Dell, Toshiba, and Lenovo PCs at risk of bloatware security flaws

[RV_]

I just bought my wife a Lenovo Touch all in one last night when Best Buy offered me an open box $700 system for $300, we have two dells, and one Toshiba, so if you are affected don't feel alone.

 

Excerpt:

 

"Proof-of-concept exploits have been posted online, catching the PC makers off-guard.

 

A trifecta of vulnerabilities has been found in software preinstalled on a number of Dell, Toshiba, and Lenovo consumer and enterprise PCs and tablets, affecting millions of users.

 

A proof-of-concept that was posted online (which we are not linking to) could allow an attacker to run malware at the system level, regardless of what kind of user is logged in.

 

A user can be tricked into opening a specially-crafted web page, either as a drive-by download or through an email attachment, which could allow an attacker to exploit the flaw.

 

The security researcher, known as slipstream/RoL, confirmed to ZDNet that he did not inform Dell, Toshiba, and Lenovo of the flaws before the the proof-of-concept code was posted online.

 

An advisory, posted by Carnegie Mellon University's public vulnerability database (CERT) on Thursday, said preinstalled Lenovo software ( often known as "bloatware" ) includes three vulnerabilities.

 

As for Toshiba, a security vulnerability was found in the preinstalled Toshiba Service Station, which searches for software updates among other features.

 

For Dell, this is the second major security issue in as many weeks -- and both were found by the same security researcher.

 

slipstream/RoL said that the preinstalled Dell System Detect app, which checks a user's system for issues prior to a support call, can be crudely used to bypass a Windows security feature that escalates a user's privilege."

 

All the details and liniks to check with the vendors are here: http://www.zdnet.com/article/millions-of-lenovo-pcs-vulnerable-to-multiple-security-flaws/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f

[Striper]

Crap, I just ordered a Lenovo today. Sounds like I'd be better off cancelling the order.

 

Joe

[proxima]

I have no problems with my Lenovo, but then again, I did install a ssd and install a new copy of win 10 once I got it. The Bloatware from any company is just crap, and full of security flaws.

[wildmandmc]

when i set up a new customers pc. first thing i do is remove all the bs software. norton, mcafee , best buy app, ect.

[Yarome]

The Bloatware from any company is just crap, and full of security flaws.

first thing i do is remove all the bs software. norton, mcafee , best buy app, ect.

 

Exactly! It's hardly just a brand specific problem.

[RV_]

Yep guys I agree.

 

The idea of my posts like this is to be aware of things to check on if you do not evaluate all the programs on a new PC. To be honest no one can really know all the start ups and accessory programs without a bit of research. I routinely used the Dell identification of my unit program to check for new drivers quickly. The good thing about the news is that folks running truly high security systems with either classified or corporate Intellectual property subject to espionage can take steps if they used it.

 

As I said I just bought my wife a new desktop, a Lenovo All in one B40-30, an open box at less than half retail. I have two Dells, and am not scurrying and worrying.

 

I just started another thread with a list of removal tools for security bloatware as I just use MSE on the one Win 7 Laptop I refurbed for sale. Of the four desktops (one about to be sold and one a micro for the guest bedroom) remaining Toshiba test laptop that is only for testing Windows 10 and updates, our three tablets, one about to be sold, all but one is Windows 10 of my keepers and about to be factory restores and sold and it will go to 10 once Dell finishes a warranty request, all have either MSE for the one 7 unit, and Defender for all the rest.

 

I use Defender and own six lifetime licenses for Malwarebytes Premium. I don't think you can get lifetime anymore, but Malwarebytes Premium is a better deal then Norton et al. Premium is paid for and back in the day it was 14 bucks for a lifetime license, with all future upgrades and updates on sale. Premium is light on resources as is Defender, and doesn't alarm all the time to tell me it is working. The two together are, IMO, more secure than any of the commercial suites alone. Way cheaper too.

 

Let's remember that all systems, all OS', all security measures, can be penetrated if a determined, competent hacker/attacker targeted your system/s. We are low on the target lists of the criminals.

 

Good enough for me are the above. If you harbor criminal activity and/or state secrets or are a domestic or foreign terrorist, you might need more.

 

I don't.

[PeterrThePlumber]

Lifehacker has a good article with links on how to dejunk your new PC. http://lifehacker.com/the-complete-guide-to-avoiding-and-removing-windows-c-1630577558 Lifehacker can be considered a trusted source of information. The other option is to reprogram your new computer using Linux as the OS. Warning, that can be complicated and may not be for the faint of heart. Fortunately most Linux installers will ask you whether you want to keep Windows and dual boot or wipe out Windows.

[RV_]

I have loaded Linux up on my home systems and used to use the Linux based rescue disks when I used to tech and disinfect systems without, in most cases, resorting to a factory restore, and saved the data. I also bought the original Raspberry Pi and used the Linux version for it called Raspberry Debian.

 

It is easy to load and try Linux with live CDs of it. You boot from the live CD and it bypasses your hard drive and runs only from the CD and saves nothing unless you choose to install it. Here is a complete guide to trying out Ubuntu which seems to be popular. http://www.howtogeek.com/128347/5-ways-to-try-out-and-install-ubuntu-on-your-computer/

 

Me I don't like Linux or the DOS-like screens. But one man's trash is another man's treasure. I learned enough to know I much prefer Windows. I have been using PCs since the early 80s Commodores then in the mid 80s my first MSDOS IMB clone, an early 8088 system that had some serious limitations. Computers are now my hobby, not my work and I'm re-tired completely except for some online areas I try to help out in. Escapees members, as I was, helped us immensely when we full timed for 7 years from 1997 to late 2003. They kept saying they wanted nothing, just pass it on. This is my attempt to pay back a great club, and a great bunch of people, with a few grumps thrown in to keep it real.

 

Most are welcome here because we don't have but a very rare rude type come in that is religious about their OS. I support computer diversity. I don't care what your screen looks like to you as long as you like it, or love to hate it.

 

I never thought I'd see the day, but Microsoft is cool again. And they are rolling along with better products than ever. They also earned investors almost 60% profits in the last year.

 

I started this thread about Windows specific issues and how to identify and fix them.

[PeterrThePlumber]

I have loaded Linux up on my home systems and used to use the Linux based rescue disks when I used to tech and disinfect systems without, in most cases, resorting to a factory restore, and saved the data. I also bought the original Raspberry Pi and used the Linux version for it called Raspberry Debian.

 

It is easy to load and try Linux with live CDs of it. You boot from the live CD and it bypasses your hard drive and runs only from the CD and saves nothing unless you choose to install it. Here is a complete guide to trying out Ubuntu which seems to be popular. http://www.howtogeek.com/128347/5-ways-to-try-out-and-install-ubuntu-on-your-computer/

 

Me I don't like Linux or the DOS-like screens. But one man's trash is another man's treasure. I learned enough to know I much prefer Windows. I have been using PCs since the early 80s Commodores then in the mid 80s my first MSDOS IMB clone, an early 8088 system that had some serious limitations. Computers are now my hobby, not my work and I'm re-tired completely except for some online areas I try to help out in. Escapees members, as I was, helped us immensely when we full timed for 7 years from 1997 to late 2003. They kept saying they wanted nothing, just pass it on. This is my attempt to pay back a great club, and a great bunch of people, with a few grumps thrown in to keep it real.

 

Most are welcome here because we don't have but a very rare rude type come in that is religious about their OS. I support computer diversity. I don't care what your screen looks like to you as long as you like it, or love to hate it.

 

I never thought I'd see the day, but Microsoft is cool again. And they are rolling along with better products than ever. They also earned investors almost 60% profits in the last year.

 

I started this thread about Windows specific issues and how to identify and fix them.

 

Dear RV,

I'm sorry if I came across as religious or a Linux fanboy. I also apologize, I do not want to come across as hijacking your thread. You obviously have much experience in the computer OS area. Please know I am trying to give back myself from my experiences, and do appreciate guidance on what is appropriate! Happy Camping!

[RV_]

Peter,
Thanks for participating. And welcome to the forums. I'm nobody here just another member, so no apology necessary. You come across any way you choose to. If I choose to reply I will too. I look forward to any help you can give on my Windows posts, and even my few Linux posts or Apple posts on big developments or security warnings by the industry leaders.

Perhaps you misunderstood, thus my post. We users of Windows love our operating system's power and diversity, even when we gripe about change or a mistake. In the Windows world we have no feeling that any problems we have always are user mistakes and could never be the OS. So we post our questions and gripes and work out the ones we can in public. There's a wealth of help available from each other with billions using it worldwide.

I am answering again and apparently another poster on another thread took my very calm well researched answer as being angry with him or her. If I have to defend my tone to one who reads it all wrong, it appears they may be right. So not having a dog in fighting I just answer with facts. No drama. I'm one of the happy people with no axes to grind. Those who do have them read every other as being the same, and if they can't find anything actually angry they think it is covert! I'm 63 and have 120/70 Blood pressure and no heart or other stress related diseases nor any diabetes etc, just some frame issues that come from a career spanning 27 years in the military. Their guns are always cocked and locked so they expect the same from others.

 

So read the following as my answer was written, in a calm room with some tea, and with enthusiasm.

I don't get the feeling of trolling from you some others have given over the years.

I personally think it disingenuous to post in a Windows thread the comment to switch to Linux or switch to Apple, implying their problems will be over if they do. That is so stating the obvious, as most folks are aware of Linux. And many of the folks here and elsewhere dual boot with Linux or with OSX.

 

Lets also remember that Linus wrote this on a DOSBOX that was affordable because of the PC and the many millions sold. Steve Jobs, after despairing of being able to catch up if he continues losing the performance game with the PowerPC chipset, in 2005 made the announcement that the Mac was changing over to the same Intel chipset previously called by Apple gurus as the "Evil Wintel." That is why a Mac can run Windows, and as proven by the Hackintosh, OSX can be run on Windows boxes, they just have to emulate the extra chip that tells OSX that this is an Apple box so you can go ahead and load on it. Apple sued them out of existence. But having an Intel x86 chipset developed for Windows in a Mac made hacks by folks very familiar with Wintel boxes able to hack OSX too.

 

In other words all OS' have issues and for users of Windows that think it is too complicated just let them know what an Oops is in Linux, and define a kernel panic. There is no OS that just works for everybody, and all take a learning curve.

 

Insofar as Linux being the go to OS to not have OS problems, well that is just not true. Most folks in Linux know what an Oops is, and a page online tracks them and gives how many by month: http://oops.kernel.org/ Here is an example of fixing or debugging a Linux Oops: https://wiki.ubuntu.com/DebuggingKernelOops

 

Don't you agree that a user with issues might have figured he/she bit off more than he could chew getting into that?

 

Well met, and yes I ramble when I get into my areas of interest, and history of our systems is one. But it always has a point, but not pointed.