Is bloatware a security disaster waiting to happen on your laptop?

News
By published

Bloatware security holes blight notebooks from major PC vendors

Dell laptop

Bloatware installed by major PC manufacturers isn't a new problem, of course, but it seems to increasingly be a security risk – stories of vulnerabilities have become more prevalent in recent times, and a new report from Duo Labs has made some worrying discoveries.

Software updaters are an obvious target for an attacker, as Duo points out in its 'Security Analysis of OEM Updaters' report, in which the firm carried out an investigation of the updating tools on notebooks from Acer, Asus, Dell, HP, and Lenovo. The results? 12 separate vulnerabilities were uncovered across these vendors.

Both HP and Acer updaters carried two high-risk vulnerabilities that could allow for arbitrary code execution on the host laptop, with Asus, Dell and Lenovo carrying one high-risk vulnerability.

In other words, every single manufacturer had at least one vulnerability which could allow an attacker to completely compromise the machine in question, and they could do so with relatively minimal effort (i.e. in less than 10 minutes).

That's not a pretty security picture, and it confirms the fact that if PC manufacturers are going to include software updaters, they really must try much harder to fully secure them.

Fixing holes

Duo Labs reported the security holes to the respective PC makers three months back in line with standard disclosure terms, so the manufacturers could fix these problems before they came to light publicly.

The firm notes that HP has fixed its vulnerabilities and Lenovo removed the software in question, which is a fix of sorts. Acer and Asus both responded to Duo, but haven't given a timeframe for a fix yet – presumably they'll be coming soon. Dell's response isn't mentioned.

Duo's recommendation for users of laptops which haven't fixed these issues is to "fully disable updaters and remove all third-party components to be fully protected from these vulnerabilities."

The firm further notes: "In addition, organisations should install basic security functions, such as two-factor authentication, to ensure users are who they say they are, and turn on encryption."

TOPICS
Darren Allan

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Pro
Cyber-security
Why Windows End of Life deadlines require a change of mindset
cybersecurity
What's the right type of web hosting for me?
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about pro
Dell Pro 14 Premium

Dell and Intel conspired to make the Dell Pro 14 Premium a swing and a miss for me after tests
Cyber-security

Why Windows End of Life deadlines require a change of mindset
BenQ PD2730S

I wanted an Apple Studio Display - until I reviewed the BenQ PD2730S
See more latest
Most Popular
ClinkCaim laptop
Laptop prototype with detachable AI webcam (but without a normal touchpad) wins award at the 'Oscars' of the design industry
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models