Has Acer Left Its Customers Wide Open To Attacks?
from the security? dept
Sony BMG got itself in a bit of hot water when it was discovered that some of the company's CDs installed rootkits on consumers' PCs. It remains a sticky subject a year later, not just for Sony, but for other companies who want to use similar types of products to exert an inordinate amount of control over a user's computer. Now, some people are wondering if Acer has been installing an ActiveX script that allows a web site to run any program on the computer it sells, perhaps as far back as 1998. There are plenty of reasons a PC manufacturer might want to do this -- remote support or updates, for instance -- but it's hard to think they justify leaving users' PCs open to attack in such a wide-open way. Call us crazy, but it seems like PC makers should be helping to protect users when it comes to security, rather than making it easier for them to be attacked.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
open door
(this is safe - it just launches calc)
http://yro.slashdot.org/comments.pl?sid=215582&cid=17506598
It's a deliberate backdoor, and worse than that it's been there for 8 years!
Yikes.
[ link to this | view in thread ]
Old news, Surprised it's still around
[ link to this | view in thread ]
Re: open door
But thats never stopped them.
[ link to this | view in thread ]
Not Surprising
[ link to this | view in thread ]
Re: Re: open door
Let's state this as clearly and simply as possible:
If you buy a computer with a pre-installed operating system or software you should not trust the security of that system.
Every admin and CTO should heed this and take it very seriously. Purchase your hardware sans operating system and install your own. It is a myth that you can only buy hardware with Windows installed, find a supplier that isn't pressured to bundle by Microsoft - even if it costs more (the costs of wiping as well as reinstalling will be greater).
Do not buy bundled operating systems unless you want to leave yourself wide open. You cannot trust the supplier.
[ link to this | view in thread ]
Re: Not Surprising
This is a plugin, not an exploit at all. Although this particular plugin was written using ActiveX, it COULD have been a java class, and preinstalled in any browser that supports java.
[ link to this | view in thread ]
Re: Not Surprising
If you dont run as admin, you can't be owned. (I am well aware that most windows users run as admin)
If you dont run IE, you can't be owned (I am well aware that most windows users use IE)
If you dont have this plugin installed, you can't be owned (how can you call it an exploit in X if it requires installation of Y to actually exploit?)
The fact is, the exploit here is of acer's stupidity and/or carelessness taken root in Microsoft's incredibly overoptimistic security paradigms as expressed in far more software than just 'windows'
[ link to this | view in thread ]
Re: Re: Re: open door
[ link to this | view in thread ]
_.-;;-._
'-..-'| || |
'-..-'|_.-;;-._|
'-..-'| || |
'-..-'|_.-''-._|
[ link to this | view in thread ]
Re: Re: Re: Re: open door
A) BSD
B) Solaris
C) Plan9
D) Microsoft Windows
E) OSX
clue: WORM SOWN DISC OF IT
(shame there wasn't an extra S and H isnt it)
[ link to this | view in thread ]
Only an idiot...
I've had an Acer for years and never saw this problem - probably because I never used the system without a rebuild. The moment it came out of the box, I booted it straight to XP setup and reinstalled.
[ link to this | view in thread ]
Re: Only an idiot...
The recent Acer 5100 I purchased had no less than 3 FAT32 partitions on it - Primary+Mirror and Recovery. A 100GB disk emasculated into something resembling 36GB. That, and all the crapware that was installed made it necessary to resinstall a fresh copy of *anything.*
Warranty? Meet Ghost.
[ link to this | view in thread ]
And the moral of the story is...
Without a substantial loss in consumer confidence that translates immediately into lost sales, there is no incentive for other companies to behave any better.
In short, make the world a better place - don't buy an Acer.
While you are at it - don't buy Sony.
[ link to this | view in thread ]
Re: And the moral of the story is...
The posts above saying don't trust someone else's install, make your own (and Ghost it if you have to in order to stay in warranty) are right on the money. Because the real moral if you need one, is the age-old "if you wanna get something done right, do it yourself".
Otherwise you'll carry that mantra to extreme, avoiding all manufacturers and be reduced to making your own microchips from raw silicon, etc. Maybe *YOU* can do it, if so, kudos, but it's a waste of my time.
[ link to this | view in thread ]