Bloatware is a problem faced by many PC owners. You just bought a brand new PC, but it’s already loaded with software you don’t need.
This junk software – called bloatware – is more than just an annoyance. According to a new security report, it creates a major flaw in your computer’s security.
This past week, Duo Security released a report stating that Acer, Asus, HP, Dell, and Lenovo all ship with software that contains at least one vulnerability with the potential of allowing an attacker to run malware at the system level.
In other words, all major PC manufacturers ship with one flaw that completely compromises their security.
Why Do PC Makers Install Bloatware?
PC makers install bloatware to boost their profit margins – it’s as simple as that. It’s an easy and effective way to generate money on low-margin products.
User security be damned, PC makers are going to make money by pre-loading their computers with bloatware.
Bloatware generates money in two different ways:
-Some companies earn money when you use their own in-house software and bloatware, through advertisements or user subscriptions
-Other companies earn referral income by say, giving you a 30 day free antivirus trial on your computer before asking you repeatedly to pay for the full subscription
The “Average Potted Plant” Could Exploit These Flaws
Sometimes, when researchers find a security flaw, the flaw is so difficult to access that you need an elite skillset to do so.
That’s not the case with these bloatware-level exploits, according to Duo Security. Instead, an “average potted plant” could exploit the flaws.
Duo’s researchers specifically identified 12 different vulnerabilities. Half of those vulnerabilities were rated as “high”, which means they had a high probability of being exploited (in other words, exploits were likely already available online and being practiced by attackers).
Fortunately, most of the higher-priority flaws were fixed by the major PC manufacturers. Dell and Lenovo responded to the report and “worked swiftly and closely with Duo Security to mitigate the issue and publish a security advisory”, according to a company spokesperson.
Meanwhile, Acer, Asus, and HP have not yet responded to the report and it’s unclear if they have fixed the exploits.