Meh. The first thing I do with a new laptop is format and reinstall anyway.
These big-name laptops are infested with security bugs – study
Computers from many of the biggest PC makers are riddled with easy-to-exploit vulnerabilities in pre-loaded software, security researchers warn. The research from Duo Security shows that bloatware is not just a nuisance that causes a lag in system boot-up, but a security risk. Laptops from Acer, Asus, Dell, HP and Lenovo all …
COMMENTS
-
-
Tuesday 31st May 2016 18:44 GMT Ian Michael Gumby
I agree.
For my wife, I first bought her an HP. Had the right components at a decent price.
Only problem was that it was full of adware carp.
Returned it, bought a store brand (Microcenter) which had OS only and then install the microsoft products.
No problems and it runs fine (Until my wife mucks it up...)
-
-
Wednesday 1st June 2016 06:08 GMT Rod 6
Re: HP
For the last few years I've run linux on my machines, mainly because of my work requirements. I've found that the only drivers I've ever had to install are Nvidia/AMD drivers as pretty much everything else is auto detected. Recently, I've found that the open source Nvidia/AMD drivers are good enough not to bother installing the proprietary drivers. I had not used windows for a while, it seems odd to me why all the drivers are not just pulled from the updates thingy.
-
Wednesday 1st June 2016 12:07 GMT Afernie
Re: HP
"The HP website is from my nightmares. It's just so ... corporate.
I went looking for a laptop driver, and got lost for hours in a maze of twisty little passages, all alike."
It's become much, much worse since they hived off the Enterprise division and basically decided they couldn't be arsed to update any links. Whatever you're looking for, on hp.com or hpe.com you can be sure it will be on the other site and the link will be broken.
-
-
-
Tuesday 31st May 2016 20:37 GMT Dadmin
My Lenovo had that crapware, and they put hooks for it to reinstall from the firmware, so merely reinstalling your OS does nothing. Fortunately for me, I got the x220 for free and my old desktop crew zapped out that nasty firmware for me. At least that's what I think happened. The Windows partition lacks any license, so no idea if that worked as Mint is quite happy and won't be bothered by it anyway. The things people do to get their stupid ads in front of your face is quite alarming. So very glad I don't watch commercial broadcasts anymore. I have not seen a TV advert since last year, not including a recent family visit where I saw those old-timey videos that have products in them and you're supposed to pay attention to that or something. Advertising, it does nothing for me.
Now, I would put on some "free" W10, but again; no current license so can't try it out just yet. Thanks for working out all the issues, you regular Windows Guys and Gals! I'm all Mac/Linux/Unix but do dip my toe in every once in a while. Looking forward to trying out W10 on a working box, hopefully later this year.
-
Wednesday 1st June 2016 03:14 GMT AnthonyP69
Hate to tell you this but the X220 doesn't run that software.
The Lenovo issue was with consumer products. Lenovo did have an issue with its Corporate product called System Updater but it has now been patched.
These articles seem to miss the point, most of the issues are with the cheap arse comsumer products. Wish they would list the machines or family the software is used on before carrying on about security issues.
-
-
-
Wednesday 1st June 2016 08:28 GMT Anonymous Coward
"First thing I do..."
That's likely a strong majority of Reg readers. We are not typical. 99% of computers bought by consumers are not reinstalled and keep the crapware. It is a big problem, even if the technically inclined minority doesn't suffer from it.
You might as well argue that phishing isn't a problem because you are smart enough not to fall for it. Or that armed robbery of your home isn't a problem because you have an alarm and keep a loaded gun on your nightstand.
-
Wednesday 1st June 2016 10:02 GMT Hans Neeson-Bumpsadese
Re: "First thing I do..."
Agreed.
I consider myself a typical Reg reader, I work in software dev/design and know plenty enough about computers to build my own from component parts, install *only* the software I want, and have been doing that I built my first Win 95 machine. But here's the thing....
I'm not going to use Linux for my main machine at home. The main applications I use for home use are Windows only (OK, Mac as well, but I'm not making that particular jump because reasons).
Secondly, I have a life. Last time I needed a new PC, I went to the local store, found one with the specs I needed. I bought that and spent a small number of hours copying data and installing software.
Now, I have a machine with some bloatware (mostly disabled). It's not quite what I want, but I was able to get running relatively quickly and conveniently, compared to sourcing umpteen component parts and building everything from scratch.
Even some IT pros do it the consumer way when time is more precious than achieving tech Nirvana.
-
-
Wednesday 1st June 2016 13:38 GMT Aodhhan
Really?
What do you do the reinstall with, the disks which come with your system? Pfftt.. you're just reinstalling the same crap. Look thru the registry after you do the reinstall and you'll see. I don't see most people purchasing a new laptop which comes with an OS, reformatting it and purchasing a clean copy of Microsoft or Apple OS.
-
-
Tuesday 31st May 2016 19:16 GMT Shadow Systems
It's the MS Signature Editions that are truely scary.
Those are _supposed_ to come free of anything but the bare OS, the drivers required to make the device function, & any specific MS Office style software indicated by the customer. It's _not_ supposed to include any 3rd party bloatware since the whole point of paying extra for the MSSE is that the manufacturer isn't getting the subsidies from said 3rd party entities.
So to have the MSSE models riddled with such security flaws implies it's not necessarily the 3rd party crap that's the issue, but the manufacturer's _Drivers_ that open you to such security nightmares.
How the hell are you supposed to protect against something like that? Simply Nuke&Paving the machine to reinstall a fresh copy of the OS is nice, but then you've got to go grab the drivers so you can use all the nifty hardware - those same drivers that open you up to be violated. Unless you're installing a different OS on it entirely that uses different drivers, you're only back where you started.
And doing a N&P to a system to give it a fresh start isn't something your typical John Q. Public is going to know how to do, have the time to do, or give a damn to even pay someone else to do for him - he's just shelled out a thousand or more for his new shiny, damned if he'll shell out even more just some computer wonk can futz with it before he gets to play with his new toy.
How are you supposed to secure your machine if it's already wide open before it arrives? Spend the next few (hours|days|weeks) removing all the crap, patching it to try & stop the leaks, and pray that you're safe, or just throw up your hands to install Linux/BSD instead? That's not something the average user will know how to do, thus leaving the computer wonks to try & educate them about why their nice new shiny is merely a highly polished turd. =-(
-
Tuesday 31st May 2016 20:44 GMT Anonymous Coward
Re: It's the MS Signature Editions that are truely scary.
Seems the only "safe" way to run Windows is in a VM these days. For two reasons:
1. The VM means you can use largely vanilla drivers regardless of the host platform, reducing your vulnerabilities.
2. Most malware is written to detect and not run in a VM, making it an effective antivirus solution in its own right. (A third party one to mop up though is still advised.)
The downsides include reduced performance (especially for video) and some legitimate software will refuse to run in a VM.
I had similar assumptions about the "signature editions", looks like those were unfounded.
-
Tuesday 31st May 2016 22:15 GMT Fuzz
Re: It's the MS Signature Editions that are truely scary.
I think the vulnerabilities are in the OEM driver update software rather than the drivers themselves. It's a shame that the MS signature editions still contain these crummy bits of software. Driver packs for computers should be a zip containing the raw driver files with the inf and no stupid installer. Then just let Windows find the drivers.
-
-
-
Wednesday 1st June 2016 00:38 GMT BitterExScientist
Re: Just load
... +1 As long as you're not making that suggestion to the manufacturers for their consumer PCs. Just imagine the enhancements they could do then, or look at the nonsense the carriers and manufacturers do to Android phones.
This is one case where I would wish Microsoft would be more of an industry bully, if it didn't seem like they're now aiming for these revenue sources as well.
Can I please pay money to receive a computer that already works and doesn't spy on me?
-
Wednesday 1st June 2016 01:00 GMT Herb LeBurger
Re: Just load
@BitterExScientist,
I was at a developer conference recently where Dell had a booth for their Project Sputnik. I asked the dude at the booth what it was all about, he explained that they are Dell laptops with Linux preloaded. I asked "why not just install Mint on a ThinkPad?". He replied, "well if you want to go to all that trouble...". It's no trouble at all, I've been doing it for so long I don't even find it a chore. Just part of playing with the new shiny. And does anyone think Dell can resist putting crapware on their Linux boxes?
-
Wednesday 1st June 2016 06:16 GMT Shadow Systems
@Herb LeBurger, RE: Dell & Linux.
I've been doing research into purchasing my next system, a desktop with a 6th gen, quad core, 4GHz Intel i7 with 32Gigs of DDR4 RAM & a 250Gb M.2 SSD.
I have gotten quotes from folks at places like System76 for as low as USD$1,200, but when asked about such a system from Dell, the rep gave me a quote for over USD$1,600. That's with Ubuntu on it, NOT Windows. I was shocked sick at the price & asked WTH made a *Linux* system so expensive from Dell. He replied that it was "because we have to use only certain components to be compatible with the twitchy nature of Linux". O.o? W.T.F?
I thanked him for his time & struck Dell off my list of vendors from which to purchase. That same desktop (from Dell) but with Windows would have cost me about the same as from S76. I'm so disgusted with Dell at this point I want to go slap someone there & demand to know what they were thinking, IF they were thinking at all.
I know it's only my anecdotal evidence & YMMV, but if you want a Linux machine I'd say go with anyone OTHER than Dell. They seem hell-bent on screwing you over for the "priveledge". =-|
-
Wednesday 1st June 2016 06:56 GMT MacroRodent
Re: @Herb LeBurger, RE: Dell & Linux.
but if you want a Linux machine I'd say go with anyone OTHER than Dell.
All big PC vendors are like that. Dealing with a small-scale PC assembler where you can specify known Linux-friendly components is a better way. The result is also likely to be more upgradeable and repairable, as it will contain only generic parts, instead of funny stuff specially molded for Dell, HP or whatever.
-
-
-
Wednesday 1st June 2016 03:54 GMT MacroRodent
Re: Just load
.. +1 As long as you're not making that suggestion to the manufacturers for their consumer PCs. Just imagine the enhancements they could do then, or look at the nonsense the carriers and manufacturers do to Android phones.
On the other hand, a laptop manufacturer that simply pre-loaded an up-to-date, well-known Linux distribution with NO "enhancements" (apart from harmless ones, like a branded default background image) could now stand out from the crowd, and win friends.
Not doing this was where the original mini laptops went badly wrong. They had oddball Linux versions that didn't have any software repositories, no community, and required the manufacturer to do all support, which they typically did not do well, and soon dropped (my experience with an Asus EE PC 901).
-
-
-
Tuesday 31st May 2016 20:35 GMT Herby
Uninteresting, but simple test...
Just put a brand new machine on a publicly available (exposed) IP address, and wait. See how long it takes a "brand new" machine to become taken over.
My understanding is "not long" is a typical answer.
No, I wouldn't do this without some very good isolation and monitoring.
-
Tuesday 31st May 2016 20:50 GMT Rusty 1
Re: Uninteresting, but simple test...
Something I find intriguing about this (potential) suggestion is how to go about achieving it.
Assuming a domestic environment, every router I've come across (OK, not so many - a couple of Zooms, a few from BT, and a bunch from Draytek), really are plug-and-play with complete blocks on incoming connections. You have to fight (sometimes hard) to permit incoming connections.
Just what are people doing to be exposed to intrusions? Is it really as easy as walking naked into the whore pits of 'pork?
-
Tuesday 31st May 2016 22:05 GMT Roland6
Re: Uninteresting, but simple test...
Something I find intriguing about this (potential) suggestion is how to go about achieving it.
Surely the simplest is to use a mobile broadband dongle and disable the Windows firewall? Then the system becomes a node on the Internet with all ports potentially open - assuming no carrier NAT...
-
Wednesday 1st June 2016 12:34 GMT DropBear
Re: Uninteresting, but simple test...
"Surely the simplest is to use a mobile broadband dongle and disable the Windows firewall? Then the system becomes a node on the Internet with all ports potentially open - assuming no carrier NAT..."
That's a mighty bold assumption. With the industrial amount of these things in existence at each carrier and the existing IPv4 shortage, do you seriously think they just give you a routable IP for each one of those...? Out of curiosity, I just switched my WiFi off - and my IP immediately jumped to a "local" 10.x.x.x one...
-
Wednesday 1st June 2016 14:05 GMT Roland6
Re: Uninteresting, but simple test...
That's a mighty bold assumption. Yes!
Basically, as Rusty 1 indicates, in the domestic environment, without doing battle with the router configuration, the only/simplest way to expose an end system to the Internet is to directly connect it to the Internet without a router. There are really only two options: connect the system directly to an xDSL modem - common practice in the early years of ADSL or use a mobile dongle - which is also becoming less common as users switch to using handsets or MiFi devices as WiFi hotspots.
Now both of these as you indicate are conditional on whether or not your carrier/ISP provider uses NAT or not. From my experience (in the UK) it seems many ISP's do give out fully routable IP addresses; whilst I've done some rather extensive trials with mobile broadband - using the dongles as backup to a leased-line service, I've not actually bothered to verify that my system has exclusive use of the dynamically assigned IP address.
-
-
-
-
Wednesday 1st June 2016 18:17 GMT Vic
Re: Uninteresting, but simple test...
Just put a brand new machine on a publicly available (exposed) IP address, and wait. See how long it takes a "brand new" machine to become taken over.
For many years, Russell Coker put the address of his machine on his website, along with the root password. Yes, you could SSH in as root.
It's gone now, but AFAIK no-one ever managed to do anything nefarious with it...
Vic.
-
-
Wednesday 1st June 2016 00:39 GMT Anonymous Coward
Buyers must stop buying until there is choice...
I refuse to help family friend / colleagues anymore with Windows. Been doing this now for about 5 years and its lost me some friends and gotten sneers. But hey, its necessary. Ask the shop for Linux, and if they stare blankly then walk away. But do not buy the lie that is Windows-10 / bloatware infested PC's..
-
Wednesday 1st June 2016 01:00 GMT W. Anderson
Swiss cheese of Operating System software
Just today, ZDNet had an article directly comparing Mac OS X with Windows 10. Unfortunately the article authors chose to focus on superfluous criteria such as "popularity" of OS, "installed base" - by numbers and very innocuous concepts of ease of use and preference, purely personal choice criteria.
Instead the facts of this TheRegister article should have been an important consideration, along with elements of Reliability, Flexibility/Scalability, Return-on-Investment (ROI), performance and critically Very Good Security - the topic of this article.
A few years back IBM did a detailed study on the total costs - initially and long term (1 year) of a name brand Windows PC costing $500.00 from Retailer. At end of the year, the overall costs rose to more than $1400.00 given the costs of Operating System (OS) regular as well as malware removal/re-install of OS and applications, and the value of "lost productivity" of not having designated user doing meaningful work, other than challenging Tech Support/Help Desk almost every day.
The details of this article should once-and-for-all put to rest the argument and noise from Microsoft shills that their beloved OS in the great performer or has value always claimed.
I personally prefer an established GNU/Linux distribution that has not only proven unequivocally more reliable, powerful especially more secure than any iteration of Windows -, but has been/is being adopted in moat European Union countries, the US Pentagon, many US and International technology Universities, NASA and EU space Agencies, The US department of Energy research laboratories (11 in all) and dozens more governments, national education systems, technology organizations, the USA and international financial/Banking sectors, and more.
-
Wednesday 1st June 2016 14:17 GMT Roland6
Re: Swiss cheese of Operating System software
Re: ZDNet article
These types of articles are far too common.The really worrying thing is how many I've seen over the years that have evaluated security software eg. AV and Firewalls on superfluous criteria that have no real bearing on whether the software can actually do the job it is intended to do.
-
-
Wednesday 1st June 2016 03:39 GMT ben_myers
Kit accessed???
The kit accessed are all computers that can be bought cheaply in mass market big box stores, i.e. cheap consumer grade computers. Of course the vendors will load crapware on their crap computers.
How about if the company doing the study does some heavy lifting for a change and repeats its analysis with business-class computers such as Lenovo Thinkpads and Dell Latitudes? Betcha the results would be different, as with Snapfish, found only on Lenovo consumer models.
It's a shame that the chart with the green check marks and red X's does not have an accompanying legend. Is green "good", i.e. no vulnerability, or is it an affirmative check that there is a vulnerability?
-
-
Wednesday 1st June 2016 06:40 GMT Shadow Systems
Re: Just Buy
For starters please see my post in reply to Herb LeBurger above for background, then return to this post. Done that? Good.
In doing my research I tried to configure a Mac Mini to match the specs already mentioned, or as closely as possible. The best that Apple could do was a 4th gen, dual core, 3GHz Intel i7 with 32Gigs of DDR3 & a 250GB SATA-3 SSD for USD$1,400. Read that again. A two generation old, half as many cores, a full GigaHertz slower, slower RAM, & a slower SSD, for *MORE* money than others wanted for better hardware.
From a consumer's POV (especially taking the wallet into account), it's VERY hard to justify spending more to get less, even if it DOES free you from the shackles of Microsoft. I mean, would you buy an electric car over a gas powered one, if the electric could only go half as fast, half as far, & used technology that other car manufacturer's had stopped using nearly two years ago? Sure it's fast, sure it gets the job done, but being asked to spend more for less is just galling.
So yes buying a Mac is a good way to get off the MS treadmill, but not when you're having to pay more to get less. You've traded DOWN in capability to trade UP in changing the shackles of MS for Apple. Bah.
-
Wednesday 1st June 2016 07:29 GMT Anonymous Coward
Re: Just Buy
Rubbish
I traded up to OSX so I could get my life back, not have to keep nursing CRAPOS to get anything done, and now I am more productive.
All my toys talk to each other, seamlessly, no more android/windows dicking about.
It quality over quantity, and I would gladly pay more for less if it means I have a better quality of life.
You did read this
http://www.theregister.co.uk/2016/05/27/sleep_of_death_windows_10/
didnt you?
-
Wednesday 1st June 2016 09:00 GMT gizmo23
Re: Just Buy
Well that's just the 'time or money' equation. If you're in the happy position of always being able to get more money, then time will be more valuable because it is a limited resource. However, a lot of people don't have that luxury and have to compromise between the two. In that case the cost may exceed the benefit because the time gained has to be spent getting the extra cash to be able to afford that shiny macbook.
-
-
-
Wednesday 1st June 2016 18:09 GMT Anonymous Coward
Re: Just Buy
Yep, and control the SCADA network how? Not to mention the myriad of devices out there that don't have MacOS X drivers.
Ohh, run Windows/Linux you say? I can tell you from personal experience, running Linux on a MacBook can be a nightmare when it comes to WiFi as Broadcom show complete and utter contempt for the open source community regarding their chipsets. Apple's EFI firmware isn't any better either.
So no, not a "solution".
-
-
Wednesday 1st June 2016 07:02 GMT jzl
The onus is now on Microsoft
The major vendors are a mess when it comes to drivers and software. All of them. Update strategies are adhoc and patchy, at best. Drivers are invariably buggy, inconsistent and bloaty. And it's been this way for years.
There are only a small number of major manufacturers, chipsets and key devices now, so perhaps it's time that Microsoft started directly writing first class drivers that support the entity of these machines as a whole.
It's the only way they've got a hope of bringing the user experience up to where it should be.
-
Wednesday 1st June 2016 07:36 GMT nematoad
Re: The onus is now on Microsoft
"...so perhaps it's time that Microsoft started directly writing first class drivers that support the entity of these machines as a whole."
And where pray is the profit for MS in doing that?
They didn't get where they are today by giving the purchaser what they need, just what they are given. MS has made a lot of money by pumping out the absolute minimum in the OS. Want any more? That'll cost you. Having the drivers included with the OS is not impossible, just look at Gnu/Linux to see that. It's just that MS is fat and happy with the way other people pick up the pieces to actually make the thing work and that's not going to change.
-
-
Monday 6th June 2016 10:32 GMT rohnski
Don't keep the problems secret!
I just bought a new Asus.
So don't just say there is buggy crappware installed, either give us the program names for each laptop or give us a link to an article that does name them. I really want to know if I can uninstall this crapware or is it "required" by the builder?