Bloatware causing more security vulnerabilities for Dell, Lenovo, and Toshiba

Whenever you buy a new laptop these days, you are unfortunately greeted with a list of applications that are mostly useless. These applications come pre-installed on a majority of laptops, without any choice from the consumer. As this became the norm for years, the practice has come to be known as “Bloatware”.

In the recent years, security and the protection of our data have been paramount in all things technology related. People are well aware of the dangers of losing their data, being hacked or allowing unauthorized access to their personal information. For those savvy enough, we instantly remove this bloatware from new PCs. However, for those who are not well-versed in the art of “cleaning up” their PC, this goes largely unchanged.

The issue with this bloatware is that the vendors of said programs do not practice the same level of security protocol, as the company’s computer where they have installed their software. Unfortunately, this creates a much bigger issue for security measures on new computers. Allowing these vendors to install their software, which does not match the same level of security, as the parent computer company, means we are leaving holes in our security. This is like installing a home alarm system, but choosing to not have windows installed in your home.

Currently, Lenovo, Dell, and Toshiba are fighting a battle to clean up security issues with pre-installed software on their computers. Lenovo recently had very bad publicity about their own security, with a pre-installed application called Superfish, allowing backdoor access to any computer with it installed. The current issue is the Lenovo Solution Center that monitors computer health and security. If the user has this software running and accesses a website, with the ability to exploit this security hole, it will allow the attacker to install any code for malware.

For Dell computers, the concern comes from their Dell System Detect utility. With a security token downloaded from Dell.com, attackers have the ability to access admin privileges and run commands. Over at Toshiba, their Service Station software can be exploited to give access to a majority of the registry.

The Carnegie Mellon University US-CERT team detailed these findings in a recent post, explaining the vulnerabilities at stake for users. In their post, they break down the issues for each manufacturer’s software, the concerning security risks and how attackers can exploit the end users. For some, uninstalling this software, won’t clear up this problem, but will need to be addressed from the parent company.

All companies involved aware of this security issue are working to rectify this problem. With this recent development, it really brings into question why this software or “bloatware” is continually installed on computers, with these security risks. For those who wish to not be affected by these concerns, avoid use of Lenovo, Dell and Toshiba’s solution center-type software. However, if you want the least amount of any software pre-installed on your computer, considering purchasing a Signature edition device from the Microsoft Store.

Share This
Further reading: , , , , , , ,

Do you think PC manufacturers should stop all pre-installed software?