Blog - Page 98 of 158 - Advantage Computers NJ

Integrating Rust Into the Android Open Source Project

Posted by Ivan Lozano, Android Team

The Android team has been working on introducing the Rust programming language into the Android Open Source Project (AOSP) since 2019 as a memory-safe alternative for platform native code development. As with any large project, introducing a new language requires careful consideration. For Android, one important area was assessing how to best fit Rust into Android’s build system. Currently this means the Soong build system (where the Rust support resides), but these design decisions and considerations are equally applicable for Bazel when AOSP migrates to that build system. This post discusses some of the key design considerations and resulting decisions we made in integrating Rust support into Android’s build system.

Rust integration into large projects

A RustConf 2019 meeting on Rust usage within large organizations highlighted several challenges, such as the risk that eschewing Cargo in favor of using the Rust Compiler, rustc, directly (see next section) may remove organizations from the wider Rust community. We share this same concern. When changes to imported third-party crates might be beneficial to the wider community, our goal is to upstream those changes. Likewise when crates developed for Android could benefit the wider Rust community, we hope to release them as independent crates. We believe that the success of Rust within Android is dependent on minimizing any divergence between Android and the Rust community at large, and hope that the Rust community will benefit from Android’s involvement.

No nested build systems

Rust provides Cargo as the default build system and package manager, collecting dependencies and invoking rustc (the Rust compiler) to build the target crate (Rust package). Soong takes this role instead in Android and calls rustc directly for several reasons:

In Cargo, C dependencies are handled independently in an ad-hoc manner via build.rs scripts. Soong already provides a mechanism for building C libraries and defining them as dependencies, and Android carefully controls the compiler version and global compilation flags to ensure libraries are built a particular way. Relying on Cargo would introduce a second non-Soong mechanism for defining/building C libraries that would not be constrained by the carefully selected compilation controls implemented in Soong. This could also lead to multiple different versions of the same library, negatively impacting memory/disk usage.
Calling compilers directly through Soong provides the stability and control Android requires for the variety of build configurations it supports (for example, specifying where target-specific dependencies are and which compilation flags to use). While it would technically be possible to achieve the necessary level of control over rustc indirectly through Cargo, Soong would have no understanding of how the Cargo.toml (the Cargo build file) would influence the commands Cargo emits to rustc. Paired with the fact that Cargo evolves independently, this would severely restrict Soong’s ability to precisely control how build artifacts are created.
Builds which are self-contained and insensitive to the host configuration, known as hermetic builds, are necessary for Android to produce reproducible builds. Cargo, which relies on build.rs scripts, doesn’t yet provide hermeticity guarantees.
Incremental builds are important to maintain engineering productivity; building Android takes a considerable amount of resources. Cargo was not designed for integration into existing build systems and does not expose its compilation units. Each Cargo invocation builds the entire crate dependency graph for a given Cargo.toml, rebuilding crates multiple times across projects¹. This is too coarse for integration into Soong’s incremental build support, which expects smaller compilation units. This support is necessary to scale up Rust usage within Android.
Using the Rust compiler directly allows us to avoid these issues and is consistent with how we compile all other code in AOSP. It provides the most control over the build process and eases integration into Android’s existing build system. Unfortunately, avoiding it introduces several challenges and influences many other build system decisions because Cargo usage is so deeply ingrained in the Rust crate ecosystem.

No build.rs scripts

A build.rs script compiles to a Rust binary which Cargo builds and executes during a build to handle pre-build tasks, commonly setting up the build environment, or building libraries in other languages (for example C/C++). This is analogous to configure scripts used for other languages.

Avoiding build.rs scripts somewhat flows naturally from not relying on Cargo since supporting these would require replicating Cargo behavior and assumptions. Beyond this however, there are good reasons for AOSP to avoid build scripts as well:
- build.rs scripts can execute arbitrary code on the build host. From a security perspective, this introduces an additional burden when adding or updating third-party code as the build.rs script needs careful scrutiny.
- Third-party build.rs scripts may not be hermetic or reproducible in potentially subtle ways. It is also common for build.rs files to access files outside the build directory (such as /usr/lib). When they are not hermetic, we would need to either carry a local patch or work with upstream to resolve the issue.
- The most common task for build.rs is to build C libraries which Rust code depends on. We already support this through Soong.
- Android likewise avoids running build scripts while building for other languages, instead, simply using them to inform the structure of the Android.bp file.

For instances in third-party code where a build script is used only to compile C dependencies, we either use existing cc_library Soong definitions (such as boringssl for quiche) or create new definitions for crate-specific code.

When the build.rs is used to generate source, we try to replicate the core functionality in a Soong rust_binary module for use as a custom source generator. In other cases where Soong can provide the information without source generation, we may carry a small patch that leverages this information.

Why proc_macro but not build.rs?

Why do we support proc_macros, which are compiler plug-ins that execute code on the host within the compiler context, but not build.rs scripts?

While build.rs code is written as one-off code to handle building a single crate, proc_macros define reusable functionality within the compiler which can become widely relied upon across the Rust community. As a result popular proc_macros are generally better maintained and more scrutinized upstream, which makes the code review process more manageable. They are also more readily sandboxed as part of the build process since they are less likely to have dependencies external to the compiler.

proc_macros are also a language feature rather than a method for building code. These are relied upon by source code, are unavoidable for third-party dependencies, and are useful enough to define and use within our platform code. While we can avoid build.rs by leveraging our build system, the same can’t be said of proc_macros.

There is also precedence for compiler plugin support within the Android build system. For example see Soong’s java_plugin modules.

Generated source as crates

Unlike C/C++ compilers, rustc only accepts a single source file representing an entry point to a binary or library. It expects that the source tree is structured such that all required source files can be automatically discovered. This means that generated source either needs to be placed in the source tree or provided through an include directive in source:

include!("/path/to/hello.rs");

The Rust community depends on build.rs scripts alongside assumptions about the Cargo build environment to get around this limitation. When building, the cargo command sets an OUT_DIR environment variable which build.rs scripts are expected to place generated source code in. This source can then be included via:

include!(concat!(env!("OUT_DIR"), "/hello.rs"));

This presents a challenge for Soong as outputs for each module are placed in their own out/ directory²; there is no single OUT_DIR where dependencies output their generated source.

For platform code, we prefer to package generated source into a crate that can be imported. There are a few reasons to favor this approach:

Prevent generated source file names from colliding.
Reduce boilerplate code checked-in throughout the tree and which needs to be maintained. Any boilerplate necessary to make the generated source compile into a crate can be centrally maintained.
Avoid implicit³ interactions between generated code and the surrounding crate.
Reduce pressure on memory and disk by dynamically liking commonly used generated sources.
As a result, all of Android’s Rust source generation module types produce code that can be compiled and used as a crate.

We still support third-party crates without modification by copying all the generated source dependencies for a module into a single per-module directory similar to Cargo. Soong then sets the OUT_DIR environment variable to that directory when compiling the module so the generated source can be found. However we discourage use of this mechanism in platform code unless absolutely necessary for the reasons described above.

Dynamic linkage by default

By default, the Rust ecosystem assumes that crates will be statically linked into binaries. The usual benefits of dynamic libraries are upgrades (whether for security or functionality) and decreased memory usage. Rust’s lack of a stable binary interface and usage of cross-crate information flow prevents upgrading libraries without upgrading all dependent code. Even when the same crate is used by two different programs on the system, it is unlikely to be provided by the same shared object⁴ due to the precision with which Rust identifies its crates. This makes Rust binaries more portable but also results in larger disk and memory footprints.

This is problematic for Android devices where resources like memory and disk usage must be carefully managed because statically linking all crates into Rust binaries would result in excessive code duplication (especially in the standard library). However, our situation is also different from the standard host environment: we build Android using global decisions about dependencies. This means that nearly every crate is shareable between all users of that crate. Thus, we opt to link crates dynamically by default for device targets. This reduces the overall memory footprint of Rust in Android by allowing crates to be reused across multiple binaries which depend on them.

Since this is unusual in the Rust community, not all third-party crates support dynamic compilation. Sometimes we must carry small patches while we work with upstream maintainers to add support.

Current Status of Build Support

We support building all output types supported by rustc (rlibs, dylibs, proc_macros, cdylibs, staticlibs, and executables). Rust modules can automatically request the appropriate crate linkage for a given dependency (rlib vs dylib). C and C++ modules can depend on Rust cdylib or staticlib producing modules the same way as they would for a C or C++ library.

In addition to being able to build Rust code, Android’s build system also provides support for protobuf and gRPC and AIDL generated crates. First-class bindgen support makes interfacing with existing C code simple and we have support modules using cxx for tighter integration with C++ code.

The Rust community produces great tooling for developers, such as the language server rust-analyzer. We have integrated support for rust-analyzer into the build system so that any IDE which supports it can provide code completion and goto definitions for Android modules.

Source-based code coverage builds are supported to provide platform developers high level signals on how well their code is covered by tests. Benchmarks are supported as their own module type, leveraging the criterion crate to provide performance metrics. In order to maintain a consistent style and level of code quality, a default set of clippy lints and rustc lints are enabled by default. Additionally, HWASAN/ASAN fuzzers are supported, with the HWASAN rustc support added to upstream.

In the near future, we plan to add documentation to source.android.com on how to define and use Rust modules in Soong. We expect Android’s support for Rust to continue evolving alongside the Rust ecosystem and hope to continue to participate in discussions around how Rust can be integrated into existing build systems.

Thank you to Matthew Maurer, Jeff Vander Stoep, Joel Galenson, Manish Goregaokar, and Tyler Mandry for their contributions to this post.

Notes
1. This can be mitigated to some extent with workspaces, but requires a very specific directory arrangement that AOSP does not conform to. ↩
2. This presents no problem for C/C++ and similar languages as the path to the generated source is provided directly to the compiler. ↩
3. Since include! works by textual inclusion, it may reference values from the enclosing namespace, modify the namespace, or use constructs like #![foo]. These implicit interactions can be difficult to maintain. Macros should be preferred if interaction with the rest of the crate is truly required. ↩
4. While libstd would usually be shareable for the same compiler revision, most other libraries would end up with several copies for Cargo-built Rust binaries, since each build would attempt to use a minimum feature set and may select different dependency versions for the library in question. Since information propagates across crate boundaries, you cannot simply produce a “most general” instance of that library. ↩

May 11, 2021/by Advantage Computer Inc.

Uncategorized

WhatsApp will limit features for users who don’t accept new data‑sharing rules

Your account won’t be deleted, but here’s what you may want to be aware of if not even repeated reminders do the trick

The post WhatsApp will limit features for users who don’t accept new data‑sharing rules appeared first on WeLiveSecurity

May 11, 2021/by Advantage Computer Inc.

Uncategorized

Week in security with Tony Anscombe

Ousaban banking trojan targeting Brazil – How to help your kids use safe passwords – DDoS attack takes Belgian government websites offline

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

May 7, 2021/by Advantage Computer Inc.

Uncategorized

Popular routers found vulnerable to hacker attacks

Millions of Brits could be at risk of cyberattacks due to poor default passwords and a lack of firmware updates

The post Popular routers found vulnerable to hacker attacks appeared first on WeLiveSecurity

May 6, 2021/by Advantage Computer Inc.

Uncategorized

Making the Internet more secure one signed container at a time

Posted by Priya Wadhwa, Jake Sanders, Google Open Source Security Team

With over 16 million pulls per month, Google’s `distroless` base images are widely used and depended on by large projects like Kubernetes and Istio. These minimal images don’t include common tools like shells or package managers, making their attack surface (and download size!) smaller than traditional base images such as `ubuntu` or `alpine`. Even with this additional protection, users could still fall prey to typosquatting attacks, or receive a malicious image if the distroless build process was compromised – making users vulnerable to accidentally using a malicious image instead of the actual distroless image. This problem isn’t unique to distroless images – until now, there just hasn’t been an easy way to verify that images are what they claim to be.

Introducing Cosign

Cosign simplifies signing and verifying container images, aiming to make signatures invisible infrastructure – basically, it takes over the hard part of signing and verifying software for you.

We developed cosign in collaboration with the sigstore project, a Linux Foundation project and a non-profit service that seeks to improve the open source software supply chain by easing the adoption of cryptographic software signing, backed by transparency log technologies.

We’re excited to announce that all of our distroless images are now signed by cosign! This means that all users of distroless can verify that they are indeed using the base image they intended to before kicking off image builds, making distroless images even more trustworthy. In fact, Kubernetes has already begun performing this check in their builds.

As we look to the future, Kubernetes SIG Release’s vision is to establish a consumable, introspectable, and secure supply chain for the project. By collaborating with the sigstore maintainers (who are fellow Kubernetes contributors) to integrate signing and transparency into our supply chain, we hope to be an exemplar for standards in the cloud native (and wider) tech industry, said Stephen Augustus, co-chair for Kubernetes SIG Release.

How it works

To start signing distroless we integrated cosign into the distroless CI system, which builds and pushes images via Cloud Build. Signing every distroless image was as easy as adding an additional Cloud Build step to the Cloud Build job responsible for building and pushing the images. This additional step uses the cosign container image and a key pair stored in GCP KMS to sign every distroless image. With this additional signing step, users can now verify that the distroless image they’re running was built in the correct CI environment.

Right now, cosign can be run as an image or as a CLI tool. It supports:

Hardware and KMS signing
Bring-your-own PKI
Our free OIDC PKI (Fulcio)
Built-in binary transparency and timestamping service (Rekor)

Signing distroless with cosign is just the beginning, and we plan to incorporate other sigstore technologies into distroless to continue to improve it over the next few months. We also can’t wait to integrate sigstore with other critical projects. Stay tuned here for updates! To get started verifying your own distrolesss images, check out the distroless README and to learn more about sigstore, check out sigstore.dev.

May 6, 2021/by Advantage Computer Inc.

Uncategorized

Making the Internet more secure one signed container at a time

Posted by Priya Wadhwa, Jake Sanders, Google Open Source Security Team

Introducing Cosign

Cosign simplifies signing and verifying container images, aiming to make signatures invisible infrastructure – basically, it takes over the hard part of signing and verifying software for you.

How it works

Right now, cosign can be run as an image or as a CLI tool. It supports:

Hardware and KMS signing
Bring-your-own PKI
Our free OIDC PKI (Fulcio)
Built-in binary transparency and timestamping service (Rekor)

May 6, 2021/by Advantage Computer Inc.

Uncategorized

Fantastic passwords and where your children can find them

How witches, wizards and superheroes can help your kids stay safe from cyber-villains, plus other parenting hacks to encourage your children to use secure passwords

The post Fantastic passwords and where your children can find them appeared first on WeLiveSecurity

May 6, 2021/by Advantage Computer Inc.

Uncategorized

DDoS attack knocks Belgian government websites offline

The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions

The post DDoS attack knocks Belgian government websites offline appeared first on WeLiveSecurity

May 5, 2021/by Advantage Computer Inc.

Uncategorized

Ousaban: Private photo collection hidden in a CABinet

Another in our occasional series demystifying Latin American banking trojans

The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity

May 5, 2021/by Advantage Computer Inc.

Uncategorized

Enabling Hardware-enforced Stack Protection (cetcompat) in Chrome

Alex Gough, Engineer, Chrome Platform Security Team

Chrome 90 for Windows adopts Hardware-enforced Stack Protection, a mitigation technology to make the exploitation of security bugs more difficult for attackers. This is supported by Windows 20H1 (December Update) or later, running on processors with Control-flow Enforcement Technology (CET) such as Intel 11th Gen or AMD Zen 3 CPUs. With this mitigation the processor maintains a new, protected, stack of valid return addresses (a shadow stack). This improves security by making exploits more difficult to write. However, it may affect stability if software that loads itself into Chrome is not compatible with the mitigation. Below we describe some exploitation techniques that are mitigated by stack protection, discuss its limitations and what we will do next to approach them. Finally, we provide some quick tips for other software authors as they enable /cetcompat for their Windows applications.

Stack Protection

Imagine a simple use-after-free (UAF) bug where an attacker can induce a program to call a pointer of their choosing. Here the attacker controls an object which occupies space formerly used by another object, which the program erroneously continues to use. The attacker sets a field in this region that is used as a function call to the address of code the attacker would like to execute. Years ago an attacker could simply write their shellcode to a known location, then, in their overwrite, set the instruction pointer to this shellcode. In time, Data Execution Prevention was added to prevent stacks or heaps from being executable.

In response, attackers invented Return Oriented Programming (ROP). Here, attackers take advantage of the process’s own code, as that must be executable. With control of the stack (either to write values there, or by changing the stack pointer) and control of the instruction pointer, an attacker can use the `ret` instruction to jump to a different, useful, piece of code.

During an exploit attempt, the instruction pointer is changed so that instead of its normal destination, a small fragment of code, called an ROP gadget, is invoked instead. These gadgets are selected so that they do something useful (such as prepare a register for a function call) then call return.

These tiny fragments need not be a complete function in the normal program, and could even be found part-way through a legitimate instruction. By lining up the right set of “return” addresses, a chain of these gadgets can be called, with each gadget’s `ret` switching to the next gadget. With some patience, or the right tooling, an attacker can piece together the arguments to a function call, then really call the function.

Chrome has a multi-process architecture — a main browser process acts as the logged-in user, and spawns restricted renderer and utility processes to host website code. This isolation reduces the severity of a bug in a renderer as its process cannot do much by itself. Attackers will then attempt to use another sandbox escape bug to run code in the browser, which lets them act as the logged-in user. As libraries are mapped at the same address in different processes by Windows, any bug that allows an attacker to read memory is enough for them to examine Chrome’s binary and any loaded libraries for ROP gadgets. This makes preventing ROP chains in the browser process especially useful as a mitigation.

Enter stack-protection. Along with the existing stack, the cpu maintains a shadow stack. This stack cannot be directly manipulated by normal program code and only stores return addresses. The CALL instruction is modified to push a return address (the instruction after the CALL) to both the normal stack, and the shadow stack. The RET (return) instruction still takes its return address from the normal stack, but now verifies that it is the same as the one stored in the shadow stack region. If it is, then the program is left alone and it continues to work as it always did. If the addresses do not match then an exception is raised which is intercepted by the operating system (not by Chrome). The operating system has an opportunity to modify the shadow region and allow the program to continue, but in most cases an address mismatch is the result of a program error so the program is immediately terminated.

In our example above, the attacker will be able to make their initial jump into a ROP gadget, but on trying to return to their next gadget they will be stopped.

Some software may be incompatible with this mechanism, especially some older security software that injects into a process and hooks operating system functions by overwriting the prelude with `rax = &hook; push rax; ret`.

Limitations

Chrome does not yet support every direction of control flow enforcement. Stack protection enforces the reverse-edge of the call graph but does not constrain the forward-edge. It will still be possible to make indirect jumps around existing code as stack protection is only validated when a return instruction is encountered, and call targets are not validated. On Windows a technology called Control Flow Guard (CFG) can be used to verify the target of an indirect function call before it is attempted. This prevents calling into the middle of a function, significantly reducing the scope of useful instructions for attackers to use. Another approach is provided by Intel’s CET which includes an ENDBRANCH instruction to prevent jumps into arbitrary code locations. Memory tagging tools such as MTE can be used to make it more difficult to modify pointers to valid code sequences (and makes UAFs more difficult in general). We are working to introduce CFG to Chrome for Windows, and will add other techniques over time.

By itself, stack protection can be bypassed in some contexts. For instance, stack protection does not prevent an attacker tricking a program into calling an existing function by entirely replacing an object containing a function pointer. This approach does not involve ROP as the function call happens instead of the expected call, and returns to the address it was originally called from, so must be allowed. However, the called function must be useful to an attacker, and most functions will not be. An example of an attack using this method is to craft a call to add the `–no-sandbox` argument to Chrome’s command line. This results in future renderers being launched without normal protections. Over time we will identify and remove such useful tools.

In the renderer, for performance reasons, our javascript and wasm engines may use memory that is both writable and executable at the same time. This allows an attacker to modify code that v8 is already going to execute, saving them the trouble of constructing a ROP chain. This explains why it was not our first priority to make v8 CET compatible, and why stack-protection is not yet enabled in the renderer.

Finally, stack protection doesn’t stop the bugs in the first place. Everything we have discussed above is a mitigation that makes it more difficult to execute arbitrary code. If a programming error allows arbitrary writes then it is very unlikely that we can prevent this being used to run arbitrary code. Attackers will adapt and find new ways to turn memory safety errors into code execution.

Debugging Tips

You can see if Hardware-enforced Stack Protection is enabled for a process using the Windows Task Manager. Open task manager, open the Details Tab, Right Click on a heading, Select Columns & Check the Hardware-enforced Stack Protection box. The process display will then indicate if a process is opted-in to this mitigation. ‘Compatible Modules Only’ indicates that any dll marked as /cetcompat at build time will raise an exception if a return address is invalid.

You can see which Chrome processes are opted-out of CET by consulting the Mitigations field of chrome://sandbox and clicking ‘+’. All processes are included unless the mitigation CET_USER_SHADOW_STACKS_ALWAYS_OFF is present in the expanded details view.

If you are developing software, or debugging a problem in Chrome the shadow stack can be helpful as it includes only return addresses, and these cannot be corrupted by rogue writes elsewhere in the process. To see these registers use the `r` command in windbg with the mask option:

0:159> rM 8002

rax=00000000c000060a rbx=000000fa5bbfeff0 rcx=0000000000000030

rdx=0000000000000000 rsi=00007ffba4118924 rdi=000000fa5bbff1a0

rip=00007ffc1847b4a1 rsp=000000fa5bbfc0a0 rbp=000000fa5bbfc0a0

r8=000000fa5bbfc098 r9=0000000000000000 r10=0000000000000000

r11=0000000000000246 r12=000000fa5bbfe230 r13=000002c3450b5830

r14=000002c3450b7850 r15=000000fa5bbfc260

iopl=0 nv up ei pl zr na po nc

ssp=000000fa5c3fef10 cetumsr=0000000000000001

`ssp` points to the shadow stack region, `cetumsr` indicates if cet is enabled for the process.

You can then see the call stack within the shadow region using `dps @ssp`. Values are not overwritten so you can also see where you came from by looking a bit deeper: `dps @ssp-20`.

If a process is not compatible with Hardware-enforced Stack Protection, the system event log (Application Log) will include brief error reports (Id:1001). You can filter those related to cetcompat using the following powershell snippet:-

Get-WinEvent -MaxEvents 128 -FilterHashtable @{ LogName=’Application’; Id=’1001′ } `

| Where-Object {$_.Message -match ‘chrome.exe’} `

| Select-Object -First 8 `

| fl

These will include the following parameters:-

P1: application.exe

P2: application version

P3: application build ts

P4: faulting module .dll

P5: faulting module version

P6: faulting module build ts

P7: faulting offset in P4 from base_address

P8: exception code (c0000409)

P9: subcode (00…000030)

If Chrome is misbehaving and you think it might be because of cetcompat, it is possible to disable it using Image File Execution Options – we do not recommend this except for a limited period of testing. If you find you have to do this, please raise an issue on https://crbug.com so that we can investigate the failure.

Summary

/cetcompat is enabled for most processes for Chrome M90 on Windows. Enabling Hardware-enforced Stack Protection will layer with existing and future measures to make exploitation more difficult and so more expensive for an attacker, ultimately protecting the people who use Chrome every day.

May 4, 2021/by Advantage Computer Inc.

4.9
Rahaf Abuali
00:11 24 Feb 25
I work for a medical office in North Bergen, we have been using Advantage Computers’ support for many years and they have been keeping our computers up to date without problems for many years. Very dependable and pleasant to deal with. They explain everything and make it understandable. Thank you Zack and Nasser.
Paula Span
00:20 23 Feb 25
It's immensely comforting to have these patient, knowledgeable folks to call when you need to update or upgrade, when your computer seems to be going haywire, when you need answers to questions so basic you're embarrassed to ask anyone else. Thanks, Al.
Lee Elelman
15:51 30 Jan 25
I have been coming to get my computers upgraded here for over 20 years. I bought computers here and serviced them here,. They are always fair with me and done a great job keeping my computers up and running.
Jessica Decker
16:58 21 Jan 25
Zack has worked on several project for me. These include transferring data from old harddrives into the cloud and/or flashdrives, to helping repair a broken iPad, and wiping and disposing of old computers.He works quickly and is communicative about the process.I highly recommend him and turn to Zack and Advantage Computer Solutions for all my computer needs.
Sohail Butt
20:24 17 Jan 25
I recently visited Advanced Computer and was blown away by the honesty and professionalism of the staff. I was in a tricky situation trying to recover my BitLocker key, and the person who helped me went above and beyond to assist. Even after spending time and effort solving my issue, they refused to charge me, saying, "I don't want to take your money if you don't have to pay."It's rare to find such genuine and ethical service these days. I wholeheartedly recommend Advanced Computer to anyone in need of computer-related help. Their honesty and customer care are truly commendable. Thank you for your exceptional service!
emily
23:40 13 Jan 25
I came here thinking they won’t be able to fix my mac but they proved me wrong. Zack is such an amazing person who understood where I was coming from & trying to fix my mac as soon as possible & he worked his magic. I highly recommend him & his prices are reasonable. If you ever need to get any of your technology fix, come to Zack, he’ll go over with you the process & how much it will cost.
andre wellington
18:49 06 Jan 25
I had a problem with my laptop charging port not working properly. I took it to Advantage Computer Solution on the day after Christmas where I spoke to Al who quickly diagnosed that the port was broken and offered to fix it for less than what I would have paid if I had gone to Best Buy or another local technician. Their service was fast, both guys were friendly and he even fixed my laptop lid which turned out to be broken. If that's not a Christmas gift then I don't know what is. I am truly grateful and if ever I need my laptop or PC to be cleaned or repaired, this is where I will go. You should too.
louis savaglio
01:27 04 Jan 25
The best IT service I ever had. They have been servicing my business for over 20 years. I am an accountant and I can't survive without them. Very quick turn around and they are able to remotely fix issues on my system when they can. Thank you
Vincent Manno
19:40 31 Dec 24
Very attentive, great customer service and very helpful.
Hanadi Seyam
01:29 28 Dec 24
I took my older Sony notebook for repair, the battery needed replacement. I didn't have to leave it, I left a small deposit, they ordered the battery and when it came in, it took 3 hours and they called me, it didn't cost much. Great service and very pleasant staff. Thank you.
Riky Lozado
20:16 26 Dec 24
Great costumer service!
Daniel Ritz
23:07 19 Dec 24
I was referred their for a repair of a Dell All-In-One. Nasser and his associate are super pleasant and polite to work with. They did the repair quickly and affordably. I like their intake system that generated a receipt and a label for my unit. I knew right there that they are organized and responsible. Couldn't have been a better.
Nicolas Bermúdez
22:19 14 Dec 24
Thanks for repairing my computer man
Jonathan Rodriguez
23:01 20 Nov 24
This is an amazing store for all your computer needs. I built my own computer, and when things stopped working and I couldn’t figure out why, I sent it to this shop. The owners were very polite and knowledgeable from the start. He not only fixed my issue but also explained what I could do to prevent it in the future and gave me options for upgrading parts later down the road all of this for a very reasonable price.I could not recommend this store more and will definitely be coming here for any computer needs I might have in the future.Thank you, Advantage Computer Solutions!!
Georgia
20:41 11 Nov 24
The best computer specialist you can find around!! They are prompt and solve any problems you might have when it comes to your computer programs! thank you guys for all you do for our company!
Jacob Fontanez Kanaropoulos
22:10 30 Oct 24
Customer service was AMAZING!!! Fixed the problem within minutes and was fairly priced as well. Thank you guys🙏
Mark Stevens
21:41 30 Oct 24
Very helpful and honest. They fixed my wife's computer very fast and very reasonable cost.
Soufian Aglaguel
04:28 27 Oct 24
The best people ever! They were able to fix my problems, they fixed my computer which I had an issue with for a week now. The man Naser and Aref were super nice, understanding and were able ti get the job done overnight. Thank you! I wish I can give this more stars!!!!!
Mateusz Marciniak
22:17 30 Aug 24
Gave me free computer advice. Great guys running the place!
Faisal s.m
00:43 28 Aug 24
I found Advantage Computer Solutions from Google. I was impressed to get their great customer service. They gave me reasonable price for my laptop’s cracked screen and they fixed it in short time. Thanks AdvantageComputer Solutions!!!
kathleen denny
16:26 15 Aug 24
fantastic . so helpful, so instructive, Absolutely saved me. i will be forever grateful for the assistance and the knowledge
Matt Font
05:15 04 Aug 24
Al and Zach are worth the visits and not just because of knowledge/secondary opinions... my family's been infrequent visitors for almost over 2 decades! I don't often have the tools/ foresight for electrographical malfunctions during an arbitrary power outage or whaling out emotional kicks on my desktop from a game-over screen en masse. These guys resurrected my desktop numerous times & will always eclipse any kind of troubleshooting you'd expect at a big box computer retailer (who could only resort to selling me bricked hardware and underperforming specs versus a 5 year dinosaur from their own supply chain). Ordinary people have a responsibility to shop small and support the establishments that don't see obsolescence and sales as the defacto norm.
East Ridgelawn Cemetery
18:14 12 Jul 24
For over two decades, Advantage Computer Solutions has been our go-to for all things tech. As a family-owned business, they bring a personal touch and genuine care that's hard to find these days.Their expertise is undeniable. They've tackled every computer issue we've thrown their way, from routine maintenance to complex repairs, all with a professionalism and reliability that keeps our business running smoothly.We can't recommend Advantage Computer Solutions enough. If you're looking for a trustworthy, expert partner for your computer needs, look no further!
Alexandra Alvarez
23:20 09 Jul 24
They did a great job at fixing my husbands computer. The price was very reasonable and they took great care of it. The attention is top 1. Thank you for all your help☺️
Stefanie
17:34 06 Jul 24
Would give them 10 stars if I could! I called Al after a quick google search because part of my laptop was damaged. It took a few seconds for him to recognize the problem and he helped me pop the loose piece back into place. He did not charge me. That's how you know he likes to do good, honest business. An act of kindness goes a long way. I will recommend you to family and friends :) thanks again!
Rich Lanning
11:39 14 May 24
Zack is the best! He took the time to explain in user friendly terms the steps he took to optimize our network connectivity and to enhance the performance of our multiple laptops. Whether a small business, a work from home employee or a family with multiple devices on a network, I highly recommend Advantage Computer Systems to help you with computer & network setup and or maintenance issues.
Mattie B
19:12 09 May 24
I've known these guys for I'd say roughly 20 years. They've done great work for both my family and for my dad's business, extremely friendly and professional. They were also our tenants prior to COVID and were great to work with. I highly recommend them.
Matthew Davila
20:59 27 Apr 24
Great people honest and do great work. They fixed my system at a very reasonable price and quick turnaround.
June Neblung
20:36 24 Apr 24
These good folks provide us with our security cameras and all of our computer and internet needs. Al, Nasser and Zach are the best!
Dank F
22:39 15 Apr 24
Amazing people helped me with all my problems great work on my machine I’m definitely coming back !!!
Manoj Bhagat
18:44 28 Mar 24
Great service, they revived my old notebook and made it fast again.. Very reasonable prices. Thank you
Berman Taylor
15:34 17 Mar 24
They have taken care of my computers for years! I can't imagine getting anything done without them. I appreciate their calm, good humor and advice.
Orelvis Redwoods
14:26 27 Feb 24
My computer didn't want to turn on, display anything at all, etc. Took it to these gentlemen and they fixed it for a reasonable price, totally recommend them.
Ashley Aguirre
22:26 19 Feb 24
Good prices they have everything and provide great service.
Laura H
12:50 17 Feb 24
The best computer support for a small business.
moira crabtree
19:15 17 Aug 22
I want to praise this company to the heavens! They are so very good. If your computer has ANY problem, particularly a difficult problem, THIS IS THE COMPANY TO CALL! They come quickly (eases any computer anxiety whether it's a business or personal situation). They are so smart (and you need someone smart enough to solve your issue), thorough (you do not need a half-baked job done), and so very pleasant to deal with (in a time when most service people are cranky.). This company was recommended by a business that needs flawlessly running systems. I was told they were good and reliable. They are so much better than that. I will never use anyone else. Once I have found the best, why look anywhere else? Save your sanity. Just call Advantage Computer Solutions. You won't regret it.
Amy Neustein
18:10 13 Jul 22
From Today --July 13, 2022I just had my computer serviced at Advantage Computer Solutions and again I couldn't be more pleased!! Al and Zack were fantastic! Not only did they diagnose the problem, and jump in immediately to help me, but they did it in record time!!! Al gave me a new SSD which makes my computer work at record speed. In addition, he cleaned out my fan to help with the freezing of the computer when the fan overheated. The concern and care afforded by Advantage Computer Solutions are extraordinary. This is a family-owned business that truly treats each client like a family member! I wholeheartedly recommend this place over the chain repair shops. I have complete confidence in Advantage Computer Solutions, which is a blessing indeed!!!Amy Neustein, Ph.D.Fort Lee, NJFrom six years agoI don't have enough words to express my appreciation for Nassar and Paul, and the other members of Advantage Computer Solutions. I live in Bergen County and travel to Passaic County because of the trust I have in the competence and honesty of Advantage Computers. What a blessing to have such seasoned and caring professionals available to service my computer. The company has deep respect for its customers. I am very pleased as I have been using their services successfully since 2010.
MikSchlag
13:46 15 Mar 22
Quickly attuned and all options presented within minutes. I was back up and running within 20 minutes ( on main computer) and it cost me 1/3rd of an office visit (they had everything (memory and SSD and didn't push options) in stock for my older computers)! Outstanding... or you could be standing out in the cold. They kept my business running!!
Steve Walden
14:00 10 Feb 22
I never leave reviews, but I have to give a shout out to Al and Advantage Computers because they do terrific work. Had my house wired with ethernet cable and they worked quickly, efficiently, were pleasant to deal with. Everything was cleaned up and done professionally. Among the best service I've had as a homeowner. Would highly recommend!
Dmitry Kreslavskiy
19:31 04 Jan 22
Had a great experience here. Nice, very polite and highly professional people and very reasonable charges as well.A laptop died suddenly for no apparent reason, occasionally allowing you to peek into BIOS setup, but not always, and always ending up with a black screen without going into Windows.Microcenter people told me to wait a week because of COVID, Nasser here took it and had good quality research results for me the morning after, - it was a dead motherboard, and he even explained the likely reasons for its failure.He salvaged the data for us to a USB stick and he let us spend all the time we needed picking the data we wanted copied.He spent a ton of time on us and only charged us about $50 for the research and another $50 for data copying, very reasonable, - Best Buy and Microcenter wouldn't been more pricey.Happy to recommend and come back again as well. Thank you so much for a great service!
RICHARD DEMAYO
14:45 22 Jan 21
The best guys in the business bring them any problem and give them a little time and they will give you a solution.
PRO AUTO BROKERS
23:50 11 Jan 21
These guys are the best in the business, very knowledgeable and easy going. Highly recommended, top notch in the computer business. My main man Al took care of us efficiently and fast, also great prices.Ed
Carlos Santos
23:24 26 Oct 19
I’ve known the Advantage Team for years. They are the absolute best techs in the field, bar none. I couldn’t tell you how many tens thousands of dollars they saved us over the years; they can be trusted to never scam anyone even though they would do so very easily. The turnaround time is also excellent, even if they don’t have a particular part in stock. They work fast and they work smart. In the decade I’ve known them, I’ve never had to return a computer because something wasn’t fixed. I believe that they’re one of the industries’ best kept secret.
D Lobiondo
18:07 30 Apr 19
They're true problem solvers for anyone with computer issues. We received expert help and courtesy at a reasonable price. We trust them and will return!
Sonya G
03:01 06 Aug 18
I had an excellent experience with Advantage. Aside from being extremely professional and pleasant generally, Zack was incredibly responsive and helpful, even before and after my appointment, and really resolved IT issues in my home office that had been plaguing me for years. I am so relieved to not have to think about this anymore! I will definitely call Zack again should I have any more IT needs.
Camp Sparkles
02:18 05 Aug 18
Al and Zack were so nice and knowledgeable. They figured out immediately what the problem was but instead of fixing it they let me know that my computer was still under warranty and that I should send it back to Dell. I stood in their store for 50 min on the phone with Dell and Al and Zack walked me through the process. I will definitely tell all my friends about their honesty and refer them. Thank you!
Mary Ann Adams
01:23 23 Mar 18
Very professional, excellent work, reasonable price. They definitely know their business.
Clemons Kunkel
06:16 07 Jan 18
Has worked on my computer for years.. Al does a great job and very Friendly. Have brought 3 computer because ever thing Changes. Thanks
Gennady Lager
18:04 17 Aug 17
I hired Advantage Computers to install an access point and improve the wifi signal at my home office. Zack took the time to understand my problem, communicate via email and phone, come up with a proposed solution, and schedule the work. He showed up on time and was very fair on price. The quality of the work is solid. I would hire him for all of my IT needs that I cannot resolve on my own.
Holly Kaplansky
13:09 02 Feb 16
Advantage Computer Solutions is absolutely great. They show up, do what they say they are going to, complete the job without issues (my other computer companies had to keep coming back to fix things they "forgot" to do....) and are fairly priced. Zack is awesome, reliable, dependable, knowledgeable....everything you want in a computer solutions vendor.
trudy holt
19:47 20 Nov 14
Excellent service! I am the administrator for a busy medical office which relies heavily on our computer system. We have used Advantage Computer Solutions for installation, set-up and for service. The response time is immediate and the staff is often able to provide help remotely. Very affordable and honest.... A++!!! Essex Surgical relies on Advantage Computer Solutions.
More reviews

Easy Contact
253 Main Ave, Passaic NJ 07055
Call 973-777-5656
info@advantagecomputers.com
Fax 973-777-5821

© 2025 ~ All Rights Reserved
Advantage Computer Solutions, Inc
Company
Home

About Us

Contact

Testimonials

Blog

Partners

Services
Managed IT Solutions

Medical IT Solutions

Cloud Services

Firewall Installation

Server Solutions

Data Backup and Recovery

Network Cabling Installation

Computer Repair

Virus and Spyware Removal

Testimonials
Zack is amazing! I have gone to him with computer issues for the past few years now and he always finds a way to fix things and at a reasonable price. This time I went to Advantage Computer Solutions to find a new laptop. I needed help because like most of us I had no… Read more “Amazing!”
Amanda Tolve
Cannot say enough good things about Zack Rahhal and his team. Professional, smart, sensitive to small biz budgets and a helluva good guy. Could not operate my small biz without them!
Karen Schloss
stars indeed. So reliable and helpful and kind and smart. We call Al and he is “on it” immediately and such a FABULOUS teacher, patient and terrific. So happy with Advantage Computer Solutions and Al and his AMAZINGLY WONDERFUL STAFF.
Nancy Alberga
I’ve been a customer of the staff at Advantage for many years now. They have never let me down! Whatever my need, however big or small my problem, they have been unfailingly helpful, friendly and professional. Services are performed promptly and effectively, and they are very fair with pricing, too. I am lucky to have… Read more “Whatever my need, unfailingly helpful”
Michael Lesher
I’ve known the Advantage Team for years. They are the absolute best techs in the field, bar none. I couldn’t tell you how many tens thousands of dollars they saved us over the years; they can be trusted to never scam anyone even though they would do so very easily. The turnaround time is also… Read more “Best Kept Secret”
Carlos Santos
I had an excellent experience with Advantage. Aside from being extremely professional and pleasant generally, Zack was incredibly responsive and helpful, even before and after my appointment, and really resolved IT issues in my home office that had been plaguing me for years. I am so relieved to not have to think about this anymore!… Read more “Excellent Experience”
Sonya G
Simply The Best! Our company has been working with Advantage Computer Solutions for a few years, Zack and his Team are AWESOME! They are super reliable – whether it’s everyday maintenance or emergencies that may arise, The Advantage Team take care of us! Our team is grateful for their knowledgeable and professional services – a… Read more “Simply The Best!”
Kara Steible
Advanced Technology Search
The engineering team at Advantage Computers is the best in the business. They are nothing short of technical wizards.
Susannah Rubenstein
Al, Nasser and Zack have been keeping our operations going for over a decade, taking care of our regular upgrades and our emergency system problems. When we have an emergency, they make it their emergency. Its like having a cousin in the business.
lenny steinbach
Lucille Laundry - Monroe St Passaic NJ
In many cases, exceptional people do not receive recognition for their hard work and superior customer service. We do not want this to be one of those times. Zack Rahhal has been our hardware and technical consultant for our servers, Pc’s and other technical equipment since April 2004 and has provided valuable input and courteous service to… Read more “Exceptional People”
John Belly
Cambridge Paving Stones and Wall Systems, Inc
I became a customer about 6-7 months and I can say nothing but great things about this business. Zack takes care of me. I am an attorney and operate my own small firm. I have limited knowledge of computers. Zack is very patient in explaining things. He has offered practical and economical solutions to multiple… Read more “Highly Recommended”
Nick T.
West New York, NJ
THANK GOD for this local computer repair business who saved me hundreds, my hard drive was messed up, i called the company with warranty they said it would be $600, I went in they did a quick diagnostic, and based on his observations he gave me a step by step of the possible problems and… Read more “Life Savers”
Desirée A.
East Rutherford, NJ
I don’t have enough words to express my appreciation for Nassar and Paul, and the other members of Advantage Computer Solutions. I live in Bergen County and travel to Passaic County because of the trust I have in the competence and honesty of Advantage Computers. What a blessing to have such seasoned and caring professionals… Read more “I don’t have enough words to express my appreciation”
Amy Neustein
Advantage Computer Solutions is absolutely great. They show up, do what they say they are going to, complete the job without issues (my other computer companies had to keep coming back to fix things they “forgot” to do….) and are fairly priced. Zack is awesome, reliable, dependable, knowledgeable….everything you want in a computer solutions vendor.
Holly Kaplansky
Minuteman Press Newark
Knowledgeable, Reliable, Reasonable Working with Advantage Computers since 1997 for both personal and business tech support has been a rewarding and enjoyable experience. Rewarding, in that the staff is very knowledgeable, approaching needs and issues in a very straightforward, common sense manner, resulting in timely solutions and resolutions. Enjoyable, these guys are really friendly (not… Read more “Knowledgeable, Reliable, Reasonable”
Ben Rowner
MR Capital Group, Inc
Excellent service! I am the administrator for a busy medical office which relies heavily on our computer system. We have used Advantage Computer Solutions for installation, set-up and for service. The response time is immediate and the staff is often able to provide help remotely. Very affordable and honest…. A++!!! Essex Surgical relies on Advantage… Read more “Excellent service!”
Trudy Holt
Essex Surgical
Advantage offers great advice and service I bought parts for my gaming pc online and they put it together in a day for a great price. They are very professional. I was very satisfied with their service. I am a newbie in terms of PC gaming so they gave me great advice on this new piece… Read more “Great Advice and Service”
Jose
Clifton NJ
Our company has been using the services of Advantage Computers since 2006. It was important to find a reliable company to provide us with the technical support both onsite and offsite. It was through a recommendation that we contacted Advantage to have them provide us with a quote to install a new server and update our… Read more “Great Service, Support and Sales”
John Mezzina
Synatech, Inc.
Our company has been working with Advantage since the 1990’s and have been a loyal client ever since. Advantage does not make it very difficult to be loyal as they offer services from the most intricate and personalized to the global scale. Our company has grown beyond its doors of a local office to National… Read more “Extremely Professional and Passionate”
Cherie Avinger
RCL Agencies, Inc. Clifton, NJ
Advantage Computer Solutions has handled all of our computer and IT needs for the past 2 years. The staff is always professional and the service is always prompt. When your computers are down or not working properly is affects all aspects of your business, it is wonderful to have such a reliable team on our… Read more “Handles all our Office IT”
Jennifer Raspanti
Optimum Orthopedics
Since 1996 the Housing Authority of the City of Passaic has been a client of Advantage Computer Solutions. Our Agency has utilized their outstanding services and expertise to solve our technologic problems and growth over the past eighteen years. We would like to personally thank them for proposing cost effective solutions while reducing labor-intense tasks… Read more “Passaic Housing Authority”
Michael S. O’Hara
Passaic Housing Authority
“When the computer I use to run my photography business started acting erratically and kept shutting down, I was in a panic. I depend on that computer to deliver final products to my clients. Fortunately, I brought my HP into Advantage for repair and in one day I had my computer back. Not only did… Read more “They made sure EVERYTHING was working”
Phil Cantor
Phil Cantor Photography

Rust integration into large projects

No nested build systems

No build.rs scripts

Why proc_macro but not build.rs?

Generated source as crates

Dynamic linkage by default

Current Status of Build Support

Notes

Further Reading

Summary

Easy Contact

Company

Services

Testimonials