Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Unpatched Bloatware on new PCs InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Unpatched Bloatware on new PCs

Published: 2009-07-02
Last Updated: 2009-07-02 10:08:35 UTC
by Daniel Wesemann (Version: 1)
13 comment(s)

I recently purchased a netbook, and while I like the highly portable on-the-go computing that it offers very much, booting it up for the first time was frustrating. The box took its sweet time to install a big pile of bloatware, ranging from Acer's own useless tool suite over trial versions of McAfee Internet Security and MS Office 2007 "Home Edition" all the way to the common culprits like Google Desktop & co. Software I didn't want, had never wanted, and knew full well I would have to tediously uninstall again as soon as the device finished booting. And indeed, the first start up not even fully complete, the nag screens began to appear, begging for attention and money.

Undesired pre-installed software would be annoying enough all by itself. But all this software can (will!) also contain vulnerabilities that require patching in future. As stated in my earlier post today, patching of PC applications is an unsolved problem. By forcing unwanted trialware onto customers, the hardware vendors are contributing to making the patching problem worse.

A secure and bloat-free configuration out of the box would be highly appreciated. We already have enough to worry about keeping a PC secure and up to date during its lifespan, without hardware manufacturers stacking the odds against us even further.

What do you do with the undesired software pre-installed on new PCs?  Let us know in the poll on this page.

Keywords: patching
13 comment(s)
Diary Archives