At any company I have worked at, they always use the 4 year lifecycle. Even after that time I have personally seen firmware updates still rolling out and of course being able to run a modern version of windows which gets security updates. Even more so now, with a machine that runs Win 10 is almost guaranteed to run win 11 without issue.
One important problem is that, with only very few exceptions, the companies that donate their PCs don't usually donate them immediately after this lifecycle has ended. Instead, they'll usually just wait until after the firmware update support period has
also ended, which is when they'll wait another year or possibly longer before finally, at very long last, they make the decision to let you "refurbish" the PCs by throwing them in the dumpster to be recycled becuase, by that time, they're actually no longer even worth the cost of transportation plus work. In fact you should consider yourself lucky if you don't return with an almost empty van and they didn't lie to you about the specs and/or numbers like how many PCs they have for you that meet these specs and the condition that these PCs are in. My grandmother used to always complain about those who came to her door to ask for donations. They always talk about "giving", she said. To which she then added, "Our cow once died of giving."
So are there tools to detect these pc firmware attacks? Is there a way to even know?
Of course, but for the average consumer the options are rather limited (or pretty much nonexistent, especially if you are on a very tight financial budget), and, as the Microsoft article also states, companies that know that they experienced a firmware attack will typically invest more heavily in
prevention instead. Sauron was a good example of why detection, even though it still has its merits nevertheless, is going to be far distance away from being enough.
A spy software called “Sauron” that hit Belgium uncovered
The software is thought to have been installed in June 2011. It could not be detected earlier as it can adapt its form to the network it is attacking (the files its uses to install itself can have different names and be different sizes). Most spy software cannot do this, which is why it was not found until now.
Looks like it took 5 whole years to find him. Hope it doesn't happen.
I am not paranoid at all. I think you meant to say just because i'm not paranoid doesn't mean they are not after me.
I was quoting from the satirical novel "Catch-22" by Joseph Heller.
I am still not convinced, and don't think average pc's firmware are prime targets when old outdated mini pc's (routers) are sitting there plump for the taking, and are way better at being used for botnets and the like. Especially because internet providers use the same models, and are so much easier to take control over without the user noticing anything at all. The attacks on router firmware and all of that has always been extremely bad, because most routers are swiss cheese and have holes everywhere. Pretty much every router firmware that exists on the consumer level can be taken over in seconds. I think that is a way more prevalent threat. Whats funny though, is despite how many holes and how bad those are, we still have seen only a few botnets and the like. But nothing earth shattering or life altering.
A lot of old PCs are
also sitting there plump for the taking. Like I earlier said, companies also use the same or very similar PC models, and Not-for-profit organizations that refurbish old PCs that were donated by these companies don't very often want to spend the extra effort and time it usually takes for them to refurbish numerous different PC models of various types. As these donated PCs are so old and outdated, these refurbishers are forced to cut down the cost of refurbishment. So, they need to refurbish these old PCs
in bulk always when possible, which they cannot do if they need to follow different steps on each different PC constantly. That's the general rule. I know from experience that there aren't too many exceptions to this, as they simply can't afford to do it any other way, or at least not for very long.
These very old PCs are
also swiss cheese and
also have holes everywhere. Again, the vast majority of companies who want to donate them don't want to donate them before these old PCs are more akin to grated swiss cheese than they are akin to swiss cheese. They
also can be taken over in seconds. The only real reason why you haven't seen more botnets is
because they are purposely designed to be invisible. Worse, if you try to convince your average consumer PC hardware manufacturer to care about that which is invisible, then they'll say you're just worrying about ghosts. If it's from Apple, their fanboys will confirm that that's what you're worrying about. If or when it becomes visible after all (which happens only rarely, because it's still designed to be invisible), then they'll say hey look, we're so sorry to hear that, but if you buy our newest products, which are definitely so much better and safer than our previous models, we promise it will never happen again. Next thing you know, it's just rinse and repeat. So yeah, as an average consumer whose budget is tight, you can't really do anything much against that. You'll just have to live with the fact that newer hardware choices often do have newer security features that could help to make it safer. Also, install all the latest updates as soon as they are made available, and hope for the best. You could argue against Microsoft killing old hardware support in Windows 11 far too soon because obviously they are in bed with the hardware manufacturers and all that jazz, but I'll still disagree with those who keep claiming that Microsoft's decision to end support is entirely unjustified or that security has got absolutely nothing to do with it.
However, people shouldn't forget the OS and software security part of the equation. I know that Sandboxie-Plus is not a very popular topic on here, but I use it alongside Windows Defender. I don't install anything nor run anything I don't want to trust outside the sandbox. Firefox Portable never runs outside the sandbox excepting only to update it or to install/update/remove (trusted) addons or to make changes to its settings. If I download a file with Firefox Portable, I use the Quick Recover option of Sandboxie-Plus to migrate the file out of the sandbox. I install all Windows updates, also including Preview Cumulative Updates as soon as they become available in Windows Update, and I use Intel Driver and Support Assistant to get notified when new Intel driver updates are available. I also check for other new available updates regularly.
As for the router firmware, I use an Asus RT-AX92U 2-Pack. AFAIK that one remained unaffected by the firmware vulnerabilities that caught the news last year. Asus has a phone app that notifies me when a new firmware update is available, and Asus has a list of things that can be done to make Asus wireless routers more secure.
[Wireless] How to make my router more secure? | Official Support | ASUS Global
But anyways, at this point I do agree now that is does seem pc firmware attacks are on the rise, (based on what you shared) but so far in a lot of the research I have read the "in the wild" that has been found has been attacking people of high importance, Executives, journalists, Ceo's etc. Those were the people referenced in most papers shown to be attacked or affected. Sure that could change, especially as more and more business pc's harden their firmware and bios and everything else. Maybe once that happens more focus will be on the little guys.
Again, the attackers rely on invisible botnets consisting of numerous infected computers that belong to people of low "importance". These invisible botnets are what the attackers use in their attacks when they target people of high "importance". Invisible, i.e., they aren't reported simply because they remain undetected.
From what I understand, There are no tools, at least none that I can find. I am not finding anything that answers your original questions. If PC firmware attacks are on the rise, (and I am convinced they are now, but I still feel it's the big companies and not the average joe. Targeted) there isn't much you can do. I don't see anything out there to combat the issue other than companies needing to patch their firmware on a regular basis. Which just isn't going to happen with how many machine models are out there. It's not realistic. Same issue with network equipment.
You can only do so much about security on your part. Rest is up to the companies that make it. But I dont think its worth losing sleep over.
Worth losing sleep over? No. Worth retiring old hardware that's got nothing but problems? Definitely yes. E-waste is e-waste. Maybe the computer museum could still use some of the stuff.
