While software makers are trying their best to ensure that the operating systems and applications they are providing you are secure, the PC hardware makers are not so careful. There are still some laptops from some popular PC manufacturers that come with ‘bloatware’ or some other pre-installed third party software that may allow the hackers to hijack and compromise your PC in less than 10 minutes.
There was an investigation conducted by Duo Security that found vulnerabilities in the update software for five of the most popular PC manufacturers- HP, Dell, Acer, Lenovo, and Asus. All of them were precarious enough to allow anyone to launch a man-in-the-middle attack and run their own code. They also exposed the eDellRoot backdoor, which was detected in Dell PC’s in November 2015. The full report of those vulnerabilities was published 31st May, 2016.
“It doesn’t take much for one piece of software to negate the effectiveness of many, if not all defenses,” they write in their report. “All of the sexy exploit mitigations, desktop firewalls, and safe browsing enhancements can’t protect you when an OEM vendor cripples them with pre-installed software.”
The investigation took place between October 2015 and April 2016, suggesting that some of the flaws might have been patched up. For instance, Dell claims that they took care of eDellRoot flaw that created a minor terror last year. However, don’t consider yourself safe just by jumping for one of Microsoft’s cleaner Signature Edition versions of the PCs. Duo reported that some of these versions may still have the vendor update software, which might leave you in the same boat with someone who bought one of those vulnerable PCs. Also, you need to be careful while using those third-party applications.
