Is Your Brand New PC Already Infected?

I haven't posted too much in quite some time, but this could be one the most important computer security stories that could possibly be discussed at this site.

Is your brand new bought in USA - but imported in - PC already infected? How wide is this problem? The few anecdotal stories of late seem to be given credence with this amazing exchange in the U.S. House of Representatives.

The full story and video (at around the 51:47 mark) is quite unsettling. Watch the hemming and hawwing before the Homeland Security official admits he is aware of this happening.

From the front page of MSNBC:

http://technolog.msnbc.msn.com/_new...s-pre-infected-computer-tech-entering-country

 

I always do a clean install with a new computer anyways.

 

I always buy my own parts, which comes without the bloatware.

 

You know, it's one thing building your own computer. BUT, the vast, vast, VAST majority do not. We all want and NEED a safe Internet, it's not just about me, me, me. This is possibly very far-reaching. And will a clean install do anything if there's an embed somewhere else? This "stealth hardware" business is worrisome.

This is serious stuff. We can talk about a lot of these tools we use every day until we're blue in the face. Here we are looking at an admission that Homeland Security knows that there is a problem with "sophisticated" malware embedded into computers imported into the United States from China.

If this can't get the security community aroused, I don't know what could!

 

It seems that the things it's talking about are preloaded malware such as keyloggers. Reformatting would remove that stuff.

It's a big issue but no bigger than when USBs and DVDs used to be sold with malware already on them ready to run.

 

Huh? "No bigger??"

And no, it's not just about keylogging software malware (but that would be big enough.) Congressman Chaffetz's office has much more information about the extent of the threat. But getting a Homeland Security official, under oath, to admit this is nothing less than HUGE.

 

Infected floppy disks, dvd's, and USB's are fairly mainstream malware distribution methods. Infected floppy disks used to be the best way to spread malware.

I'm just unsurprised. We dealt with those threats and we'll deal with these the same way.

 

I am blown away that you don't see the difference between malware distributed via floppy disks/DVDs and sophisticated security breaches built into the very computers being sold online at Amazon.com or Best Buy, etc. I have to wonder.

In my 30 years of dealing with computers (I'm 51 years old), this is the scariest threat that I have ever had to seriously consider as a possibility. And here we have a Homeland Security official on record (hesitantly) admitting that this is happening.

Wake-up!

 

The Homeland Security Official bit isn't that interesting.

So, all we'd have to do to mitigate this is reinstall the OS when it comes into the country/ we get it. This doesn't sound like really nasty malware, it's not like they're embedding some hardware chip that constantly reloads the malware into the machine... perhaps I'm misinterpreting.

 

I never imagined I would have to argue with somebody here at Wilders about whether or not this is a serious threat. I see you've been a member here for 2 months and have over 600+ posts. I've been here going on 8 years and have only 3 times that number (almost). Maybe it would help if you would kick back and listen a little without having all the answers.

The bit about U.S. Homeland Security/Cybersecurity Division admitting he knows of this happening, you say "Isn't that interesting" to you. Please.

 

If your argument is seniority and post count I think I've had enough of this topic. Take your own advice.

 

You missed my point. At the rate you're going, after 7 years you'd have over 25,000 posts. I'm saying, I don't respond to every other post telling people they are wrong, I am right, etc. I've been here almost 7 years and have only 1,600 posts and that's still fairly active for anybody who works for a living. It's hard to listen to somebody tell me this isn't a problem. It looks like you appear to have all the answers without taking the time to listen to people who've been around. That's all.

 

Me either... I've asked plenty of questions here and I respect the opinions of quite a few users (though certainly not all.)

If I think someone is wrong I won't beat around the bush, I'll tell them outright. That doesn't mean I'm not willing to hear the other side, but I don't work on the assumption that I'm incorrect -- that would lead to shortlived discussions where my original opinions aren't expressed properly and therefor aren't reconciled.

 

The problem is money. Most people buy a computer with Windows, bloatware and trash installed. Most people do not get a clean disk with clean Windows. Instead, the manufacturers give out rescue disks, or recovery disks which include all that stuff one doesn't want. Buying a new, clean, unpolluted Windows that M$ issues is very expensive and for most, impractical.

 

You can download a free copy of any Windows 7 disk and use your legit key on it.

 

I'd bet this problem goes far deeper than the PCs themselves, like the routers and modems that come from there as well. What a weapon it will be, when every recently imported PC in the country starts with denial of service attacks.

The sad part of the whole thing is that we have the manufacturing facilities in this country to produce PCs right here, right now. I worked at such a plant a few years back. It's closed and the business went to china. We have the resources to solve this problem right now and help the economy in the process, but someones bottom line is more important.

The more things like this I read, the more I'm glad I've stayed on the older hardware and operating systems. I've never trusted Win-7 and now the hardware is suspect too. It seems to me that if this was untrue, they would have said so. Since they aren't denying it, and don't seem concerned enough to do anything to change the situation, it begs the question of just who would be in control of this compromised hardware. With planned obsolescense pushing people to buy these PCs, it seems that we're nothing but pawns in someone elses power game. The only question is who is really behind it?

 

another great advantage to shipping all of our technology production overseas...
Not only have they taken American jobs, but we give them a surefire way to spy on us. Very nice...

Also, its entirely possible for backdoors to be installed in the BIOS and firmware, allowing for covert network communications using onboard NICs and stealth disk access... Think of it like a bootkit being burned onto your computer..

I read an article about exactly his last year..

 

Sounds like to me America deserves it,
products should be built here instead,
providing jobs in America, but I guess
that is an outdated idea

 

It's best to learn to build your own. It's easy to do. If your not sure how to do something then just search youtube for instructionals.

 

I would say the same, except I know the majority won't. Pity, the big companies might pay more attention to what consumers really want -- if the consumers actually knew what they wanted

Sul.

 

Absolutley correct, and how sad it is.

 

Hmm... let em ask you one Q.

Has any of the users here found a brand new PC( yours of your friends etc) with an installed pre-malware on it?

 

-http://old.news.yahoo.com/s/ap/20110504/ap_on_re_us/us_rental_computer_spyware-

 

If this "malware" was sponsored or built by an adversarial nation and was part of the BIOS, firmware, etc, how would you find it? I'm not sure it's possible without some very specialized equipment and a level of skill that's beyond most coders abilities.

 

and, if true, that would mean that the homebuilders, buying components and loading a fresh copy of Windows, won't be any more secure, not if it's a chip on the MB or in a router... most, if not all, hdwe comes from China.