Dell, Toshiba and Lenovo Utilities Expose PCs To More Attacks

jones_supa writes: It turns out that OEM helper software is still often quite fragile and can expose systems wide open to attack. Currently Lenovo, Dell and Toshiba all have unpatched vulnerabilities in their various support utilities for Windows. These vulnerabilities were discovered by a security researcher who goes by the name Slipstream, and he has posted details onlinealong with proof-of-concept exploit code. The vulnerabilities allow arbitrary code execution, planting malicious files and modifying system registry values.

Re:

[Anonymous Coward]

may allah make all your goats pretty

Re:Yup

[Anonymous Coward]

Most companies that produce PCs view the software side of things as a value-add - it's a checkbox criteria "put some shit on the box so we can say we have more shit". Unfortunately they view the software precisely like this - it's just shit, and it gets hacked together on a shoestring budget with no testing whatsoever. For most of us it'd be better if they just didn't add it in the first place.

Re:Yup

[ArmoredDragon]

A note on this, that I think is very important, is that Microsoft likes to stress that genuine Windows guarantees you'll be free of malware and exploits, but this is just false. In fact, I might even go so far as to say that it's the least guarantee (with the exception of Chinese flea markets.)

The one and only way to guarantee that your copy of Windows isn't infected with malware is to do the following:

Download the ISO from The Pirate Bay (use terms like untouched or MSDN with the OS version you download) and run an SHA1 hash against it. Google the hash, and if it matches what Microsoft publishes on the MSDN site, then you have no chance of being compromised.

Burn that or copy it to a thumb drive, boot it from bios, press shift+f10, type 'diskpart', type 'list disk', then 'select disk #' (where # is the primary boot disk number you see listed; likely disk 0), then 'clean'. There, now you've eliminated any chance of malware (and yes, this also wipes out the recovery partition, but you don't want it anyways as it likely contains exploitable OEM crapplets, plus it's needlessly using up part of your primary disk.)

Re:

[Ed Tice]

Uh this is no more secure than if you paid for a retail copy and also verified the SHA1 or purchased an MSDN subscription. Vendor-installed OS may come already compromised or with malware installed. If you want to save money, you could achieve the same thing installing Linux and the steps to download are a lot simpler. I realize it's fun to get modded up for encouraging pirating Windows but it's not really a behavior that should be supported. The alternative to paid Windows is free Linux not pirated Win

Re:Yup

[ArmoredDragon]

Uh this is no more secure than if you paid for a retail copy and also verified the SHA1 or purchased an MSDN subscription.

The problem with a retail copy is that your software that rips it is invariably going to place its own timestamps and other variations in the file, so your checksum likely won't be valid. An MSDN subscription is also likely too expensive for most people.

I realize it's fun to get modded up for encouraging pirating Windows but it's not really a behavior that should be supported.

If you buy a computer that has Windows installed, and it comes with a COA, then you already own a paid copy of Windows. If you look at the license terms, the COA itself is proof that you own a copy of Windows, and so long as you install the same edition (home, pro, etc) and license channel type (retail, upgrade, OEM) to match that COA, then it's not a pirated copy. Want a simple way to ensure that? Easy: Download the best version possible (i.e. for 7, get ultimate, for 8+, get pro) and then when it asks, just type in the key listed on the COA. It will automatically select the version you've paid for and install it, and likewise it will even activate just fine with Microsoft's servers (or call in, if necessary.)

Re: Interesting, thank you I will try this out

[xiando]

A computer illiterate friend has a Windows-infected computer and would like to replace the HDD with a SSD and has been nagging me to do it (because I must know how since I've used GNU/Linux the past 15 years and have no idea how Windows works). If I can just download some ISO for the version already on the old hard-drive and type in the things on the sticker and it'll be a genuine copy then that's fantastic.

As for the parent poster who was talking about "pirating" Windows: Please go kill yourself or give me my money back. You can't buy a non-Windows-infected computer and most of us have paid for dozens for Windows licenses that we've never ever used. If I ever do "pirate" a Windows copy then you can subtract that one against the zillion I've already paid for.

Re:

[PincushionMan]

No, the sticker is NOT guaranteed to work with a RETAIL or MSDN ISO. If you can get an ISO from that OEM it will likely work, but you still might have to activate by phone MS. If you grab a Dell OEM disc for a HP computer, you certainly will.

Instead of going that route, get a couple of extra files from the OEM Project, and you can install pre-activated copies of Windows 7 / 8 / 8.1. Here's a link to the project [mydigitallife.info]. Good luck.

There is also a z_a_D Loader (reverse those letters and remove the underscor

Re:

[ArmoredDragon]

No, the sticker is NOT guaranteed to work with a RETAIL or MSDN ISO.

There's an easy to make it work if it doesn't: Simply delete the ei.cfg file. In fact, that's the only thing that sets the difference between the different version discs since Vista and up.

There is also a z_a_D Loader (reverse those letters and remove the underscores) on that site. It could help you, in the case he has a Dell motherboard in a HP case, and wishes to have HP branding instead of Dell. Windows 7 only, and disk cannot have GPT. I know nothing about it though. You didn't hear it from me.

If you're going that route, then just use any ol' ISO you want (so long as hash is correct) and tell the Daz loader to activate based on your BIOS SLIC image. It will convert whatever you have to an OEM copy, and it won't even need to install its bootloader.

Re:

[Ancil]

http://answers.microsoft.com/e... [microsoft.com]

If his computer was made by a manufacturer which is still around, he can get a recovery DVD from the company for a small fee.

If not, see the section of the page titled "What to do if you cannot get recovery media from your manufacturer". Basically, you take a retail copy of the OS in question and delete a .cfg file. That will allow you to install the OS using an OEM key. This is actually a lot easier if you use a thumb drive to install the OS rather than a DVD, since with a

Re:

[PincushionMan]

The problem with a retail copy is that your software that rips it is invariably going to place its own timestamps and other variations in the file, so your checksum likely won't be valid. An MSDN subscription is also likely too expensive for most people.

This is decidedly not true, even back in the Windows 98 days. From what I recall, all you had to do was to ensure that the disc had the same name.

If you buy a computer that has Windows installed, and it comes with a COA, then you already own a paid copy of Windows. If you look at the license terms, the COA itself is proof that you own a copy of Windows, and so long as you install the same edition (home, pro, etc) and license channel type (retail, upgrade, OEM) to match that COA, then it's not a pirated copy. Want a simple way to ensure that? Easy: Download the best version possible (i.e. for 7, get ultimate, for 8+, get pro) and then when it asks, just type in the key listed on the COA. It will automatically select the version you've paid for and install it, and likewise it will even activate just fine with Microsoft's servers (or call in, if necessary.)

Also not true. There's a way outside Microsoft to pre-activate software (at least Windows 7). All that are needed are some certificate files in the OEM/$$/OOBE section of your install DVD or USB.

Let me direct you to MDL [mydigitallife.info], specifically the Projects & Applications area [mydigitallife.info]. To be clear, this is not a piracy site, this is just a bunch of hackers working on things

Re:

[ArmoredDragon]

This is decidedly not true, even back in the Windows 98 days. From what I recall, all you had to do was to ensure that the disc had the same name.

This depends on a few things; namely, what retail copy did you buy? Not all of them are on MSDN, as that isn't its intent. In addition, as I stated, some tools add their own bits and do things in their own manner. Using a tool like dd will get you a proper hash, but again, assuming you have the right disc.

Also not true.

It's very much true, and nothing you say below contradicts what I said.

There's a way outside Microsoft to pre-activate software (at least Windows 7). All that are needed are some certificate files in the OEM/$$/OOBE section of your install DVD or USB.

Why go through all of that when you can just type in the key? Granted in some cases the ei.cfg file is set so that it's only for a cer

Re:Yup

[houstonbofh]

No but the PC Decrapifier will... https://www.pcdecrapifier.com/ [pcdecrapifier.com]

Re:

[Dutch Gun]

Or, for people who would prefer not to install some third-party crapware to get rid of other third-party crapware... you could type "windows start" into search, and it shows "See which processes start up automatically when you start Windows". Click on this (or press CTRL-Shift-Escape and click on the "Startup" tab), and you see a list of these processes. You'll see a category called "Startup Impact", with values of Low, High, or None (if disabled). You can right-click and disable these items right from t

Re:

[houstonbofh]

Convenience... Reinstalling an updating Windows can take over a day. The Dell Decrapifier (Old name) takes a few minutes. And it is trusted software these days.

well, of course they do

[turkeydance]

haven't they always?

Re:well, of course they do

[perpenso]

haven't they always?

I don't know. I've been building my own PCs and installing OEM Windows since 486 days. I also use this thing called the "No" or "Cancel" button when installers and websites generously offer me things I was not looking for. I really don't understand many of the PC/Windows problems that so many talk about. ;-)

Re:

[Anonymous Coward]

Jimmy, you're a very special child. It would seem you have the ability to tell the difference between actual content, and ads.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

you might not want to admit that in public, some of it is free for non-commercial use. installing it as a system builder is commercial use unless you have permission

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[RH434]

I DO know. I have been building PC's and installing OEM Windows since the 286 days. Way back then, Windows was a program not an operating system. You used DOS and had complete control over your drive, partitions, memory and installation of selected programs. (Anyone remember DEBUG C:8000) Today, the OEM loads it for you, with multiple sometimes hidden partitions with bloatware they were paid to install with Windows and other exploitable software as the OP stated. It is not the same as just checking NO when

Re:

[perpenso]

You are confused about the checkboxes being referred to. I am referring to something like the installer of a program you genuinely want that has a default opt-in checkbox offering to install some 3rd party's toolbar/extension for the web browser.

Crapware does not solely come from PC vendor bundling. It also come from various websites and software application bundle's, insidiously default opt-in with respect to the later.

OEM Windows is only part of the solution to a clean PC. One must also pay attentio

Re:

[unixisc]

I don't know about these 3, but I have an Acer that came w/ a lot of utilities to make Windows 8 more usable. After I upgraded to Windows 10, they're totally useless. When I add a new user, they don't even show up.

Doh!

[deviated_prevert]

You have a doughnut in the low level of your operating system that can communicate online without OS kernel protection, so essentially you boot to ram a executable that can modify the OS section of windows with impunity. About the same as Homer Simpson putting a doughnut into the reactor core to moderate the control rods!

One can dream

[Anonymous Coward]

I really wish that there was a way to force hardware manufacturers to ship a vanilla OS without the value-added crapware. Maybe then older Android devices could get security updates, Windows and Android would be more secure and I wouldn't rage when stories like this hit the news. Again and again and again.

Re:

[mikael]

You can. Those local shops that build PC's for you can also get you a vanilla Windows install CD without the crudware. Your on your own with hardware drivers though.

Re:

[dwywit]

Most mainboards have the driver disc included - although the driver disc also has "value-added" crapware. I mostly use Gigabyte boards - you just have to install the drivers individually, rather than let the disc's autorun install everything.

90-day trial of Norton Internet Security? Thanks, but no thanks.

Re:Really?

[justthinkit]

Yeah, but there is a new threat/consideration.

I wanted to perma-block Windows 10 on the machines I look after. Ran the batch file that turns everything off. Job done.

Two days later I notice the GWX icon on an HP machine. The "helpful" HP utilities (that I never consciously invoke myself) must have summoned the evil that is WX.

So I re-ran the perma-blocker AND did my best to kill all vestiges of HP helpers on the machine. So far so good.

Re:

[justthinkit]

Couple I've looked at:

DisableWinTracking [github.com]

I'm not sure where I got BlockWindows, so I'll just upload it here:
BlockWindows [just-think-it.com]

Re:

[Anonymous Coward]

The best is when you try to uninstall HP Security Centre, but Windows refuses to run the uninstaller because... wait for it... HP _revoked_ the certificate the uninstaller is signed with! Oh it's hilarious - let me get this straight:

1. HP signs crapware with certificate X.
2. HP pre-installs crapware on a zillion PCs/laptops.
3. HP certificate ends up in the hands of retards who use it to sign a bunch of malware.
4. HP panics and revokes the certificate.

And now, due to HP's endless stream of incompetent

Windose Again

[Anonymous Coward]

Oh FFS:

"LSCTaskService is further associated with a file called LSCController.dll, which contains methods that can be called using HTTP GET and POST requests to its port. LSCTaskService can be made to run arbitrary code in the unprotected directory %APPDATA%\LSC\Local Store with system privileges, using a LSCController method called RunInstaller."

So javascript on a website can run arbitrary code with system privileges! FFS.

And Dell too? Having been caught installing a backdoor cert on its PCs, here it is again.

Re:

[viperidaenz]

It's not Window's fault.

it's not really any different than buying a pre-installed Linux computer that has a OEM utility running as root that does the same thing.

Re:

[TylerJWhit]

If Windows coded it, it's Windows fault.

This is why I went with a refurb

[Anonymous Coward]

My mother's old Lenovo T41 recently crapped out on her finally and she almost went ahead and replaced it with a new Lenovo on her own. Luckily I stopped her with a stern lecture and bought her a spotless refurb'd HP elite book with a clean install of just win7pro that will do everything she needs and more. She had a huge disdain for anything "used" at first but when I educated her on superfish and other factory-grade malware that reassured her and she's loving it.

Now... if I get a call from her about allowi

Re:

[KGIII]

For those that don't speak the language, that's Welsh for, "Hello."

Use your consumer powers

[AHuxley]

Consider hardware brands that are more about a real clean OS install.
Consider other better OS options.

Re:

[KGIII]

They've already proven that they can't write secure software and you want us to give them our credit card?

Really? Such shocking news...

[JustAnotherOldGuy]

"It turns out that OEM helper software is still often quite fragile and can expose systems wide open to attack"

Yes, we know.

In other news, water is still wet, the Sun still rises in the East.

blatent malware

[slashmydots]

The last fairly new HP I worked on has no entry in the uninstall list for "Hp Support Assistant." I traced where the program launches from and it uses an acronym to hide behind. Then the uninstaller the directory actually references some HP solutions framework thing. I tried removing that from its entry on the control panel and it said it can't remove it because it was needed by the HP Support Assistant. So I ran the uninstaller directly from the directory and it did quite literally nothing. So I had to remove the entire directory and every reference to it in the various boot time locations in the registry to truly kill it. That's what I like to call malware. It literally violates US laws pertaining to software having to be removable by the user if they want. I'm sure there's some preinstallation EULA BS to get around it though. Great upgrade to that crapware, HP!

Re:

[KGIII]

Which laws are those? I'd be interested in reading them.

Re:

[slashmydots]

Really? Because it sounds like you're just a sarcastic jackass. There are two software laws in the US and this is one of them. You must get permissions to put software on a system. You must allow the software to be removable. You go look them up if you're so damn interested.

Re:

[KGIII]

See, I did. I didn't find any such law. That's why I asked. If you have one by name then, by all means, I'd love to read it and see some case law.

Re:

[sasparillascott]

Amazing the lengths they go through to make it so you can't uninstall their "utility" and HP isn't even on this "bad list". I wonder if that is because this guy just didn't get to them yet? I can understand the PC Vendors wanting it on there - for the consumers that call them and have no clue after they've botched things up...but making it so you can't uninstall it moves into the realm of them thinking its their computer and not mine.

This is the 2nd serious security botch up recently for Dell, the NS

Re:

[Anonymous Coward]

HP does install a lot of junk. 250 megs for a printer driver is absolutely insane.

I have found one of three ways to have a decent computing experience away from online trespassers:

1: Buy a Mac. Apple does have settings, but they are obvious and can be turned off. Once off, they stay off. Plus, Apple hardware can run Windows.

2: Build your own desktop with your own Windows copy. It may be more expensive than a cheapie from S-Mart, but you know what goes on it.

3: Buy the cheapie PC, dd the data from th