Slashdot Mirror
Phoenix BIOS Phones Home?
Myrv writes: "There is an interesting thread over at DSL Reports discussing Phoenix Technologies new BIOS. This BIOS contains the PhoenixNet Internet Launch System . ILS resides safely within ROM and is activated the first time a user launches a PhoenixNet-enabled PC with a Windows 98 Operating System. When the PhoenixNet ILS detects an Internet connection, it makes contact with the PhoenixNet server and delivers user-selectable services. These services are delivered to the user as hotlinks on the desktop and in the web browser or, as applications that PhoenixNet automatically packages, downloads and installs. It's 3 a.m., do you know who your motherboard's talking to????" We've gotten a couple of submissions about this - another submitter pointed out this thread and this description by Phoenix. Phoenix has apparently been kicking this idea around for a while - see this old Slashdot story. Does anyone have any more information?
Like i said, it was a possible troll. :) Feel free to just ignore that part of the post.
I was just pointing out what could happen, if not with this bios, but maybe a future one... You never know... I'd be right there in the riot with you if it ever happened. Kind of an odd comment comming from somebody with an antioffline email address.
According to the thread linked to in the story, if the computer boots up with a cool new screen, it's probobly this new BIOS.
:)
The following venders have signed up: AOpen, Chaintech, ECS, EpoX, Giga-Byte, Jetway, Legend-QDI, MSI, Soltek and Zida. Notice no ABit
<possible troll> (but I don't think so...)
It was interesting to read in that thread also, that this could bypass the OS level networking code, and use it's own stuff. I don't think I could imagine the destruction that would be cause by millions of PCs with a backdoor/hole/bug in their firmware, that could easily be remotely exploited. If you thought DDOS attacks were bad now, you ain't seen nothing yet.
</possible troll>
I didn't notice anything about being able to actually turn this off in the BIOS. There is allready talk of using a hex editor to disable it... Just what we need, buggy roms because the vendor does what people don't want.
Well, according to the thread on DSLReports, when you install the MoBo drivers from CD, it is installed as part of the default install options.
It sounds like a custom install, skipping the PhoeinixNet stuff would get around it. Someone mentioned uninstalling the PhoenixNet stuff would also fix it.
Could you imagine how complex it'd have to be to be at the BIOS level only - a TCP/IP stack, network drivers, somehow using the NIC without the OS crapping out. Though, I must agree that the info on the phoenixnet site makes it sound like it is a MB only deal.
Guess I'll never find out...as now any new MB better have a huge Award sticker on it.
And the customers probably know when they are paying that this is a feature, and see it as a reason to go with Big Blue.
An interesting billing model - the more disk space you use, the more we bill you. I know the 3090 we had in school would call IBM if something bad happened to it (failure, temperature indicators said the room was too hot, lonely)
My Soyo motherboard (6BA-III+) has a boot up scren that announces "your computer is PhoenixNet enabled." I think I aquired this feature in a BIOS update that I installed to fix a Matrox related bug. Am I slightly paronoid about PhoenixNet? Yes. Do I reget that I flashed my BIOS, thus "enabling" my computer? No. The bug was rather nasty, reducing hard drive speed to 600 kbs.
In one of the CSS licenses, one of the clauses essentially bound the licensees to offer "security upgrades" to the user only as part of a enticing upgrade. Thus, the security fixes would get installed along with whatever flshy multimedia "upgrade" a licensee had advertised to the end-user/mark.
Now, I don't think Soyo delibrately intended to be dishonest, but be prepared to accept bugfixes packaged alongside unwanted (or even malicious) features.
Of course, if you use open source software, this can be avoided. One does not always have to accept the evil along with the good.
There are some computers you buy with disabled CPUs (IBM does it, and I remember Sun making a press release about it, but I don't know if they do it).
CPUs have two real costs. One is the cost to fab (build) the CPU, this is a large percent of the low end embedded CPUs and the Celoron type CPUs were cost is a major issue (you can count the cost of the fab plant here). The other cost is the design cost of the CPU. The more CPUs of a given design you sell, the less you have to pay per CPU for this. High volume CPUs like the x86 have very very little design cost per CPU. Low volume CPUs like the POWER3 and UltraSPARC have a much higher per-CPU design cost.
So IBM and Sun may charge well over $1000 for a CPU that costs them only $100 to build (in real life part of that $1000 is also profit). They can charge $100 for a CPU and not lose money on building it, but if they don't somehow get more money then that they won't manage to design the next CPU.
They can put extra CPUs in a box for $100 each, and "just" charge you the other $900 (or $1500, or whatever) if you want to use them. Given the price of large IBM and Sun machines a few extra $100 won't be noticed (the small Sun machines are about $1000, so that can't do that!).
Sun/IBM wins because there is a larger chance that you will buy the extra CPUs given the fast "shipping time". The customers win if they ever need another CPU in a hurry, because it can be "shipped" to them quite quickly. There was some talk that Sun would let you just turn them on and pay on the honer system. I don't know if that happened. If they never use the extra CPUs then they payed a extra few $100 on a multiple $10,000 box, which isn't helping them, but it isn't all that bad for them either.
It isn't likely to happen to x86 CPUs because the design cost is a much lower part of hte final cost. The profit margins are also lower now that there are two real supplyers (AMD and Intel), so a CPU that sells for $200 can't be thrown in for $20 without someone taking a loss...
PhoenixNet does not involve the BIOS somehow directly interfering with your Internet connection. That would be absurdly difficult to implement. It actually appears to hook into the Windows setup procedure somehow. If you don't run Windows, you need never know about this.
Sent: Wednesday, June 20, 2001 2:48 AM
To: pnetcust_serv@phoenix.com;
Subject: banner ads for free motherboards?
FYI, I will gladly take a 5 second banner on startup if it means I can get my motherboard for free.
flashing your bios, which is quite a dangerous operation for the common user
That's pretty sick, dude. Can't you just visit a pr0n site to get your kick? I do agree that it's dangerous, there are all sorts of sharp corners inside a PC to catch nude skin on.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Er.. screwing over customers *without them realising* has always been looked upon as good business sense. Capitalism sucks. Then again, so does communism....
Choice of masters is not freedom.
Unfortunately it looks like OpenBIOS hasn't updated in 14 months, and it's hard to tell if they ever actually achieved anything ...
...
The LinuxBIOS project (http://www.acl.lanl.gov/linuxbios/) looks more promising (originally covered in this slashdot article
o/~ Join us now and share the software
Microsoft doesn't sell Windows 98 anymore!
Seriously, how does the merge into WinXP (NT) affect this? Secondly, how does something like ZoneAlarm react to your hardware trying to access the internet? Geez...
I understand the need for BIOS updates, and the need for companies to make it easier on the non-technical user... but this 'phone-home' capability (and all the data-collection demons it brings with it) is just a bit too much.
Good thing the OS it needs isn't sold anymore (at least, not 'officially').
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
With tux running in the kernel, it was only a matter of time before we had the next step: web server in the BIOS.
I smell innovation. Thanks Phoenix!
< tofuhead >
--
It is still the dark of night.
Instead of grinning...
I would have stood up, told him that he could stick his idea where the sun didn't shine, that you were personally never going to buy a machine with the Award BIOS in it, and would recommend the same to friends, and why, and that as of that moment, your friendship was dissolved, and if he couldn't understand why, then that was reason enough.
Your "friend" has created an idea that essentially allows remote monitoring and control of other citizens' property and habits. This is morally repugnant, and unethical, to say the least. People who dream up such stuff should be stuffed back into the holes from whence they came...
Worldcom - Generation Duh!
Reason is the Path to God - Anon
That's simply absurd. While I don't think it was a particularly good idea, there is nothing "unethical" about this at all. If the consumer doesn't want it, then the consumer won't buy it. This is not about some secret society spying on people.
The fact is that the idea is being foisted on a group of people who may be unaware that the system is capable of doing such a thing. If the consumer doesn't know about it, then they are unable to make a choice not to buy it. Your friend had to know this, yet went ahead and pitched the idea to be created anyhow - probably thinking "Yeah, more money for me!", rather than taking the high road (and not disclosing his idea to his employer).
The fact of the matter is that alternate revenue streams would serve to drive down the costs of PCs. If someone wanted the lower end PC that was subsidized by this, then it would be their choice.
We both know this is a lie. Such schemes won't drive the cost of PCs down, but rather keep them the same, and increase profits - it is all about money, and "Damn the citizen!"...
In fact, who are you to decide what people should or shouldn't have?
I am a person who knows that the nature of man is to be free, yet corporations and government continue to build chains to enslave and control. Do you honestly think people want their computers reporting details contained on their hard drives back to some "anonymous authority"? You may say it is only relevant details, but the individual doesn't know this - they can't see source code, and I doubt many know how to use packet sniffer/logging programs to analyze data coming out the backend. Do you honestly think people want another entity looking over their shoulders? If society honestly wants this, then we are far, far down the slope - and we might as well strip to the skin and be bonded in chains, because that is what the situation would be.
Something tells me you don't have too many friends.
The friends I do have are those who oppose corporate and government tyranny and control such as this. The friends I have know about freedom and rights.
Something tells me your friends would backstab you and society for a buck, grinning all the way to the bank...
Worldcom - Generation Duh!
Reason is the Path to God - Anon
... which as I recall reading not long ago, for a PC to be certified for WinXP, REQUIRES that the user have NO access to BIOS settings.
IOW, a NON-user-flashable, NON-user-customizable BIOS. But the spec says nothing about whether the manufacturer is allowed to mung it up.
I've just notified Phoenix that under no circumstances will I purchase Phoenix-based products for myself nor for my clients. If that "limits" my choices, big deal, at least they'll be MY choices.
~REZ~ #43301. Who'd fake being me anyway?
Can't find a not-at-all-sucky system. Find the least-sucky system. Capitalism is less-sucky than communism, because there is the potential for liberty under capitalism. Too bad that potential has been sold out. Plus, the indoctrination of our children into a global corporate state in which they are merely docile consumerist droids is complete.
--
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
The hell it would be.
When I want to flash BIOS, I'll flash BIOS. If I don't have any problems with my current BIOS regs, I won't flash BIOS and run the risk of introducing bugs that may have come with the new revision.
> Q: What if I want to discontinue using the PhoenixNet resident application?
Of course, since I buy my drives OEM and install my own damn OS on 'em, I never have to worry about this in the first place - no phone-homeware installed, no phone-home risk.
I really pity people who buy their PCs from name-brand manufacturers as opposed to screwdriver shops. I really do.
This frightens me, not just because it's happening already, but because it looks like the shape of things to come.
It looks like the computer companies are taking lessons from the cell phone industry. Your computer will soon render itself useless unless you're sending money into the appropriate chain.
Phoenix to your ISP: "Hey, we're gonna switch your user to our ISP unless you pay us not to."
Your ISP: "Hey, you can't do that!"
Phoenix: "We just did."
In addition, if you thought you got telemarketing calls and junk-mail NOW, just wait! Phoenix knows which batches of mobos were shipped to which retailers. Now they'll know exactly where those computers are being used. Paying in cash is futile, you WILL be tracked. Changing your browser's start page is futile, your PC WILL contact someone. Not using Outlook is futile, you WILL have programs installed on your computer without your consent.
Also, I doubt this thing can be made secure. How long until someone figures out a way to overflow the BIOS and install arbitrary code into the Flash chip? The ultimate BackOrifice involves control from the moment the machine's powered on.
Only massive public outcry, like that which surrounded the Pentium III serial number, will persuade companies not to do this.
Or calling 911 when you're not looking, like Japanese phones are doing now.
Will traditional ad-blocking software work with this? If they're flashing ads into my BIOS so that I see sponsorship messages during boot, I don't think the Junkbusters are going to be able to stop it.
Anyone think it'd be feasible to hijack this system and use it to provide greater USER configurability, custom logos during boot, and so on?
I see nothing wrong with Phoenix trying to make a call when I boot up my pc, because I barely ever shut it down for one, secondly I don't use Phoenix BIOS anymore, and thirdly if I did I would block it out on IPF.
It's nice for companies to attempt to improve their products however I think they should notify their customers with their intents and base their judgement on those results. Not every single company is out to shaft everyone, and not every company is out to monitor you like Big Brother.
Now what would have been an excellent YRO story would have been something about "Digital Angel." Now there is something I could spend hours on end posting on.
Want Root?
I don't think I could imagine the destruction that would be cause by millions of PCs with a backdoor/hole/bug in their firmware, that could easily be remotely exploited. If you thought DDOS attacks were bad now, you ain't seen nothing yet.
First off this applies to Windows98, and many people have migrated off of it to other MS OS's (NT, W2K, etc) or other OS' entirely. How could someone remotely execute anything when someone would still need an IP address from their provider? Script kiddies can baReLy sPeLL cOrReCtLy 95% of the times, do you expect them to yank off an IP address from a provider and designate it to someone?
Give me a break.
As stated in my above post, if I did have Phoenix Bios and a Winshit98 machine I would auto block it on a firewall should I not be allowed to disable it, which would make it obsolete. Sure it may dial, but there isn't any data going through, and if I saw anything peculiar such as my machine making its own settings, I'd contact EFF, ACLU, and EPIC and start a riot.
Want Root?
the "Not all corps are out to get you?"
;) I run AO have been running it since it was born www.antioffline.com/about.html
People misunderstand our site, we're not anti anything, we just don't give a shit about anyone
Anyways as for the BIOS and script kiddiots, it'd be an enormous task for someone to create an exploit since as stated, well let me rephrase this a bit... It's be hard for someone to create an exploit for your typical dial-up customer, since they would (the script kiddie) need to know which machine to interact with upon boot.
It could be done with a backdoor, then leaving the port open, the script kiddie would have to scan complete address blocks, but if they're going to do something so difficult, then they're even bigger idiots for not downloading already availble trojans that'd do the same.
Want Root?
I think it would be nice if it were helping me to flash the bios. I've had trouble finding the right update before, but it doesn't, it's a marketing tool for other technologies! Like everything else, there are some good things that could come of this, but they won't because the marketing people got to it first.
also, I agree that it's not that bad because you can turn it off
from the faq:
"Q: What if I want to discontinue using the PhoenixNet resident application?
A: That's easy. You can disable or enable PhoenixNet at any time with a right-click on the PhoenixNet tool tray icon."
my overall feeling is 'meh, whatever'
you're all figments of my deranged imagination
The thing with IBM is, when you buy IBM servers, you also pay for them to manage the servers for you. Having this reporting tool is common sense for fast service.
But when you buy a personal PC for your home, you want to install software you like on it, and play with it as much as you want. You don't want your MB maker to manage your PC for you. If you did, you would have paid someone to do it.
So why would a MB maker be so stupid to offer a feature the consumer doesn't want to pay for or use, when it can sell the feature to corporate users? New features for the sake of new features?
---
a powerful tool for communication, entertainment, education and business.
In other words, Advertising Revenue.
ADs at Bootup...
ADs at Shutdown...
ADs at Hardware Setup...
ADs at Hardware Failure....
ADs...
ADs...
and MORE ADs....
I'll bet they even sneak a commercial in for a motherboard upgrade when yours starts to feel dated (two weeks after you've bought it.)
"Everything you know is wrong. (And stupid.)"
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
This "feature" is built into the bios of my new AMD Thunderbird motherboard, the Iwill KK-266 (nice MB by the way). Its not quite as evil as this article suggests. It is an attempt to get you to sign up with their ISP.
;-)
Unless you activate it within the bios "phoenixNet-enabled PC" and agree to their ISP partnery, you never hear a word from the program. It sits quitely on your bios and never contacts the mothership
Also from my mother board manual:
1. User reads system information from graphic launch screen
2. User registers MS Windows and completes MS OOBE.
3. User accepts/Rejects PhoenixNet service
4. User accepts/Rejects PhoenixNet ISP Partnery
5. PhoenixNet and ISP icon appear on desktop.
Some machines require this data to be in the database so that hardware engineers can enable upgrades on your system. For example, you can get an S/390 with some of the processors turned off and it'll cost you less. Then, if you expect processing to hit a peak (Like, around Christmas maybe, if you're a retail outlet) you can pay IBM some money and they'll enable the other processors for a limited period of time. Several of the disk array products work the same way. You can buy an 11 terabyte array and only want to use 1 terabyte of it. You can turn on more disk storage as you need it and you get billed for the extra storage as you turn it on. If the machine doesn't report back when it's supposed to, a friendly IBM CE will visit to repair your defective device. I don't know what those guys bill out at. Used to be $120 an hour.
Unlike the desktop segment of the population, IBM and its customers view this as business as usual, allowing IBM to deliver faster and better service to the customer. Sure it means IBM has more control over the system than it otherwise would have, but the customers often don't want to be bothered with the thing anyway. They just want it to work. They're paying a premium for just this feature as well as the IBM brand name.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
To summarise: we'll dump lots of crap on your desktop, force us to be your home page and spy on you. People with packet sniffers have confirmed that the software sends stuff back even when "disabled". And one of their partners is RealNetworks, whose own spyware will be alongside Acrobat Reader and other such rubbish. No thanks! There's always AMI, of course...
Can anyone recommend an alternative, non-snooping BIOS maker? Award apparently merged with Phoenix.
What's next? M$IOS, which automatically installs the next version of windows and charges your credit card? In the race for money today, it seems that screwing over the customers is looked upon as good buisiness sense...
I doubt this is beyond the realms of possibility, and once some clever hack has figured out how to do it the skript kiddeez will soon get hold of it. Hell, maybe it could even be tagged onto a VB app and turned into an Outlook worm - cue millions of cracked boxen that can only be made safe by flashing the BIOS, and how many regular (i.e. non /. visiting) users have the first idea how to do that?
Please someone tell me if I'm just scaremongering here (and give details), but I do genuinely believe this is a problem waiting to happen.
I run everything through a dedicated linux router/firewall/server. it will not be upgraded. when it dies, it will be replaced by ... the same thing. Since all my other connections would have to go through it, I can cut off the phone-home on ANY application, firmware or not.
Use my userscript to add story images to Slashdot. There's no going back.
"Here is a list of the system board makers that are PhoenixNet-enabled. "
Ask for them by name, and just say no.
And new, more intrusive features are coming. Here's PhoenixNet's pitch to resellers:
This needs to be publicized in the mainstream media. It's far worse than the Intel Pentium III serial number fiasco.
It also needs to become well-known to corporate IT managers, who aren't going to want those things on employee desktops and won't like all those unauthorized outgoing connections.
There is the whole privacy issuses, etc... but I have a stupid question: What does a BIOS (Basic Input/Output System) have to do with push technolgy?
Seriously can I get a low level hard drive interface in my AOL Messager? I want my memory timings driven by my Email Client. I also think that the chip on my sound card to be able to download stock updates though hardware and my CMOS should store my Intenret Explorer book marks.
What ever happened to "Do one thing well"?
Oh wait, I guess I forgot BASIC INPUT/OUPUT these days involved http connections behind my back.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Sent: Wednesday, June 20, 2001 2:48 AM
To: pnetcust_serv@phoenix.com; pnet_tech_sppt@phoenix.com; public_relations@phoenix.com
Cc: robert.blincoe@theregister.co.uk; editors@tomshardware.com; news@arstechnica.com; henry.kuo@anandtech.com
Subject: re: PhoenixNet BIOS - backdoor whether I like it or not?
Phoenix,
I certainly hope that the information about PhoenixNet on your site [http://home.phoenixnet.com/about/index.html] is incomplete, or that I'm misinterpreting it.
My interpretation is that there is no way for me to disable PhoenixNet on a hardware level, that the program will run in Windows whether I like or not.
I consider this an unconscionable invasion of my privacy and a theft of my computing resources. I think that you're going to get lots of backlash and bad press, and you'll deserve all of it.
I for one will never buy a motherboard equipped with a PhoenixNet BIOS, nor will I install one in any of the dozens of PCs I manage.
Yours,
/me
"We all say so, so it must be true!"
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
"We all say so, so it must be true!"
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
"We all say so, so it must be true!"
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
Easiest way is to not run windows.
But if you must, here's how to remove it. Uninstall Phoenix net in the windows, and in the bios change Phoenix net from installed = yes to No.
Phoenix net is installed when you install the drivers from the motherboard and you go with the defaults rather then choosing your own options.
4.1 PhoenixNet Introduction
PhoenixNet is a service that provides PC users with best-of-breed, free, software services to support their PC hardware and software and to turn their computer into a powerful tool for communication,entertainment, education and business.
4.1.1 Internet Launch System The PhoenixNet Internet Launch System (ILS) is a patent-pending technology built into the firmware to enable online PC users worldwide to communicate with PhoenixNet and to receive the free PhoenixNet services. ILS resides safely within ROM and is activated the first time a user launches a PhoenixNet-enabled PC with a Windows 98 Operating System.
4.1.2 PhoenixNet Online Services When the PhoenixNet ILS detects an Internet connection, it makes contact with the PhoenixNet server and delivers user-selectable services from PhoenixNet's Internet Partners. These services are delivered to the user as hotlinks on the desktop and in the web browser or, as applications that PhoenixNet automatically packages, downloads and installs.
I really pity people who buy their PCs from name-brand manufacturers as opposed to screwdriver shops. I really do.
I always build my computers too, even workstations for work. I used to buy work computers from "screwdriver shops", but there is too much instability. It is really because so many people prefer to buy from a big company. They seek saftey in numbers.
Well perhaps they could get around the legal issues by not SELLING the motherboards, only LEASING them.
Then it would be theirs to mess with at will.
As for moral and technical issues, they are often ignored by corporations.
As long as people will buy it...
Just because it CAN be done, doesn't mean it should!
We are not far now...
--
Wooden armaments to battle your imaginary foes!
It's a good thing this is only a Windows-only deal. It's not just a bad idea, it's outright deranged.
The BIOS is firmware. That's all it is, and that's all it should behave as. And the point about reflashing BIOSes is worth remembering -- don't forget that nasty little firmware update that B&W G3 Mac users had to deal with last year.
I'd go so far as to say that it's a shame that OpenBIOS and LinuxBIOS aren't as far along as they could be -- at least the early IBM PC users could look through the listing for security holes and such. This is just flat out ridiculous.
(For the record, the LinuxBIOS idea seems to be a pretty specialized design -- too clunky and potentially difficult to maintain IMHO. I wouldn't use it personally, though OpenBIOS seems to have potential even if it's a comatose project.)
/Brian
I'm surprised that no one has already posted this.
Microsoft has placed very strict limits on what customizations vendors can do on systems before they ship. Microsoft wants Windows to control the horizontal and the vertical. Well, there's another player in town with a pretty large market share, and the tactical high-ground: Phoenix. The BIOS rules the machine, not Windows. I'm positive that this feature was requested by the systems vendors, and it's just a case of them fighting back against one of their suppliers who has gotten a bit too pushy.
Using your processing cycles, bandwidth, and connection time for their own purposes? Sounds like "Theft of computers services" to me. It would be interesting to see that used *against* corporate computer stupidity.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
I wasn't sure I wanted to post this, because it could possibly give away my "secret identity", but...
A friend of mine is reasonably high up at Phoenix. He had been working on a "secret project" that he wouldn't tell me anything about, but he told me that it was going to be big. Of course, I badgered him for information, but he wouldn't tell.
Well, I had lunch with him one day not long after PhoenixNet was announced. I asked him, "so what's up with this PhoenixNet thing?" He replied, "what do you think of it?"
I then went on to totally trash the idea, saying why it wouldn't work, that people wouldn't stand for their BIOS downloading advertising, on and on. I railed on for quite a while. I might've even called it a "stupid idea".
Then I said, "hey wait a minute... is this the secret project you've been working on??"
He said, "Yes. It was my idea."
Oops. I kind of grinned sheepishly. Huge case of "open mouth, insert foot."
--
Sometimes it's best to just let stupid people be stupid.
http://home.phoenixnet.com/privacy/pcusers.html
This is bios level spying and advertising, even from Phoenix's partners. I think most users will not even know it is installed (by default). The only way to get rid of it is flashing your bios, which is quite a dangerous operation for the common user
"No way"; the whole idea of BIOS doing that sort of thing within an OS seems crazy -- installing items on a filesystem by the BIOS would be, reasonably possible probably -- but detecting a network, constructing packets, and independently talking with their little site? I doubt that.
/etc/motd (ala desktop -- i'm assuming that Phoenix will make use of the advertisement opportunity; but that I think you can count on.) oh yeah and sending your hostname, browser name, and of course random /etc/passwd snippets to the vendor!
What they're probably doing is a whole lot simpler and more plausible too... Since their BIOS can't do things like access the network itself, they have to depend on software they have the user (or the OEM) install on the system.. by making their `windows driver software' for supposed components on the motherboard include other software that simply launches an internet client they could do what they need without any involvement from the hardware; *Recalls flashbacks of 'MSN Network' setup icons mysteriously appearing on desktops of new windows installations and the desktops of any new user profile being created that drove him crazy*.
While it may be theoretically possible for a BIOS to implement its own network layer and a separate IP stack, to have built-in know-how to scan the status of modem/NICs to detect not only that a network is present but that the network is connected to the Internet; it is extraordinarily unlikely that this is what is happening -- it would simply be a waste if Phoenix could just as easily have software installed on the system's hard drives through traditional means.
The idea that their entire system (hardware drivers, client, network code, DNS stuff, etc) could be reasonably contained within BIOS ROM is preposterous in my opinion.
I think what is more likely; however, is that those who install software provided phoenix or those using pre-built systems with their BIOS get this installed by default and the otherwise traditional software might be able to make use of 'special BIOS hooks' which could have been created for its benefit...
In my opinion, this is similar to the makers of web browsers settting a default page of their maker; example: netscape's home.netscape.com; Microsoft's www.msn.com -- the difference? Phoenix is selling BIOSes, not client software: this is akin to buying a calculator program and having its installation add banner ads to your
Hmmmm, what did you say your Phoenix Technologies BIOS serial # was?
clickity-click
Oh dear, looks like your hard drive has been disabled. No, I can't fix it from here, but I have a friend who lives by you and could fix it in his spare time, he charges about $200/hr. Uh-oh, looks like one of your RAM chips just went!
He who joyfully marches in rank and file has already earned my contempt. - "Big Al" Einstein
Remember the Microsoft anti-trust trial? One detail that emerged was that Microsoft does not permit OEMs to perform modifications to the desktop, startup sequence, etc. This means that the OEMs can't give the user a "custom experience" or differentiate their machine from others using Microsoft's software.
This Phoenix BIOS trick lets OEMs skirt the Microsoft OEM license by performing the customization after the user has the machine.
So, in one way, I say "kudos" to Phoenix for figuring out how to subvert Microsoft's restrictive OEM licensing agreements in this way.
On the other hand, I'd like to understand more technical details of the feature, whether it could bite me while I'm trying to use Linux, etc. Has anybody turned up relevant patents?
Hate stupid software on freshmeat? Laugh at
Time to cover the computer with tin foil now too (you should see my cat...) You should see his cat during a thunder storm... "Here, Sparky!"
Tongue-tied and twisted, just an earth-bound misfit, I
Tongue-tied and twisted, just an earth-bound misfit, I
Learning to fly, Pink Floyd.
I agree. It's nice for companies to attempt to improve their products with services that customize their behaviour based on a user's needs. However, they should disable this feature by default and prompt the user during an installation of Windows to turn this feature on or not. The prompt should clearly explain what is being transmitted each way. Not every company is Big Brother, but it'd be nice to know Phoenix isn't trying to pull a fast one on us ala Digital Convergence.
It sums up everything, and also contains key (annotated) paragraphs from the PhoenixNet site (so if you're too afraid of evil scripts to visit the PhoenixNet site, you can see it safely from this site). The main page of cexx.org (no relation to anything disgusting; it stands for Counterexploitation) has other helpful and interesting pages about spyware, foistware, backdoors, scams, and such. Most of it pertains to Windows, but there's some other cross-platform/no-platform topics there (including a way to make the CueCat output raw barcodes without requiring any software intervention.)
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
We have a right to expect honest, open behavior.
Before we buy a product, we have a right to understand anything that might make us change our minds.
Bush's education improvements were
Yet another reason to switch to OpenBIOS.
This sig intentionally left blank.
Hello Phoenix Helpdesk, what can i do for you ?
>Hey its me the new kid on the IT department and i cant seem to remember my password.
No Problem, *tickclickclick* your new password is *****
>And now we are on the phone anyways, what was the dialin number to connect to the network from home ?
Thats (insert telephonenumber here), is that all ?
>Yes, thank you.
*dailing into PhoenixNet Network*
Upload your Windows Auto Linux installer to be started with the ISL and set back and wait, reboot all win98 machines....
PhoenixNET user wakes up in morning, looks at his computer, who changed the start button for a big foot ?
Tralalala.....party on.....
Maybe someone could hack this to make his/her motherboard automatically work at getting first post!
The Moo went "Cow!"
While some people question the feasibility of this system to exist on the BIOS ROM (ie, too many components), remember the most important aspect of this phoenixNet script: Windows (98). While its not confirmed that it can run on other flavors of Windows (good god, I used flavors and windows in the same sentence), we must assume that ME is also compatible. 2000 and XP are a bit of a stretch. Next, take into acount the piss-poor(it's all relative) networking capabilities of Windows. I wouldn't doubt that there is some file somewhere in the Windows OS that acts as a flag for a network connection. After that, there's the network device. Windows, once again, stores all that info in the registry. Tricky part is understanding it. Couple hundred kilobytes can do that, along with cloning the driver info. All this stored on the new, practically empty (but still corrupted by M$) HDD. And finally, the actual code to execute the "phone home" portion. Low level communication via TCP/IP isn't that hard, if you know how to construct packets from scratch. A few more kilobytes can take care of the initial handshake + serial #. The rest of the program can be run on the HDD. See? It's not that difficult. Give some BIOS engineers this project for a few weeks, and they'll spit out the same thing. Nevermind the ethics, because as my Econ 301 teacher used to say: "In order for capitalism to thrive, greed must be considered 'good.'" Yay capitalism! ---- O Viespatie! Vel Desreles! Man bloga.
O man, Sausage again! I'm sick of it.
IWARS.
People, in general, disappoint me. Politicians even more so.
Would be cool to be able to ap-get a complete Debian system onto your disk through your BIOS, no? That way you would'yt even need an boot floppy.