I suspect a Windows OS with an Intel MB
have malware embedded in them.

Are there are Linux ISOs I can use to test my theory?
--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ;

On Mon, 26 Aug 2024 23:50:34 -0000 (UTC), doctor@doctor.nl2k.ab.ca (The
Doctor) wrote in <vaj4ca$157e$1@gallifrey.nk.ca>:

> I suspect a Windows OS with an Intel MB
> have malware embedded in them.
>
> Are there are Linux ISOs I can use to test my theory?

If only there were a worldwide database where one could ask
about this... /s

Seriously though, are you cool with clamav? Boot an ubuntu
live distro, sudo apt install clamtk, then run clamtk.

You might have to pull up the file manager to get your windows
partition mounted, then scan the mount directory recursively.

But if you suspect the virus is in the SMI for the processor, not
sure if there's anything you can do about that.

--
-v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
OS: Linux 6.11.0-rc5 Release: Mint 21.3 Mem: 258G
"Never eat anything bigger than your head."

In article <lj4ldaFasmaU8@mid.individual.net>,
vallor <vallor@cultnix.org> wrote:
>On Mon, 26 Aug 2024 23:50:34 -0000 (UTC), doctor@doctor.nl2k.ab.ca (The
>Doctor) wrote in <vaj4ca$157e$1@gallifrey.nk.ca>:
>
>> I suspect a Windows OS with an Intel MB
>> have malware embedded in them.
>>
>> Are there are Linux ISOs I can use to test my theory?
>
>If only there were a worldwide database where one could ask
>about this... /s
>
>Seriously though, are you cool with clamav? Boot an ubuntu
>live distro, sudo apt install clamtk, then run clamtk.
>
>You might have to pull up the file manager to get your windows
>partition mounted, then scan the mount directory recursively.
>
>But if you suspect the virus is in the SMI for the processor, not
>sure if there's anything you can do about that.
>

What about a debian or kali live distro?

>--
>-v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
> OS: Linux 6.11.0-rc5 Release: Mint 21.3 Mem: 258G
> "Never eat anything bigger than your head."

--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ;

On 8/26/24 10:50 PM, The Doctor wrote:
> In article <lj4ldaFasmaU8@mid.individual.net>,
> vallor <vallor@cultnix.org> wrote:
>> On Mon, 26 Aug 2024 23:50:34 -0000 (UTC), doctor@doctor.nl2k.ab.ca (The
>> Doctor) wrote in <vaj4ca$157e$1@gallifrey.nk.ca>:
>>
>>> I suspect a Windows OS with an Intel MB
>>> have malware embedded in them.
>>>
>>> Are there are Linux ISOs I can use to test my theory?
>>
>> If only there were a worldwide database where one could ask
>> about this... /s
>>
>> Seriously though, are you cool with clamav? Boot an ubuntu
>> live distro, sudo apt install clamtk, then run clamtk.
>>
>> You might have to pull up the file manager to get your windows
>> partition mounted, then scan the mount directory recursively.
>>
>> But if you suspect the virus is in the SMI for the processor, not
>> sure if there's anything you can do about that.
>>
>
> What about a debian or kali live distro?

I *think* he's worried about BUILT-IN spyware - actually
part of the BIOS or On-Chip ........

Clam isn't gonna find that.

I wouldn't put it PAST Intel or some PC maker to
do such. User-mining PAYS BIG apparently. Some
big-name PCs you buy came with whole suites of
"helpful" utilities added which, really, are
naught but spyware. Hell, there was a whole
series of Samsung TVs ... if you enabled net
access it kept phoning home ....

On 2024-08-27 01:50, The Doctor wrote:
> I suspect a Windows OS with an Intel MB
> have malware embedded in them.
>
> Are there are Linux ISOs I can use to test my theory?

You need to ask in a Windows group.

If you want to use clamav, you can do that with any linux distro of your
liking in which you install clamav.

--
Cheers, Carlos.

On Mon, 26 Aug 2024 23:50:34 -0000 (UTC), doctor@doctor.nl2k.ab.ca
(The Doctor) wrote:

>I suspect a Windows OS with an Intel MB
>have malware embedded in them.
>
>Are there are Linux ISOs I can use to test my theory?

Kaspersky Rescue Disk. Unplug your network card before booting
with it, it connects to "search for updates".
Scans Windows and Linux.
I don't think it does hardware-embedded malware though.
[]'s

PS a full scan will take all night....

--
Don't be evil - Google 2004
We have a new policy - Google 2012
Google Fuchsia - 2021

doctor@doctor.nl2k.ab.ca (The Doctor) writes:

>I suspect a Windows OS with an Intel MB
>have malware embedded in them.

>Are there are Linux ISOs I can use to test my theory?

Could you clarify what problem you are facing? You have a machine
that you suspect being infected by malware. And you are uncomfortable
with using it. Do I understand it correctly? Why are you feeling
uncomfortable using an infected machine? Or is the problem
another one: You are trying check your machine for malware
to have the assurance to use a machine that is not infected
by any malware. This problem has an easy solution:
Don't use your own machine. Use your employer's machine.
Your employer's IT department will take care that your
machine is being checked for malware regularly and will
do so by following best practice in IT. And you don't have to worry.

>--
>Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
>Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
>Look at Psalms 14 and 53 on Atheism ;

In article <40qrcjll8ifi3souqnukq23j939u869lvq@4ax.com>,
Shadow <Sh@dow.br> wrote:
>On Mon, 26 Aug 2024 23:50:34 -0000 (UTC), doctor@doctor.nl2k.ab.ca
>(The Doctor) wrote:
>
>>I suspect a Windows OS with an Intel MB
>>have malware embedded in them.
>>
>>Are there are Linux ISOs I can use to test my theory?
>
> Kaspersky Rescue Disk. Unplug your network card before booting
>with it, it connects to "search for updates".
> Scans Windows and Linux.
> I don't think it does hardware-embedded malware though.
> []'s
>
> PS a full scan will take all night....
>

Kaspersky banned in NA!

>--
>Don't be evil - Google 2004
>We have a new policy - Google 2012
>Google Fuchsia - 2021

--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ;

In article <lj689gFkevjU1@mid.dfncis.de>,
Julius Bernotas <gaussianblue@tilde.pink> wrote:
>doctor@doctor.nl2k.ab.ca (The Doctor) writes:
>
>>I suspect a Windows OS with an Intel MB
>>have malware embedded in them.
>
>>Are there are Linux ISOs I can use to test my theory?
>
>Could you clarify what problem you are facing? You have a machine
>that you suspect being infected by malware. And you are uncomfortable
>with using it. Do I understand it correctly? Why are you feeling
>uncomfortable using an infected machine? Or is the problem
>another one: You are trying check your machine for malware
>to have the assurance to use a machine that is not infected
>by any malware. This problem has an easy solution:
>Don't use your own machine. Use your employer's machine.
>Your employer's IT department will take care that your
>machine is being checked for malware regularly and will
>do so by following best practice in IT. And you don't have to worry.
>

Firmware upgrade does not go through.

Drive not expand to use full capacity .

>>--
>>Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
>>Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
>>Look at Psalms 14 and 53 on Atheism ;
>

--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ;

On 8/26/24 16:50, The Doctor wrote:
> I suspect a Windows OS with an Intel MB
> have malware embedded in them.
>
> Are there are Linux ISOs I can use to test my theory?

Well it is known that the Intels have a Minix fork
embedded to send data back to the factory. I think that
the data with which they are concerned relates to CPU
functions not with your Personal data. Windows and MS
use Windows for personal data collection.
Only thing I can suggest to excape these matters
is to go to an AMD Ryzen motherboard.
I see that you are worried about the full use
of your hard drive and that must be enabled in the BIOS
or not. I suggest that that you remove Windows as soon
as you find a Linux Distribution with which you are
satisfied, in that it run from a Live Iso file aand
detects all your hardware.

If you did not think it was embedded I would
say to download Knoppix ISO file and use its Clam AntiVirus
software.

Good luck.

bliss- Dell Precision 7730- PCLOS 2024.06- Linux 6.6.47-Plasma 5.27.11

--
b l i s s - S F 4 e v e r at D S L E x t r e m e dot com

On Tue, 27 Aug 2024 22:02:17 -0000 (UTC), doctor@doctor.nl2k.ab.ca
(The Doctor) wrote:

>In article <40qrcjll8ifi3souqnukq23j939u869lvq@4ax.com>,
>Shadow <Sh@dow.br> wrote:
>>On Mon, 26 Aug 2024 23:50:34 -0000 (UTC), doctor@doctor.nl2k.ab.ca
>>(The Doctor) wrote:
>>
>>>I suspect a Windows OS with an Intel MB
>>>have malware embedded in them.
>>>
>>>Are there are Linux ISOs I can use to test my theory?
>>
>> Kaspersky Rescue Disk. Unplug your network card before booting
>>with it, it connects to "search for updates".
>> Scans Windows and Linux.
>> I don't think it does hardware-embedded malware though.
>> []'s
>>
>> PS a full scan will take all night....
>>
>
>Kaspersky banned in NA!

Only if you are the government.
Can't stop civilians from downloading and using it.
It's a free country, right?

Maybe not.... all download links are being blocked. LOL.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Google Fuchsia - 2021

Bobbie Sellers <blissInSanFrancisco@mouse-potato.com> wrote:
> Well it is known that the Intels have a Minix fork
> embedded to send data back to the factory. I think that
> the data with which they are concerned relates to CPU
> functions not with your Personal data.

Yes, the general functions of these processors in modern CPUs are
described in detail here:

https://www.devever.net/~hl/backstage-cast

The privacy issue is that they can have the capacity to access data
in RAM, then since their firmware is closed-source one can't be
sure it doesn't collect personal data and send it back somehow. Or
it's been shown they can be hacked to do that and then snoop out
passwords etc. from RAM, which perhaps is what the OP's concerned
about.

> Only thing I can suggest to excape these matters
> is to go to an AMD Ryzen motherboard.

No, AMD Ryzen has it's own equivalent commonly called PSP, and it's
had documented security vulnerabilities too:

https://en.wikipedia.org/wiki/AMD_Secure_Technology#Reported_vulnerabilities

Your only real escape would be to run a CPU that's so old or
low-spec that you wouldn't have the performance to run a modern
web browser with Javascript support. Of course those web browsers
are where people generally enter information worth snooping on now,
so there's no real escape anymore.

--
__ __
#_ < |\| |< _#

On 2024-08-29 00:49, Computer Nerd Kev wrote:
> Bobbie Sellers <blissInSanFrancisco@mouse-potato.com> wrote:
>> Well it is known that the Intels have a Minix fork
>> embedded to send data back to the factory. I think that
>> the data with which they are concerned relates to CPU
>> functions not with your Personal data.
>
> Yes, the general functions of these processors in modern CPUs are
> described in detail here:
>
> https://www.devever.net/~hl/backstage-cast
>
> The privacy issue is that they can have the capacity to access data
> in RAM, then since their firmware is closed-source one can't be
> sure it doesn't collect personal data and send it back somehow. Or
> it's been shown they can be hacked to do that and then snoop out
> passwords etc. from RAM, which perhaps is what the OP's concerned
> about.
>
>> Only thing I can suggest to excape these matters
>> is to go to an AMD Ryzen motherboard.
>
> No, AMD Ryzen has it's own equivalent commonly called PSP, and it's
> had documented security vulnerabilities too:
>
> https://en.wikipedia.org/wiki/AMD_Secure_Technology#Reported_vulnerabilities
>
> Your only real escape would be to run a CPU that's so old or
> low-spec that you wouldn't have the performance to run a modern
> web browser with Javascript support. Of course those web browsers
> are where people generally enter information worth snooping on now,
> so there's no real escape anymore.
>

You simply need a non enterprise CPU that doesn't have the mini minix.
That feature costs money. And has to be enabled in the BIOS. The BIOS
may not have support for it, and then the feature is dead, useless.

Its purpose is not to send data back to factory. Its purpose is to be
used by the IT department for remote maintenance. And using this feature
is expensive.

--
Cheers, Carlos.

Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2024-08-29 00:49, Computer Nerd Kev wrote:
>> No, AMD Ryzen has it's own equivalent commonly called PSP, and it's
>> had documented security vulnerabilities too:
>>
>> https://en.wikipedia.org/wiki/AMD_Secure_Technology#Reported_vulnerabilities
>>
>> Your only real escape would be to run a CPU that's so old or
>> low-spec that you wouldn't have the performance to run a modern
>> web browser with Javascript support. Of course those web browsers
>> are where people generally enter information worth snooping on now,
>> so there's no real escape anymore.
>>
>
> You simply need a non enterprise CPU that doesn't have the mini minix.
> That feature costs money. And has to be enabled in the BIOS. The BIOS
> may not have support for it, and then the feature is dead, useless.

It seems that you're talking about a specific documented exploit like
this one:

"PLATINUM
In June 2017, the PLATINUM cybercrime group became notable for
exploiting the serial over LAN (SOL) capabilities of AMT to perform
data exfiltration of stolen documents. SOL is disabled by default
and must be enabled to exploit this vulnerability."
https://en.wikipedia.org/wiki/Intel_Management_Engine#PLATINUM

But a look around that page shows that there have been many others
without the limitation of requiring enterprise-only features of
the IME to be enabled. And those are only the vulnerabilites that
have been made public.

> Its purpose is not to send data back to factory. Its purpose is to be
> used by the IT department for remote maintenance. And using this feature
> is expensive.

It's also for booting, thermal management, and other things besides.
Since it's closed-source and the binary is obfuscated, one can't be
sure there aren't secret backdoors put inside on the request of the
US government either.

But with the existance of rootkits, the intended purpose is
actually irrelevant because a malicious firmware could be installed
that does something completely different. I think that's part of
what the OP was concerned about, though I don't know if any
software can check whether it's happened.

--
__ __
#_ < |\| |< _#

On 2024-09-01 00:15, Computer Nerd Kev wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2024-08-29 00:49, Computer Nerd Kev wrote:
>>> No, AMD Ryzen has it's own equivalent commonly called PSP, and it's
>>> had documented security vulnerabilities too:
>>>
>>> https://en.wikipedia.org/wiki/AMD_Secure_Technology#Reported_vulnerabilities
>>>
>>> Your only real escape would be to run a CPU that's so old or
>>> low-spec that you wouldn't have the performance to run a modern
>>> web browser with Javascript support. Of course those web browsers
>>> are where people generally enter information worth snooping on now,
>>> so there's no real escape anymore.
>>>
>>
>> You simply need a non enterprise CPU that doesn't have the mini minix.
>> That feature costs money. And has to be enabled in the BIOS. The BIOS
>> may not have support for it, and then the feature is dead, useless.
>
> It seems that you're talking about a specific documented exploit like
> this one:

No, I am not talking about a exploit, but a computer department feature
that you can buy or not.

You simply have to buy processors or motherboards without the feature.

It costs money to have this feature. Just don't buy it.

If your computer is a work computer that has been provided by the
company, it is their choice and their problem, not yours.

--
Cheers, Carlos.

On 27/08/24 12:11, Carlos E.R. wrote:
> On 2024-08-27 01:50, The Doctor wrote:
>> I suspect a Windows OS with an Intel MB
>> have malware embedded in them.
>>
>> Are there are Linux ISOs I can use to test my theory?
>
> You need to ask in a Windows group.
>
> If you want to use clamav, you can do that with any linux
> distro of your liking in which you install clamav.
>

I have it (and possibly, I have forgot !, running it), but I
ignore how valuable this antivirus is, since it is since
2017 that I have give up following benchmarks of AVs,
detections ratings and so.
So I ask : how good is it this clamav ?

I have a win11 install in vwmare (but I dont' even use it to
web browse, just pilot the scanner whose linux version is
buggy) but I just use its internal "defender".

This clamav is effective enough (and frequently enough
updated) for, i.g., cleanup suspect USB keys before exposing
them to the W11 guest ? I am not aware if this sharing is
sort of a direct tunnelling to the disk or some actions of
the hypervisor happens in a transparent layer (possibly
relevant for rootkits and so).

how it works inside ? Based on a database signatures or
"heuristic" / intercepting suspect behaviours ?
Is it equally / less / more safe to use an AV in a
virtualized environmente ? I'd say : no (since this one is
at the host level and act before the USB key is unmounted
from host and connected in the guest, but just mere
suppositions).

And windows defender inside a VM is known to be effective as
in a real machine ?

my knowledge of AV is really outdated now !

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2024-09-01 00:15, Computer Nerd Kev wrote:
>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>> You simply need a non enterprise CPU that doesn't have the mini minix.
>>> That feature costs money. And has to be enabled in the BIOS. The BIOS
>>> may not have support for it, and then the feature is dead, useless.
>>
>> It seems that you're talking about a specific documented exploit like
>> this one:
>
> No, I am not talking about a exploit, but a computer department feature
> that you can buy or not.

The thing that runs the Minix fork is the Intel Management Engine.
It's part of the boot process so never completely optional. It can
load optional modules listed here though:
https://en.wikipedia.org/wiki/Intel_Management_Engine#Modules

Some security vulerabilities are in the optional modules, but
others still exist even if they're disabled, and either route has
allowed code to be installed which snoops on the user.

See this:
"Difference from Intel AMT
The Management Engine is often confused with Intel AMT (Intel
Active Management Technology). AMT runs on the ME, but is only
available on processors with vPro. AMT gives device owners
remote administration of their computer,[5] such as powering
it on or off, and reinstalling the operating system.

However, the ME itself has been built into all Intel chipsets
since 2008, not only those with AMT. While AMT can be
unprovisioned by the owner, there is no official, documented
way to disable the ME."
https://en.wikipedia.org/wiki/Intel_Management_Engine#Difference_from_Intel_AMT

--
__ __
#_ < |\| |< _#

On 2024-09-01 06:56, Computer Nerd Kev wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2024-09-01 00:15, Computer Nerd Kev wrote:
>>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>>> You simply need a non enterprise CPU that doesn't have the mini minix.
>>>> That feature costs money. And has to be enabled in the BIOS. The BIOS
>>>> may not have support for it, and then the feature is dead, useless.
>>>
>>> It seems that you're talking about a specific documented exploit like
>>> this one:
>>
>> No, I am not talking about a exploit, but a computer department feature
>> that you can buy or not.
>
> The thing that runs the Minix fork is the Intel Management Engine.
> It's part of the boot process so never completely optional.

It is optional to choose a processor that doesn't have it, or a
motherboard that doesn't support it.

--
Cheers, Carlos.

Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2024-09-01 06:56, Computer Nerd Kev wrote:
>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>> No, I am not talking about a exploit, but a computer department feature
>>> that you can buy or not.
>>
>> The thing that runs the Minix fork is the Intel Management Engine.
>> It's part of the boot process so never completely optional.
>
> It is optional to choose a processor that doesn't have it, or a
> motherboard that doesn't support it.

Certainly. I'm posting this from a laptop with a Pentium III CPU
and it doesn't have an Intel Management Engine. However I gave up
running Firefox on this years ago. Instead for that I use a PC with
a faster newer processor and that does have an Intel Management
Engine, and there's no updated BIOS available to fix some of the
known IME vulerabilities found since it was made either.

But the Talos workstations might be one solution if money and x86
compatability isn't a concern, since they use the open IBM POWER9
processor and firmware. So it is a choice, but hardly a trivial
one.

--
__ __
#_ < |\| |< _#

Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2024-09-01 15:10, Computer Nerd Kev wrote:
>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>> On 2024-09-01 06:56, Computer Nerd Kev wrote:
>>>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>>>> No, I am not talking about a exploit, but a computer department feature
>>>>> that you can buy or not.
>>>>
>>>> The thing that runs the Minix fork is the Intel Management Engine.
>>>> It's part of the boot process so never completely optional.
>>>
>>> It is optional to choose a processor that doesn't have it, or a
>>> motherboard that doesn't support it.
>>
>> Certainly. I'm posting this from a laptop with a Pentium III CPU
>> and it doesn't have an Intel Management Engine. However I gave up
>> running Firefox on this years ago. Instead for that I use a PC with
>> a faster newer processor and that does have an Intel Management
>> Engine, and there's no updated BIOS available to fix some of the
>> known IME vulerabilities found since it was made either.
>
> Does the motherboard support the feature?

Booting? Um, yes. That's all it needs to support in order to be
vulnerable to some of the documented attacks. Provided malicious
software is running on the CPU, or has run before and installed
something on the IME like the OP's question was about.

> It will not work without MB support. And they need access to your
> LAN.

Only if 'they' are similarly laser-focused on whatever specific IME
hack you've heard about and won't hear of any other ones. I give
up.

--
__ __
#_ < |\| |< _#

On 2024-09-01 04:02, MarioCCCP wrote:
> On 27/08/24 12:11, Carlos E.R. wrote:
>> On 2024-08-27 01:50, The Doctor wrote:
>>> I suspect a Windows OS with an Intel MB
>>> have malware embedded in them.
>>>
>>> Are there are Linux ISOs I can use to test my theory?
>>
>> You need to ask in a Windows group.
>>
>> If you want to use clamav, you can do that with any linux distro of
>> your liking in which you install clamav.
>>
>
> I have it (and possibly, I have forgot !, running it), but I ignore how
> valuable this antivirus is, since it is since 2017 that I have give up
> following benchmarks of AVs, detections ratings and so.
> So I ask : how good is it this clamav ?

Better read here:

https://en.wikipedia.org/wiki/ClamAV

--
Cheers, Carlos.