drjbhl
Ramblings of an old Doc
Good security reasons for uninstalling all bloatware from your computer.
Published on June 5, 2016 By DrJBHL In Personal Computing

 

At this point, very little surprises me, but this really does.

PC makers (yes, even the big ones – Acer, Asus, Dell, HP and Lenovo) install crap/bloatware on your brand new device, to profit from both ends. They install programs of little value to you, but plenty to them as they are paid to install them by the programs’ makers in the hope you’ll subscribe, after a “trial period”.

Well, when you try the programs for the first time, and subsequently, their “automatic updaters” go to work, to make sure you’re “up to date”.

They download binary files which then execute.

"…top-tier software updaters, like those operated by Microsoft and Apple, aggressively secure the process. The most important components of that lock-down, said Duo: Encrypting the device-to-server-and-back traffic using the TLS (transport layer security) protocol, the successor to SSL (secure sockets layer); and digitally signing every update's "manifest," or list of files, so that it can't be changed.

Too bad no one told the OEM updaters' programmers that.

It's a combination of these two things," said Manzuik, referring to encryptionand signing being omitted.

But the lack of manifest signing was the key, according to Darren Kemp, a Duo security researcher. "The manifest drives the updates," Kemp said. "[Only one] was signed at all. If the OEMs had implemented this properly, it would have stopped almost every attack. 'Egregious' really is the word to describe [the OEMs' failures.]"

Duo found security flaws in every one of the updaters it looked at, and with the lack of encryption and manifest signing, judged exploiting those vulnerabilities as trivial, or in the words the company used in a supporting blog post written by Kemp, "The level of sophistication required to exploit most of the vulnerabilities we found is somewhere between that possessed by a coffee stain on the Duo lunch room floor and your average potted plant." – Computerworld

My best recommendation? Uninstall every program you do not need and actively use. If there’s nothing to update, there’s no vulnerability. In fact, with any device you own, uninstall what you don’t need/use, clean the registry (after making a registry backup) and then defrag your disk.

Then, make an external backup.

You might even see a little improvement in speed.

Have a good weekend!

Source:

http://www.computerworld.com/article/3078778/windows-pcs/windows-pc-makers-hang-customers-out-to-dry-with-flawed-crapware-updaters.html


Popular Articles in this Category
Safe and free software download sites for windows
Keep an Eye Out!
A new and more functional PC Manager widget from MS
Popular Articles from DrJBHL
Safe and free software download sites for windows
A new and more functional PC Manager widget from MS
Comments
1
teddybearcholla
on Jun 05, 2016

Bookmarked

2
gmc2
on Jun 05, 2016

Like you, amazed but not surprised.

3
Jafo
on Jun 05, 2016

Bundled software....the bane of Laptops everywhere.

Over the years I've had 5 or so laptops.....still have 2 of them [incidentally both on Win10].

At one point or another....sooner or later all of them had been reformatted...repartitioned...and clean install of [whatever] OS.

Even if somewhere along the line you have to buy a new OS so it can be clean....it's well worth it...

4
ElanaAhova
on Jun 05, 2016

  always helpful advice!

5
starkers
on Jun 11, 2016

Yeah, the HP 2-in-1 I purchased had crap and bloatware installed, with several full, but out of date programs I'd struggle to find a use for....  not to mention various trial-ware games and programs I'd never use in a pink fit. What really annoyed me, however, was all the HP crap I'd never use or need, about 4gb of it, and there was no way was I keeping any of that so used Decrappifier to get rid of it.  It is also free and available at Majorgeeks and other software hosting sites.... and yes, it does all it says it can, which is to decrappify your PC.   After it completes its search and you are presented with the results, you can select [or deselect] whichever items you like.

Seriously, I couldn't see the sense of adding nearly 8gb of unnecessary bloat to a 120gb SSD that's already missing 4+gb to a recovery partition and system files. For mine, it should all be an opt in download if people want various items.  My HP 2-in-1, had several Cyberlink programs for working with video and audio that I found useful, and I kept some of those, but I simply wasn't interested in anything else... trial arcade-type games are just not my thing, nor the trial of Microsoft Office taking up over 200mb. 

Also Decrappifier is free and available at Majorgeeks and other software hosting sites as well.... and yes, it does all it says it can and is easy to use.   After it completes its search and you are presented with the results, you can select or deselect whichever items you like.

 

 

6
JuniorCrooks
on Jun 11, 2016

I agree. HP is one of the worst offenders. Good post Doc.

Meta
Views
» 24107
Comments
» 6
Category
» Personal Computing
Comment
Recent Article Comments
LightStar Design Windowblind...
Let's start a New Jammin Thr...
A day in the Life of Odditie...
Safe and free software downl...
Veterans Day
A new and more functional PC...
Post your joy
Let's see your political mem...
AI Art Thread: 2022
WD Black Internal and Extern...
Sponsored Links
Terms of Service Privacy Policy About Us Contact Us Stardock.com
© 2024 Stardock Corporation. All rights reserved.
JoeUser v1.0.0.0