Feeds

Phoenix BIOS mobos phoning home?

We still don't know

  • alert
  • submit to reddit

Last Tuesday we were following with great interest a thread at DSLReports expressing concern about the PhoenixNet-enabled BIOS, which automatically connects users to Phoenix servers to enable downloads of (presumably updated) files.

Several commentators were confused about how to enable and disable the service, and found that when they installed their shiny new mobos their machines had made the connection without their knowledge.

Judging by the exchanges at DSLReports, we gather that the Phoenix installation CD goes about its business without giving the user a heads up that they're about to enable the Net service, and no option to enable or disable it.

So far as we could gather, the Net service is enabled by default and has to be switched off in BIOS setup. If one doesn't go into setup on the first boot, one will connect to Phoenix automatically (unless one, like, disconnects his modem--hello?)

At any rate, this uncertainty dredges up memories of Intel's serial-number debacle, so we've been keen to get it sorted out.

On the case

We wanted to know exactly how the installation program works, and whether or not there's an option to let the user enable or disable the .Net service. We wanted to know what data, if any, is sent to Phoenix during the initial connection, whether or not it's recorded, and if so, what it's used for and by whom.

We were confident that Phoenix would be eager to clear this up for us, so we rang the company on Wednesday last. This proved a monumental challenge. After scouring the main site and the .Net site, we came up with only a main switchboard number. (We even checked through their press releases, where press contacts are often listed, but these had been scrubbed clean of any such useful information.)

At the main switchboard, we were confronted by a friendly but hopelessly ill-informed receptionist who insisted that there was no way for her to connect us to either the .Net development team or even to the press office, since all she had was a list of names and phone extensions. She didn't have a clue which departments any of these people worked in.

So we did what we could; we left voice-mail messages for random people whose names seemed vaguely familiar to the receptionist, and hoped for a call-back from someone who could answer our questions.

And sure enough, just minutes before closing time on Wednesday, a fellow from the Phoenix PR department rang us to say that the person we needed to talk with was conveniently sick, but we'd be getting a call from him the very next day.

But towards the close of business on Thursday (interesting timing again), we got an e-mail message from Phoenix Corporate Marketing Director Jerry Brocklehurst, who wrote:

Yesterday, you left a voice message on our PR phoneline asking for information on PhoenixNet, but didn't leave a way to contact you. Please call me at (408) 570-1159 and I can arrange a time for you to speak with the appropriate PhoenixNet people.

Talking to a wall

We immediately rang Jerry, but the call went to voice-mail. Being late in the day as it was, we didn't expect to hear from him until Friday. We also replied to his e-mail, just in case he failed to copy down our phone number from the voice-mail message. (Though his underling had managed to use our phone number the day before, we recalled.)

The hours ticked by on Friday, and by about 2:pm Phoenix-time we began to suspect that old Jerr wasn't going to follow through. So we rang up and, you guessed it, voice-mail again. We replied yet again to his e-mail.

Silence.

A week has now elapsed since our first contact with Phoenix, and we still haven't heard word one from them. Considering the potentially controversial nature of the Net feature, we expected them to be eager to tie up all the loose ends for us.

Apparently they haven't yet got their PR story straight. We hope they will do soon, as our readers, no doubt, are growing as impatient as we are to hear it. ®

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.