Phoenix BIOS Phones Home? 149
Myrv writes: "There is an interesting thread over at DSL Reports discussing Phoenix Technologies new BIOS. This BIOS contains the PhoenixNet Internet Launch System . ILS resides safely within ROM and is activated the first time a user launches a PhoenixNet-enabled PC with a Windows 98 Operating System. When the PhoenixNet ILS detects an Internet connection, it makes contact with the PhoenixNet server and delivers user-selectable services. These services are delivered to the user as hotlinks on the desktop and in the web browser or, as applications that PhoenixNet automatically packages, downloads and installs. It's 3 a.m., do you know who your motherboard's talking to????" We've gotten a couple of submissions about this - another submitter pointed out this thread and this description by Phoenix. Phoenix has apparently been kicking this idea around for a while - see this old Slashdot story. Does anyone have any more information?
Is this really that bad? (Score:1)
Even if there isn't an option to disable this, it sounds like this option will only function under Windows systems.
So why are you worried?
Warning: parent has a goatse.cx link! (Score:1)
Good ol' ipchains has saved my lunch once again.
re: Phoenix BIOS (Score:1)
<User> HELP!!...!!!...!!
<Tech Support> What?
<User> HELP!!...!!!...!!
!!!
<Tech Support> Could you please elaborate?
<User> I NEED HELP!!!
<Tech Support> What do you need help with?!
<User> I CAN't SAVE!!
<Tech Support> Why can't you save?
<User> I CAN'T SAVE MY DOCUMENT!
<Tech Support> What sort of document is this; what are you doing to save it?
<User> I LEFT CLICK THE PICTURE OF THE DISK
<Tech Support> And what happens?
<User> IT SAYS I'm FORBIDDEN
<Tech Support> What exactly does it say?
<User> STUFF
<Tech Support> Try it again and tell me exactly, ok?
<User> OK
<User> It say 505 - FORBIDDEN HTTP://WWW.PHOENIX.COM/SPYNET/WINDOWS/98/USERSAVE
<Technical Support> Oh, that's just a little quirk; your BIOS provider is having some trouble with their website.. just try again later; if it doesn't start working in a few days; however, you might try replacing yours with a M$ BIOS; or you might try upgrading to the BIOS PRO(tm) service.
Re:apt? (Score:1)
I wonder if any motherboard makers are thinking about LinuxBIOS [lanl.gov]...
Re:spare the overhyped dramatics (Score:2)
I was just pointing out what could happen, if not with this bios, but maybe a future one... You never know... I'd be right there in the riot with you if it ever happened. Kind of an odd comment comming from somebody with an antioffline email address.
The only safe computer is an unplugged computer. (Score:5)
The following venders have signed up: AOpen, Chaintech, ECS, EpoX, Giga-Byte, Jetway, Legend-QDI, MSI, Soltek and Zida. Notice no ABit
<possible troll> (but I don't think so...)
It was interesting to read in that thread also, that this could bypass the OS level networking code, and use it's own stuff. I don't think I could imagine the destruction that would be cause by millions of PCs with a backdoor/hole/bug in their firmware, that could easily be remotely exploited. If you thought DDOS attacks were bad now, you ain't seen nothing yet.
</possible troll>
I didn't notice anything about being able to actually turn this off in the BIOS. There is allready talk of using a hex editor to disable it... Just what we need, buggy roms because the vendor does what people don't want.
Re:BIOS spying on you (Score:1)
Re:BIOS spying on you (Score:2)
It sounds like a custom install, skipping the PhoeinixNet stuff would get around it. Someone mentioned uninstalling the PhoenixNet stuff would also fix it.
Could you imagine how complex it'd have to be to be at the BIOS level only - a TCP/IP stack, network drivers, somehow using the NIC without the OS crapping out. Though, I must agree that the info on the phoenixnet site makes it sound like it is a MB only deal.
Guess I'll never find out...as now any new MB better have a huge Award sticker on it.
Re:IBM's been doing this for years (Score:2)
An interesting billing model - the more disk space you use, the more we bill you. I know the 3090 we had in school would call IBM if something bad happened to it (failure, temperature indicators said the room was too hot, lonely)
Re:Is this really that bad? (Score:1)
>they are often ignored by corporations
As if corps are somehow special because of this behavior. Corps are run by people, and just like people, no, BECAUSE of the people that run them, they have the same failings. If anything, they commit fewer moral transgressions than the equivalent people just because there are some "good" people in the mix that will make efforts to counter the "bad" people.
There are no "good" nor evil corps. There are however some good and some really, really, evil people, and evil people will do evil things whether they are in a position of power and influence or not.
Good judgement comes from experience, and experience comes from bad judgement.
Oops, I meant maxtor, not matrox (Score:1)
Soyo too (Score:2)
In one of the CSS licenses, one of the clauses essentially bound the licensees to offer "security upgrades" to the user only as part of a enticing upgrade. Thus, the security fixes would get installed along with whatever flshy multimedia "upgrade" a licensee had advertised to the end-user/mark.
Now, I don't think Soyo delibrately intended to be dishonest, but be prepared to accept bugfixes packaged alongside unwanted (or even malicious) features.
Of course, if you use open source software, this can be avoided. One does not always have to accept the evil along with the good.
Re:IBM's been doing this for years (Score:2)
There are some computers you buy with disabled CPUs (IBM does it, and I remember Sun making a press release about it, but I don't know if they do it).
CPUs have two real costs. One is the cost to fab (build) the CPU, this is a large percent of the low end embedded CPUs and the Celoron type CPUs were cost is a major issue (you can count the cost of the fab plant here). The other cost is the design cost of the CPU. The more CPUs of a given design you sell, the less you have to pay per CPU for this. High volume CPUs like the x86 have very very little design cost per CPU. Low volume CPUs like the POWER3 and UltraSPARC have a much higher per-CPU design cost.
So IBM and Sun may charge well over $1000 for a CPU that costs them only $100 to build (in real life part of that $1000 is also profit). They can charge $100 for a CPU and not lose money on building it, but if they don't somehow get more money then that they won't manage to design the next CPU.
They can put extra CPUs in a box for $100 each, and "just" charge you the other $900 (or $1500, or whatever) if you want to use them. Given the price of large IBM and Sun machines a few extra $100 won't be noticed (the small Sun machines are about $1000, so that can't do that!).
Sun/IBM wins because there is a larger chance that you will buy the extra CPUs given the fast "shipping time". The customers win if they ever need another CPU in a hurry, because it can be "shipped" to them quite quickly. There was some talk that Sun would let you just turn them on and pay on the honer system. I don't know if that happened. If they never use the extra CPUs then they payed a extra few $100 on a multiple $10,000 box, which isn't helping them, but it isn't all that bad for them either.
It isn't likely to happen to x86 CPUs because the design cost is a much lower part of hte final cost. The profit margins are also lower now that there are two real supplyers (AMD and Intel), so a CPU that sells for $200 can't be thrown in for $20 without someone taking a loss...
Re:Here's How To Disable It. (Score:2)
A Dumb, and Soon-to-be-Unsuccessful Idea (Score:1)
Dear Phoenix (Score:2)
Sent: Wednesday, June 20, 2001 2:48 AM
To: pnetcust_serv@phoenix.com;
Subject: banner ads for free motherboards?
FYI, I will gladly take a 5 second banner on startup if it means I can get my motherboard for free.
Re:The only safe computer is an unplugged computer (Score:1)
http://home.phoenixnet.com/boards/index2.html
ABIT
ACORP
AOpen
ASUSTEK
A-Trend
BIOSTAR
ELITEGROUP
EPoX
Gigabyte
Iwill
JETWAY
Lucky Star
MicroStar International
Shuttle
Soltek
SOYO
Tekram
Taiwan Commate
Re:BIOS spying on you (Score:2)
That's pretty sick, dude. Can't you just visit a pr0n site to get your kick? I do agree that it's dangerous, there are all sorts of sharp corners inside a PC to catch nude skin on.
--
Re:What a great way to deliver viruses (Score:2)
Where does this end? (Score:1)
Can you imagine getting a popup every day: "Do you want to install Compuserve?".
Now it's the BIOS, tomorrow the ethernetcard, soundcard, videocard? All fighting to install software on your PC?
And the fact you need Windows 98?? The feature could be cool, but only to fix a crashed OS. When your PC is booted, you just don't need the BIOS.
--
Disable methods (Score:1)
Any other takers for ways?
Comment removed (Score:3)
script kiddies (Score:1)
something like this, if exploitable, could really be nasty. this is below os security controls and I imagine you could get away w/ nearly everything. can you have the bios write files to disk? i dunno but my guess would be yes.
you say you would just block it at the firewall. that is all well and good for you but most people still don't have firewalls on their boxen. especially as this is turned on by default many people won't even know it is a risk. then suddenly one day their machine participates in another yahoo DDOS and then fries itself just b/c the script kiddie is a 15 yr old shit that thought it would be cool to ruin other people's hardware.
i don't see this as "overhyped dramatics". i see this as a serious threat.
cj
Win 98? GOOD! (Score:2)
Microsoft doesn't sell Windows 98 anymore!
Seriously, how does the merge into WinXP (NT) affect this? Secondly, how does something like ZoneAlarm react to your hardware trying to access the internet? Geez...
I understand the need for BIOS updates, and the need for companies to make it easier on the non-technical user... but this 'phone-home' capability (and all the data-collection demons it brings with it) is just a bit too much.
Good thing the OS it needs isn't sold anymore (at least, not 'officially').
Re:BIOS spying on you (Score:1)
You might find out even so, since Phoenix bought Award around 1998, and they've been a single company since.
They've been shopping around this stuff for several Internet companies, offering them the "opportunity" to be the default home page of the user... whether he wants to or not. The PowerPoint presentation I saw specifically mentioned Phoenix AND Award BIOSes as part of the deal.
Inevitable progression (Score:4)
With tux running in the kernel, it was only a matter of time before we had the next step: web server in the BIOS.
I smell innovation. Thanks Phoenix!
< tofuhead >
--
What I would've done... (Score:2)
I would have stood up, told him that he could stick his idea where the sun didn't shine, that you were personally never going to buy a machine with the Award BIOS in it, and would recommend the same to friends, and why, and that as of that moment, your friendship was dissolved, and if he couldn't understand why, then that was reason enough.
Your "friend" has created an idea that essentially allows remote monitoring and control of other citizens' property and habits. This is morally repugnant, and unethical, to say the least. People who dream up such stuff should be stuffed back into the holes from whence they came...
Worldcom [worldcom.com] - Generation Duh!
Going OT - Mod me down! Burn my karma!!! (Score:2)
The fact is that the idea is being foisted on a group of people who may be unaware that the system is capable of doing such a thing. If the consumer doesn't know about it, then they are unable to make a choice not to buy it. Your friend had to know this, yet went ahead and pitched the idea to be created anyhow - probably thinking "Yeah, more money for me!", rather than taking the high road (and not disclosing his idea to his employer).
The fact of the matter is that alternate revenue streams would serve to drive down the costs of PCs. If someone wanted the lower end PC that was subsidized by this, then it would be their choice.
We both know this is a lie. Such schemes won't drive the cost of PCs down, but rather keep them the same, and increase profits - it is all about money, and "Damn the citizen!"...
In fact, who are you to decide what people should or shouldn't have?
I am a person who knows that the nature of man is to be free, yet corporations and government continue to build chains to enslave and control. Do you honestly think people want their computers reporting details contained on their hard drives back to some "anonymous authority"? You may say it is only relevant details, but the individual doesn't know this - they can't see source code, and I doubt many know how to use packet sniffer/logging programs to analyze data coming out the backend. Do you honestly think people want another entity looking over their shoulders? If society honestly wants this, then we are far, far down the slope - and we might as well strip to the skin and be bonded in chains, because that is what the situation would be.
Something tells me you don't have too many friends.
The friends I do have are those who oppose corporate and government tyranny and control such as this. The friends I have know about freedom and rights.
Something tells me your friends would backstab you and society for a buck, grinning all the way to the bank...
Worldcom [worldcom.com] - Generation Duh!
Re:Going OT - Mod me down! Burn my karma!!! (Score:2)
We are not typical consumers - even people who buy boards to do their own upgrades may not know about it if they aren't reading the fine print, or staying up on the issues. Most just want to upgrade to play the latest game or whatnot...
The answer is because competition drives prices down, with a floor at the cost of production. If you have more revenues coming in, then that reduces the overall cost of production, and thus there is more room to reduce prices to undercut your competitors.
This assumes something though - that the consumers are aware of the monitoring aspect and are willing to have it monitor them. If the consumer goes along with all of this, and likes it, and others do as well, then I could see this happening - but I doubt the box is going to say on the side "Spies on all of your habits in exchange for a lower price!". It will do it secretly - and the extra stuff will appear to be "magic" to the oridinary consumer (they tend to be sheep). If they came right out and said what it does, I tend to doubt people would really want it...
Second, yes, there are people who would be willing to have details of their lives reported in exchange for money.
Why not just "sell" themselves into slavery? What you say is true, and is disturbing to think about - that money should be above privacy to some people. Doesn't that disturb you? If it doesn't, it should.
The supermarkets pay you for the ability to track your purchases. Don't want to participate? Fine, then don't. But I have absolutely no problem with being paid for this.
I take it when you mean "paid", you mean "getting lower prices" - the truth of the matter is in how these cards really work. The savings aren't really there if the prices are raised a bit beforehand. Or, if the products you buy aren't the "typical" ones, the ones that are already high-priced to begin with. Furthermore, some stores give you the savings even if you don't use the card, so what is the card really for?
And what's so ironic is that you people like you who talk on and on about freedom are the first people who say that I should NOT have the freedom to decide whether I want to be tracked or not.
Why would you want to be tracked? For a small monetary gain (if any)? I can think of advantages of tracking, but the risks far outweigh the gains, especially since the system would never be open enough for the plebes to watch Big Brother. Who watches the watchers, huh? Sure the hell won't be you or me...
Right -- as long as you are the one controlling what freedoms people have.
Gah! I can't understand why you don't understand that being monitored isn't freedom! Think of it this way:
Let us suppose I am your employer. I give you a choice (to freely make) to place a leash around your neck, so that I may track what you do during the day, while you are in my employ. I tell you in exchange for this, I will give you double your salary. You are saying you would take this deal, freely - yet I control the leash. Are you now more free?
Somehow, you argue that you are...
Worldcom [worldcom.com] - Generation Duh!
Re:Going OT - Mod me down! Burn my karma!!! (Score:2)
In any case, unless this employer is forcing me into slavery, yes, my freedom is perfectly intact -- because I choose whether to participate or not.
No - once you are bound by the leash or by chains, you would become my "bitch" - you would have lost your freedom of choice, because at that point you would be under my control.
Or maybe you didn't understand my "proposal" - when I said leash - I meant a physical leash, made of steel, with a chain anchored to it - perhaps locked to the desk, while I sat nearby, watching your every move. Whoops! You made a mistake - "bitch slap"! Bad sl... I mean... worker!
Do you still maintain that you are free - I hold the key to the lock, after all...
Worldcom [worldcom.com] - Generation Duh!
Bios Wars (Score:1)
Your heresy was detected, Windows reinstalled from on-board memory, you've been reported to the proper authorities, and your email address sold to spammers.
You're forgetting WinXP's hardware cert. specs (Score:2)
IOW, a NON-user-flashable, NON-user-customizable BIOS. But the spec says nothing about whether the manufacturer is allowed to mung it up.
I've just notified Phoenix that under no circumstances will I purchase Phoenix-based products for myself nor for my clients. If that "limits" my choices, big deal, at least they'll be MY choices.
Re:What a great way to deliver viruses (Score:2)
Can't find a not-at-all-sucky system. Find the least-sucky system. Capitalism is less-sucky than communism, because there is the potential for liberty under capitalism. Too bad that potential has been sold out. Plus, the indoctrination of our children into a global corporate state in which they are merely docile consumerist droids is complete.
--
Re:Is this really that bad? (Score:1)
Tom Swiss | the infamous tms | http://www.infamous.net/
Can you disable it? (Score:1)
------
Re:Inevitable progression (Score:2)
------
Re:It is not automatic (Score:1)
(Why does it matter? I dunno about you, but I cram my '98 installs into either 256M or 512M partitions, just so I can keep my "OS" and data separate. OOBE is bloat, bloat, bloat.)
Re:It is not automatic (Score:1)
Out Of Body Experience, Out Of Box Experience. I dunno, same thing to me. I spend so much time inside my PC's case that I don't even bother to put the cover on anymore.
Re:Is this really that bad? (Score:2)
The hell it would be.
When I want to flash BIOS, I'll flash BIOS. If I don't have any problems with my current BIOS regs, I won't flash BIOS and run the risk of introducing bugs that may have come with the new revision.
> Q: What if I want to discontinue using the PhoenixNet resident application?
Of course, since I buy my drives OEM and install my own damn OS on 'em, I never have to worry about this in the first place - no phone-homeware installed, no phone-home risk.
I really pity people who buy their PCs from name-brand manufacturers as opposed to screwdriver shops. I really do.
Re:Soyo too (Score:2)
Question to all: Has anyone run CBROM.EXE on a PhoenixNet-enabled BIOS dump?
I'm wondering if PhoenixNet is a module that can be unloaded from BIOS, and then the BIOS reflashed.
Given that it's marketing-related (i.e, Award expects to make money off it), it's quite plausible that they'd release BIOSes that "have it" (because the manufacturer/reseller either paid or got paid for it) and "don't have it" (for those evil OEM types). The logical way to do this would be to modularize it, in the same way that the .BMP that makes up the "boot logo" is a module that can be loaded or unloaded before reflashing.
For more information:
BIOS Customization Page [geocities.com]
(And many more, but this gives you the general idea of what CBROM.EXE is for.)
Re:odd? ... and then some (Score:1)
And you don't think that Phoenix is probably leaving a _specific_ port open to accept incoming connections to the computer? If they don't now, I'd bet it wont be long. At that point all you'd have to do is spoof packets etc. etc. etc.
From a security standpoint, this software is a horrible breach of "trust" between the MB/bios manufacturer and user.
Somebody tell me when all of a sudden capatalism turned into sell-my-privacy-to-the-highest-bidder?
ReplayTV + Pentium serial number = Phoenix BIOS (Score:2)
It looks like the computer companies are taking lessons from the cell phone industry. Your computer will soon render itself useless unless you're sending money into the appropriate chain.
Phoenix to your ISP: "Hey, we're gonna switch your user to our ISP unless you pay us not to."
Your ISP: "Hey, you can't do that!"
Phoenix: "We just did."
In addition, if you thought you got telemarketing calls and junk-mail NOW, just wait! Phoenix knows which batches of mobos were shipped to which retailers. Now they'll know exactly where those computers are being used. Paying in cash is futile, you WILL be tracked. Changing your browser's start page is futile, your PC WILL contact someone. Not using Outlook is futile, you WILL have programs installed on your computer without your consent.
Also, I doubt this thing can be made secure. How long until someone figures out a way to overflow the BIOS and install arbitrary code into the Flash chip? The ultimate BackOrifice involves control from the moment the machine's powered on.
Only massive public outcry, like that which surrounded the Pentium III serial number, will persuade companies not to do this.
Or calling phone sex lines in Bulgaria.. (Score:2)
So commandeer it! (Score:2)
Anyone think it'd be feasible to hijack this system and use it to provide greater USER configurability, custom logos during boot, and so on?
Re:IBM's been doing this for years (Score:1)
Re:IBM's been doing this for years (Score:1)
Uh, the G4's are pretty hefty, and on the low end of the RS/6000-pSeries lines some of the systems are small, but there's a tad bit of difference between a 4-PCI slot, 1 CPU system (even with 1.5 GB memory) and a 24-CPU, 96GB system with 56 PCI slots, etc.
Besides, those black cases & keyboards are way cooler than wimpy pastels, and how do you rack-mount the Mac?
Re:odd? ... and then some (Score:1)
IMHO (Score:2)
I see nothing wrong with Phoenix trying to make a call when I boot up my pc, because I barely ever shut it down for one, secondly I don't use Phoenix BIOS anymore, and thirdly if I did I would block it out on IPF.
It's nice for companies to attempt to improve their products however I think they should notify their customers with their intents and base their judgement on those results. Not every single company is out to shaft everyone, and not every company is out to monitor you like Big Brother.
Now what would have been an excellent YRO story would have been something about "Digital Angel [antioffline.com]." Now there is something I could spend hours on end posting on.
spare the overhyped dramatics (Score:2)
First off this applies to Windows98, and many people have migrated off of it to other MS OS's (NT, W2K, etc) or other OS' entirely. How could someone remotely execute anything when someone would still need an IP address from their provider? Script kiddies can baReLy sPeLL cOrReCtLy 95% of the times, do you expect them to yank off an IP address from a provider and designate it to someone?
Give me a break.
As stated in my above post, if I did have Phoenix Bios and a Winshit98 machine I would auto block it on a firewall should I not be allowed to disable it, which would make it obsolete. Sure it may dial, but there isn't any data going through, and if I saw anything peculiar such as my machine making its own settings, I'd contact EFF, ACLU, and EPIC and start a riot.
odd? ... and then some (Score:2)
People misunderstand our site, we're not anti anything, we just don't give a shit about anyone
Anyways as for the BIOS and script kiddiots, it'd be an enormous task for someone to create an exploit since as stated, well let me rephrase this a bit... It's be hard for someone to create an exploit for your typical dial-up customer, since they would (the script kiddie) need to know which machine to interact with upon boot.
It could be done with a backdoor, then leaving the port open, the script kiddie would have to scan complete address blocks, but if they're going to do something so difficult, then they're even bigger idiots for not downloading already availble trojans that'd do the same.
Re:Is this really that bad? (Score:2)
also, I agree that it's not that bad because you can turn it off
from the faq:
"Q: What if I want to discontinue using the PhoenixNet resident application?
A: That's easy. You can disable or enable PhoenixNet at any time with a right-click on the PhoenixNet tool tray icon."
my overall feeling is 'meh, whatever'
Re:IBM's been doing this for years (Score:2)
But when you buy a personal PC for your home, you want to install software you like on it, and play with it as much as you want. You don't want your MB maker to manage your PC for you. If you did, you would have paid someone to do it.
So why would a MB maker be so stupid to offer a feature the consumer doesn't want to pay for or use, when it can sell the feature to corporate users? New features for the sake of new features?
---
Re:From the manual (Score:2)
In other words, Advertising Revenue.
ADs at Bootup...
ADs at Shutdown...
ADs at Hardware Setup...
ADs at Hardware Failure....
ADs...
ADs...
and MORE ADs....
I'll bet they even sneak a commercial in for a motherboard upgrade when yours starts to feel dated (two weeks after you've bought it.)
"Everything you know is wrong. (And stupid.)"
Did you read the article? (Score:1)
It is not automatic (Score:5)
Unless you activate it within the bios "phoenixNet-enabled PC" and agree to their ISP partnery, you never hear a word from the program. It sits quitely on your bios and never contacts the mothership
Also from my mother board manual:
1. User reads system information from graphic launch screen
2. User registers MS Windows and completes MS OOBE.
3. User accepts/Rejects PhoenixNet service
4. User accepts/Rejects PhoenixNet ISP Partnery
5. PhoenixNet and ISP icon appear on desktop.
IBM's been doing this for years (Score:3)
Some machines require this data to be in the database so that hardware engineers can enable upgrades on your system. For example, you can get an S/390 with some of the processors turned off and it'll cost you less. Then, if you expect processing to hit a peak (Like, around Christmas maybe, if you're a retail outlet) you can pay IBM some money and they'll enable the other processors for a limited period of time. Several of the disk array products work the same way. You can buy an 11 terabyte array and only want to use 1 terabyte of it. You can turn on more disk storage as you need it and you get billed for the extra storage as you turn it on. If the machine doesn't report back when it's supposed to, a friendly IBM CE will visit to repair your defective device. I don't know what those guys bill out at. Used to be $120 an hour.
Unlike the desktop segment of the population, IBM and its customers view this as business as usual, allowing IBM to deliver faster and better service to the customer. Sure it means IBM has more control over the system than it otherwise would have, but the customers often don't want to be bothered with the thing anyway. They just want it to work. They're paying a premium for just this feature as well as the IBM brand name.
Re:A Dumb, and Soon-to-be-Unsuccessful Idea (Score:2)
To summarise: we'll dump lots of crap on your desktop, force us to be your home page and spy on you. People with packet sniffers have confirmed that the software sends stuff back even when "disabled". And one of their partners is RealNetworks, whose own spyware will be alongside Acrobat Reader and other such rubbish. No thanks! There's always AMI [ami.com], of course...
grumble management (Score:1)
Mike Roberto
- GAIM: MicroBerto
BIOS phone home... (Score:1)
Seriously, does this exciting new "feature" work with all the newer versions of Windows too? Like ME, 2000 and XP? Or just 98? (Can't imagine buying a new machine with 98 on it anymore.)
5 Steps to buying a computer:
1) Go to computer store.
2) Buy computer.
3) bring home.
4) Format Hard drive.
5) Install Linux.
Recommended alternatives? (Score:2)
What a great way to deliver viruses (Score:2)
Re:What a great way to deliver viruses (Score:2)
Didn't you know that capitalism is a virus. Everything else you need some revolution or an army to stay, but sooner or later capitalism takes over anyway. Can I buy some shares in capitalism soon?
Sarcasm or criticising society? You decide;)Really very dangerous! (Score:5)
I doubt this is beyond the realms of possibility, and once some clever hack has figured out how to do it the skript kiddeez will soon get hold of it. Hell, maybe it could even be tagged onto a VB app and turned into an Outlook worm - cue millions of cracked boxen that can only be made safe by flashing the BIOS, and how many regular (i.e. non /. visiting) users have the first idea how to do that?
Please someone tell me if I'm just scaremongering here (and give details), but I do genuinely believe this is a problem waiting to happen.
I'm not worried (Score:2)
Motherboard vendors using this (Score:2)
"Here is a list of the system board makers that are PhoenixNet-enabled. " [phoenixnet.com]
Ask for them by name, and just say no.
A review of the technology (Score:2)
And new, more intrusive features are coming. Here's PhoenixNet's pitch to resellers [phoenixnet.com]:
This needs to be publicized in the mainstream media. It's far worse than the Intel Pentium III serial number fiasco.
It also needs to become well-known to corporate IT managers, who aren't going to want those things on employee desktops and won't like all those unauthorized outgoing connections.
Re:A review of the technology (Score:2)
Re:A review of the technology (Score:2)
Oh, joy. Next we'll have peripherals that install spyware and spamware. It's a good thing the CueCat people went bust before this was developed.
stupid question (Score:2)
There is the whole privacy issuses, etc... but I have a stupid question: What does a BIOS (Basic Input/Output System) have to do with push technolgy?
Seriously can I get a low level hard drive interface in my AOL Messager? I want my memory timings driven by my Email Client. I also think that the chip on my sound card to be able to download stock updates though hardware and my CMOS should store my Intenret Explorer book marks.
What ever happened to "Do one thing well"?
Oh wait, I guess I forgot BASIC INPUT/OUPUT these days involved http connections behind my back.
Just sent this ... (Score:2)
To: pnetcust_serv@phoenix.com; pnet_tech_sppt@phoenix.com; public_relations@phoenix.com
Cc: robert.blincoe@theregister.co.uk; editors@tomshardware.com; news@arstechnica.com; henry.kuo@anandtech.com
Subject: re: PhoenixNet BIOS - backdoor whether I like it or not?
Phoenix,
I certainly hope that the information about PhoenixNet on your site [http://home.phoenixnet.com/about/index.html] is incomplete, or that I'm misinterpreting it.
My interpretation is that there is no way for me to disable PhoenixNet on a hardware level, that the program will run in Windows whether I like or not.
I consider this an unconscionable invasion of my privacy and a theft of my computing resources. I think that you're going to get lots of backlash and bad press, and you'll deserve all of it.
I for one will never buy a motherboard equipped with a PhoenixNet BIOS, nor will I install one in any of the dozens of PCs I manage.
Yours,
/me
"We all say so, so it must be true!"
Re:THATS TELL THEM OFF (Score:2)
"We all say so, so it must be true!"
Re:OH YOU IS SO GOOD (Score:2)
"We all say so, so it must be true!"
Here's How To Disable It. (Score:3)
Easiest way is to not run windows.
But if you must, here's how to remove it. Uninstall Phoenix net in the windows, and in the bios change Phoenix net from installed = yes to No.
Phoenix net is installed when you install the drivers from the motherboard and you go with the defaults rather then choosing your own options.
From the manual (Score:4)
4.1 PhoenixNet Introduction
PhoenixNet is a service that provides PC users with best-of-breed, free, software services to support their PC hardware and software and to turn their computer into a powerful tool for communication,entertainment, education and business.
4.1.1 Internet Launch System The PhoenixNet Internet Launch System (ILS) is a patent-pending technology built into the firmware to enable online PC users worldwide to communicate with PhoenixNet and to receive the free PhoenixNet services. ILS resides safely within ROM and is activated the first time a user launches a PhoenixNet-enabled PC with a Windows 98 Operating System.
4.1.2 PhoenixNet Online Services When the PhoenixNet ILS detects an Internet connection, it makes contact with the PhoenixNet server and delivers user-selectable services from PhoenixNet's Internet Partners. These services are delivered to the user as hotlinks on the desktop and in the web browser or, as applications that PhoenixNet automatically packages, downloads and installs.
Re:Is this really that bad? (Score:2)
I really pity people who buy their PCs from name-brand manufacturers as opposed to screwdriver shops. I really do.
I always build my computers too, even workstations for work. I used to buy work computers from "screwdriver shops", but there is too much instability. It is really because so many people prefer to buy from a big company. They seek saftey in numbers.
Or go one step further ... (Score:2)
Re:Is this really that bad? (Score:2)
Then it would be theirs to mess with at will.
As for moral and technical issues, they are often ignored by corporations.
As long as people will buy it...
Re:From the manual (Score:2)
(*) BIOS can be erased, various other NVRAMS erased, clock chips can be programmed to overspeed and burn stuff out, overvoltages can be caused by software commands (look at the motherboards that let you set CPU speed and voltage from BIOS), etc.
Advertising in dreams... (Score:2)
We are not far now...
--
why there's a distinction between high and low... (Score:2)
The BIOS is firmware. That's all it is, and that's all it should behave as. And the point about reflashing BIOSes is worth remembering -- don't forget that nasty little firmware update that B&W G3 Mac users had to deal with last year.
I'd go so far as to say that it's a shame that OpenBIOS and LinuxBIOS aren't as far along as they could be -- at least the early IBM PC users could look through the listing for security holes and such. This is just flat out ridiculous.
(For the record, the LinuxBIOS idea seems to be a pretty specialized design -- too clunky and potentially difficult to maintain IMHO. I wouldn't use it personally, though OpenBIOS seems to have potential even if it's a comatose project.)
/Brian
Re:So commandeer it! (Score:2)
Why They Do It (Score:3)
Microsoft has placed very strict limits on what customizations vendors can do on systems before they ship. Microsoft wants Windows to control the horizontal and the vertical. Well, there's another player in town with a pretty large market share, and the tactical high-ground: Phoenix. The BIOS rules the machine, not Windows. I'm positive that this feature was requested by the systems vendors, and it's just a case of them fighting back against one of their suppliers who has gotten a bit too pushy.
"Theft of services" (Score:3)
steve
Funny story about this... (Score:4)
I wasn't sure I wanted to post this, because it could possibly give away my "secret identity", but...
A friend of mine is reasonably high up at Phoenix. He had been working on a "secret project" that he wouldn't tell me anything about, but he told me that it was going to be big. Of course, I badgered him for information, but he wouldn't tell.
Well, I had lunch with him one day not long after PhoenixNet was announced. I asked him, "so what's up with this PhoenixNet thing?" He replied, "what do you think of it?"
I then went on to totally trash the idea, saying why it wouldn't work, that people wouldn't stand for their BIOS downloading advertising, on and on. I railed on for quite a while. I might've even called it a "stupid idea".
Then I said, "hey wait a minute... is this the secret project you've been working on??"
He said, "Yes. It was my idea."
Oops. I kind of grinned sheepishly. Huge case of "open mouth, insert foot."
--
BIOS spying on you (Score:5)
This is bios level spying and advertising, even from Phoenix's partners. I think most users will not even know it is installed (by default). The only way to get rid of it is flashing your bios, which is quite a dangerous operation for the common user
re: Phoenix (Score:2)
What they're probably doing is a whole lot simpler and more plausible too... Since their BIOS can't do things like access the network itself, they have to depend on software they have the user (or the OEM) install on the system.. by making their `windows driver software' for supposed components on the motherboard include other software that simply launches an internet client they could do what they need without any involvement from the hardware; *Recalls flashbacks of 'MSN Network' setup icons mysteriously appearing on desktops of new windows installations and the desktops of any new user profile being created that drove him crazy*.
While it may be theoretically possible for a BIOS to implement its own network layer and a separate IP stack, to have built-in know-how to scan the status of modem/NICs to detect not only that a network is present but that the network is connected to the Internet; it is extraordinarily unlikely that this is what is happening -- it would simply be a waste if Phoenix could just as easily have software installed on the system's hard drives through traditional means.
The idea that their entire system (hardware drivers, client, network code, DNS stuff, etc) could be reasonably contained within BIOS ROM is preposterous in my opinion.
I think what is more likely; however, is that those who install software provided phoenix or those using pre-built systems with their BIOS get this installed by default and the otherwise traditional software might be able to make use of 'special BIOS hooks' which could have been created for its benefit...
In my opinion, this is similar to the makers of web browsers settting a default page of their maker; example: netscape's home.netscape.com; Microsoft's www.msn.com -- the difference? Phoenix is selling BIOSes, not client software: this is akin to buying a calculator program and having its installation add banner ads to your
BOFHism.... (Score:4)
clickity-click
Oh dear, looks like your hard drive has been disabled. No, I can't fix it from here, but I have a friend who lives by you and could fix it in his spare time, he charges about $200/hr. Uh-oh, looks like one of your RAM chips just went!
This is due to Microsoft monopoly (Score:4)
Remember the Microsoft anti-trust trial? One detail that emerged was that Microsoft does not permit OEMs to perform modifications to the desktop, startup sequence, etc. This means that the OEMs can't give the user a "custom experience" or differentiate their machine from others using Microsoft's software.
This Phoenix BIOS trick lets OEMs skirt the Microsoft OEM license by performing the customization after the user has the machine.
So, in one way, I say "kudos" to Phoenix for figuring out how to subvert Microsoft's restrictive OEM licensing agreements in this way.
On the other hand, I'd like to understand more technical details of the feature, whether it could bite me while I'm trying to use Linux, etc. Has anybody turned up relevant patents?
Re:The Lone Gunmen were right! (Score:2)
Tongue-tied and twisted, just an earth-bound misfit, I
Re:Is this really that bad? (Score:2)
Another good (safe) summary of PhoenixNet (Score:5)
It sums up everything, and also contains key (annotated) paragraphs from the PhoenixNet site (so if you're too afraid of evil scripts to visit the PhoenixNet site, you can see it safely from this site). The main page of cexx.org [cexx.org] (no relation to anything disgusting; it stands for Counterexploitation) has other helpful and interesting pages about spyware, foistware, backdoors, scams, and such. Most of it pertains to Windows, but there's some other cross-platform/no-platform topics there (including a way to make the CueCat output raw barcodes without requiring any software intervention [cexx.org].)
Our Rights: (Score:2)
We have a right to expect honest, open behavior.
Before we buy a product, we have a right to understand anything that might make us change our minds.
Re:IMHO (Score:2)
And from what is said it doesn't look like a privacy issue, but more the problem is that it might be subverted to install trojans on your system (eg the "law enforcement" monitoring trojan recently discussed on cryptome).
Yet another reason... (Score:4)
Calling PhoenixNet.... (Score:2)
>Hey its me the new kid on the IT department and i cant seem to remember my password.
No Problem, *tickclickclick* your new password is *****
>And now we are on the phone anyways, what was the dialin number to connect to the network from home ?
Thats (insert telephonenumber here), is that all ?
>Yes, thank you.
*dailing into PhoenixNet Network*
Upload your Windows Auto Linux installer to be started with the ISL and set back and wait, reboot all win98 machines....
PhoenixNET user wakes up in morning, looks at his computer, who changed the start button for a big foot ?
Tralalala.....party on.....
Re:Really very dangerous! (Score:2)
Yay! (Score:2)
Re:IMHO (Score:2)
Isn't Phoenix the same BIOS maker that pushed hard for CPRM? Perhaps not every company is out to shaft everyone, but I'm pretty sure Phoenix is.
Questions on Feasibility (Score:2)
O man, Sausage again! I'm sick of it.
apt? (Score:2)