I bought one of these mini PCs (Beelink SER5) a while back to use as a low power desktop and the first thing I did was nuke the default partitions and install Linux. Never trust preinstalled OS.
It's probably not malware, but I was surprised to see an Asus software installer pop up in Windows last time I built a PC. Apparently it's in the motherboard firmware, but I think they at least offer an option to disable it. And it was visible, but I still don't like it.
Now that's a bit naughty. I would hope that the skill level of those who use mini-PC's for use-cases other than pure aesthetic would be able to nuke both partitions and start afresh anyway, sidestepping this type of shithousery.
The irony isn't lost on me that a site with more adverts than article words, quarter-page banner ads, and a convoluted GDPR consent tool has the gall to moan about spyware.
Toms has never claimed to be perfect but they are one of the last places you can look to for some very detailed breakdowns that don’t involve scrubbing through a youtube video.
Back on topic, calling it spyware is a slap on the wrist. Metas tracking pixel is spyware. What was found was a keylogger, password stealer, and cryptowallet key stealer that was baked into the initial windows install and recovery partition.
I would hope that the skill level of those who use mini-PC's for use-cases other than pure aesthetic would be able to nuke both partitions and start afresh anyway, sidestepping this type of shithousery.
For sure, but what if it were a UEFI-embedded rootkit? Even Lenovo had those back in the day. And these days, with LogoFAIL vulnerable firmware still out in the wild, anyone in the supply chain could embed a malware in the UEFI (assuming that new boxes are still being shipped with vulnerable firmware, which, I won't be surprised if they were, as most of these small time vendors are pretty bad at pushing firmware updates).