Millions of PC Motherboards Were Sold With a Firmware Backdoor



Goes with what I posted here with ASUS and MSI issues:

They are all bad, in their own way. Whose mistakes do you trust more? :thinking:


When I sign into Windows, there are two available users: Me and “gcc_filedrop”. That last one was put in by Gigabyte. They didn’t ask. That’s just how it is.

1 Like

The way these things are often done, is that there is a way to opt out, but it’s kind of (intentionaly) hard to find if you don’t know exactly where to look.

In this case, the ability to block automatic installation of gigabyte bloatware and an uninvited extra account is buried in the Bios.

1 Like

Wow, no way!! Never heard of that, unbelievable (but I believe it). How does the M/B even have the ability to manipulate, much less add a windows account? (Complete seriousness, I have no clue)

Burn. Burn it with fire.

Kinda reminds me of when we couldn’t get the radios in the Platoon Commanders vehicle working. SOPs stated VHF on the left, HF on the right. We replaced every single component to no avail until we swapped the VHF to the right and HF to the left…

When we submitted the RODUM (Defective or Unsatisfactory Materiel), in the space for possible cause we wrote “demonic possession”.


It‘s the difference/evolution from BIOS to UEFI firmware. This is my words and probably worthy to be corrected:

BIOS was good enough to do a couple configurations and provide basic functionality for the OS and the capability to boot from the first couple blocks on your hard drive.

UEFI is much bigger and more sophisticated. It therefore has additional functionality like full understanding of the file system on your hard drives EFI partition to boot from it. Also it can inject files, which is being abused here. The original idea was to make PCs more reliable and secure, but as we all know security is the result of a good concept and constant effort. Not just a bought product.

I think Microsoft is playing along and executes injected files. I need to read more about that.

It‘s up to us as buyers to be aware and call vendors out when they implement insecure crap. Vote with money.

That said… what can we buy without bending over? IDK.


Great. At the same time that they are making it more essential to conduct business online, they are making us more vulnerable… We’re screwed!

1 Like

This stuffs needs to be standardized and open sourced, at least the foundation, so that these vendors are subject to more scrutiny.

While everything is in it’s own way a mess - this is where the rolling-release of Windows these days, and subscription softwares, have their advantage despite being so loathed - the updates are constant.

The buy-once-cry-once of hardware and its baked in software with what amounts to very limited support long-term is actually more of a buy-once-cry-until-replacement.

I will give a counter point to myself too, in that GPU drivers are a decent example of paying once for the hardware and then getting continual updates afterwards - at the consumer level.


Thanks for the great explanation, I had no clue that was going on.


If you google “gcc…”, google will autocorrect the rest. It’s that common. Reddit has a easy solution to get rid of it but I don’t mind. I only use the PC for gaming and discord. It’s infuriating for sure. But after what happened with my ASUS install, if this is the price I must pay for a fast, plug-n-play mobo, they are welcome to carve out a space to spy on my gaming.


Such a familiar pattern. Repeatedly, companies have to get caught red handed doing shady c*** that they apparently thought was a great idea…

Right up until the moment somebody puts their conduct on blast.