.
This is just another unpleasant security problem from the PC manufacturer that brought us PCs infected with Superfish. It’s unclear if other PC manufacturers possess abused the WPBT in a similar way on some of their PCs.
RELATED: How Computer Manufacturers Are Paid to create Your Laptop Worse
“The primary purpose of WPBT is to allow crucial software to persist even when the operating system has changed or been reinstalled in a lean configuration. 1 use advantages of WPBT is usually to enable anti theft software which can be required to persevere in case a tool has been thieved, formatted, and reinstalled. Through this scenario WPBT functionality supplies the capability with regards to the anti theft software to reinstall on its own into the os and pursue to work as supposed. ”
Once we wrote this kind of in the past, various readers reacted that this was unnecessary mainly because you could generally just execute a clean mount of Windows to get rid of virtually any bloatware. Very well, apparently that isn’t true — the only surefire way to get a bloatware-free Windows COMPUTER is in the Microsoft Retail outlet. It really should not be this way, but it really is.
“Microsoft has released kept up to date security suggestions on how to ideal implement this kind of feature. Lenovo use of LSE is certainly not consistent with these kinds of guidelines and for that reason Lenovo seems to have stopped shipping and delivery desktop products with this kind of utility and recommends consumers with this kind of utility empowered run a lean up software program that cleans away the LSE files in the desktop. inches
When the method is immediately run by simply Windows 8, the Lenovo Service Engine downloads software called the OneKey Windows optimizer and reports some amount of information back to Lenovo. Lenovo creates system offerings designed to down load and update computer software from the Internet, so that it is impossible to take out them — they’ll also automatically revisit after a clean install of Windows.
Or in other words, the Lenovo LSE characteristic that uses the WPBT to down load junkware on the internet was allowed under Microsoft’s original design and style and suggestions for the WPBT characteristic. The guidelines own only now recently been refined.
You can examine your have PC to verify that the manufacturer seems to have included computer software in the WPBT. To find out, wide open the C: Windowssystem32 website directory and look for data named wpbbin. exe . The C: Windowssystem32wpbbin. exe record only is accessible if Windows copies that from the UEFI firmware. If it is not present, your PC company hasn’t applied WPBT to automatically work software on your personal computer.
This is yet one more example of COMPUTER manufacturers certainly not taking Windows security really. If you’re considering purchasing a fresh Windows COMPUTER, we advise you buy an individual from the Microsoft Store, Microsoft actually likes you these Computers and assures they shouldn’t have harmful software just like Lenovo’s Superfish, Samsung’s Disable_WindowsUpdate. exe, Lenovo’s LSE characteristic, and all the other toxins a typical COMPUTER might have.
This security of the characteristic was simply added to the document following Lenovo used it for additional purposes.