A commenter on this firmware compromise problem said that HP's position on the matter was that the "service life" of any affected machines is over, suggesting HP intends to do nothing about the problem, never minding that end of service life is not the same as users no longer using them. Other manufacturers are working on fixes.

There are entirely valid reasons for no longer supporting devices past their announced service lives, but something with such serious outcomes might warrant an exception. While it's true that a user has to positively download the BIOS update (containing malware or legitimate), it's easy enough to con many users. Some setups get the BIOS updates automatically pushed, too. The risk isn't only to the compromised machine; the risk extends throughout any network the machine might be connected to, depending on the specific malware in the bogus BIOS, or already on the machine.

To the extent the claim about HP's position is true, it's one more reason not to do business with HP at all. I have had my own problems with HP, and I already won't do any business with them.

Eric Hines

Macroeconomic Trends and Risks FAQ

---

Contact Shrewd'm
Contact the developer of these message boards.