[toast0]

The intent is that manufacturers would use this to provide critical drivers for windows users. Stuff that wasn't on the retail OS cd, but you would need to get to windows update. Or something, I dunno. Of course, the race to the bottom being what it is, if you can get $20/unit to put sketchy garbage in it, it's going to happen. Just because you're paying for something doesn't mean you're not also the product.

[gruez]

AFAIK the original purpose was for anti-theft solutions (eg. computrace) to re-install themselves after a wipe. Before this, they would mount the boot drive and rewrite chkdsk.exe (which gets executed each boot) with their program. That way, their tracking software stays on the system even if you wiped the computer.

[schoolornot]

The original intent seems OK. Why the hell does this mechanism need the capability to execute arbitrary .exe files and not just load the most basic type of driver required (INF/DLL/etc. whatever Windows calls it)?

[freeone3000]

It's still arbitrary code running as a driver, it doesn't matter what form it takes, you can abuse the process to host whatever you want.

[mikepurvis]

A DLL is also executable code; there's really no difference between that and running an arbitrary EXE. Inf files are slightly different, since they're just text-based configuration, but I doubt that you could get your theft-recovery (or whatever other) functionality using just configuration of something built-in.