We've told you before that the "free" software that's pre-loaded on your computers can be a nightmare. That bloatware may be free but there are a couple of problems with it.
One, if you don't want lots of software bogging down your computer and slowing it down, it's annoying. Two, and much worse, some of that software is a gateway for malware and other security problems.
Now, we're finding out that several top-selling laptop brands like Acer, Asus, Dell, HP, Lenovo don't encrypt some of their pre-installed programs while others use easy-to-crack encryption.
The bottom line is, hackers can easily break into these programs to infect your computer with malware, institute man-in-the-middle attacks, give hackers escalated privileges to your computer, and remotely run code on your computer.
Cybersecurity experts examined computers running Microsoft's new Windows 10 operating system and its Windows 8.1. What they found is nothing short of alarming, including Windows Signature laptops that aren't supposed to have bloatware.
They found 12 security holes in these programs, half of which are ranked high-severity vulnerabilities.
"There are more nuanced flaws," said a Duo Labs researcher. "All of these updaters specify their own update manifests where the system grabs an XML file over HTTP." (Dell downloads updates over HTTPS.) "None of the the manifests are signed and they don't use proper engineering practices to make sure the integrity of the manifests is validated properly."
Incredibly, some laptop manufacturers haven't done anything to resolve these problems. Acer and Asus haven't fixed any of their problems, although they're aware of them. Dell has fixed most of its security holes. HP is patching its seven flaws, but it's not finished. Lenovo is going to start removing its affected pre-installed programs later this month.
Here's what to do:
- Immediately accept and install any fixes your laptop manufacturer issues
- Uninstall programs you don't need (For example, on Windows 10: Start >> Settings >> System >> Apps & Features >> click on the program you want to uninstall >> Uninstall.)