Hacker News new | past | comments | ask | show | jobs | submit login

RMS is sounding less and less crazy with discoveries like this. To think a manufacturer would essentially rootkit their own machines is testament to how bad things have become.

Would running TrueCrypt full disk encryption protect you from your own hardware? If the BIOS can't read the disk on boot, I don't think it would inject the binary into the file system.

No - see my reply to the Ars thread. Windows 8 introduced an "official" way to do this called "Windows Platform Binary Table". Every time Windows boots, it checks your ACPI table for an entry called "WPBT", writes that to disk as "wpbbin.exe", and executes it. There does not seem to be any way to disable this behavior in Windows. Truecrypt would not help in this case because it happens after boot.

Another [very valid!] reason not to run Windows IMHO. This kind of thing is totally unacceptable.

To be fair, the guidelines for this feature include

> The authenticated device owner should have the ability to disable or remove this functionality if desired.


The feature shouldn't exist in the first place. If a backdoor is hidden, this is an unlocked door with a "Please don't enter" sign on it.

You know, I have to agree. My gut reaction is "blame the policy not the technology", but after looking closely, I'm struggling to see how this feature could ever be applied towards the user's best interests.

I would just add, it took them nearly 4 years to add these guidelines!

>November 29, 2011 First publication

>July 8, 2015, 2015 Revision to include security guidance and requirements

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact