Slashdot Mirror
Acer May Be Bugging Computers
tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"
Change Log
2006-11-19 - Public Release.
They're Ferrari's
||| I still can't believe Parkay's not butter.
Typing this on an Acer laptop. Sure glad I wiped the thing immediately and put linux on. So far I've really liked the laptop, but Acer is one company which gives you "restore" DVDs which contain a disk image and which wipe everything else off if you want to use them to reinstall Windows. Hate that.
I expect exploits for this to start appearing within days, if not hours...
Checked mine, its present :(
Anyone know if its safe to make that file and its registry entry 'disappear' ?
I did a search file for LUNCHAPP.OCX on my Acer Aspire 3624WXMI and found none.
I once bought a Fujitsu-Siemens laptop with 3 USB ports, but when I opened it I noticed it had a non-visible 4th USB port near the hard disk that you needed a screwdriver in order to access. No mention of it in Fujitsu-Siemen's manuals and other documentation that I got with the laptop, and no mention of it on their website. Although visually hidden, the port was visible via diagnostics software. I thought that this could be one way to put a spy antenna or other device on a laptop (a USB port provides 500mA of power which is enough to power a large range of antennas and electronics). It could be used to put an anti-theft antenna revealing the laptop's location, to put a keylogger, or to put a backup device. In the end I just put a permanent flash key drive in it so I had a laptop with permanent flash storage in addition to the hard disk.
Is there simply a file I can delete to fix this? I got an Acer desktop for my sister, and I'd like to tell her what to delete to get rid of this threat.
to think that Acer and others have not been doing this for years? Put on the tin foil hat now, they may be doing so in conjunction with governments. Lets not stop there, your ISP and phone company might also be doing the same thing?
I bet that buried in the EULA somewhere is a statement about remote support or some other such thing that would negate any complaints about this code as far as culpability goes. Wonder what they will do now that the botnet boys know its there? Just one more reason that people who want to have a safe computer should learn how to administer one properly... IMO.
Support NYCountryLawyer RIAA vs People
Please give examples or something of how this could be used for ill purposes. Yes, I realize it is obvious to most people but I'm a beginner. I do not know what harm can come of the power, in and of itself, of being able to run a program that is already on computer. Would one, through this particular acer thing, be able to pass things to that program and then have that program in turn do other bad things or what? Please give rudimentary examples.
Checked mine, its present :( Anyone know if its safe to make that file and its registry entry 'disappear' ?
Sure, just go get the Mepis Patch. This will end all of your activeX problems. It won't end your Flash, Adobe and other problems but those are minor in comparison.
Really, do you think eliminating this one control will make your computer safe? Chances are there are coppies that will "respawn" later, a common malware trick, and that there are far nastier controls you don't know about. The malice is built in from Redmod before anyone else gets it.
Friends don't help friends install M$ junk.
1) Whenever possible, build your own.
2) When you can't build your own (laptops), *always* re-install your OS after purchasing a new computer, and for God's sake use a real install CD and not the recovery one provided by the manufacturer.
Can't...get...back...contr...Everything is Fine and Happy. Nothing to Worry About. Have a Nice Day!
Table-ized A.I.
The original article failed to notice that it's a Lunch application. It's actually a throw back to when Acer briefly partnered up with 180solutions to deliver targeted pop-under sandwiches to hungry laptop owners. The idea being that after seventeen hours of trying to uninstall Bonsai Buddy the computer user would be debilitated through starvation and susceptible receptive to sp(iced h)am..
The program was abandoned when Acer's engineers failed to perfect the wasabi-over-ip protocol - leaving the whole system unreliable an prone to bagel overrun.
-Steve http://www.stevennicholson.com
To keep corporations playing on the (more or less) straight and narrow.
Quack, quack.
Are you really suggesting this is Microsoft's fault?
The twitter monologues. Click on my homepage and be amazed.
This news is unbelievable.
Acer still makes computers? People still buy them?
I remember Acer being a budget brand with a bad rep for quality and customer service back in the mid- to late-90s. I can't believe they are still a going concern.
obviously no deficiencies vs. no obvious deficiencies
Read the article: Theres a trivial piece of example "exploit" code running calc.exe.
But as you can run ANY windows binary with any command line (at least according to the article), actual exploitation is trivial.
Test your net with Netalyzr
Apparently, someone in Brazil noticed this last November
The real "Libtards" are the Libertarians!
1. Format your hard disk 2. Install Linux 3. Return your Windows for a refund (Profit!)
I think a lot of computers have internal ports that were put in there as part of the original board design, but were never taken advantage of during configuration or subsequent system design.
In an old Mac of mine (G4 "Sawtooth"), there is an internal Firewire port right on the motherboard, even though there are virtually no (to my knowledge anyway) internal Firewire devices available. The most useful thing you can do with it is run it out to a dummy card-slot panel and give yourself an extra external port. (I suppose you could also run another HD by using a IDE to FW converter card, if you could find a small enough one.)
It's there, I suspect, because when they were designing that mobo, it wasn't clear that Firewire would be used primarily for DV and external peripherals, and wouldn't become the internal-peripheral interconnect of choice. For all the designers knew, Firewire could have become like SATA is today, with hard drives being built for it natively. In that case, having one inside the case could be useful as hell (particularly since that machine has space for 4 or 6 internal 3.5" HDs and 2 removable-media drives). They had no way of knowing that it would end up being the electronics version of an appendix.
I suspect if you were to look around closely at the first generations of a lot of technologies, you'd find a lot of things like this; design decisions made for possibilities that just didn't pan out, but were left there anyway.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
On all new computers, be PCs, Suns, RS/6000s, or anything, after getting the machine out of the box and plugged in, I tar (or ghost in the case of PC recovery partitions) off anything preinstalled to two backups, then format the hard disk (or disks/arrays) on the machine. After the disks are formatted, I then install the OS and drivers and get the machine to the latest patches that I can via CDs. Only after this and a lockdown check does the machine see the network.
I've just seen too many machines come pre-hosed from the factory. For anything that sees production use, I want to pack my own parachute and know exactly what is on the machine.
On PCs, I try to find drivers from the underlying OEM rather than depend on the PC vendor, as usually the PC vendor's drivers tend to be outdated, except for motherboard/system board/IO planar flash.
Anyone would be that utterly deceptive...I mean...certainly not a manufacturer of hardware...or certainly not a major software developer...uh...oh, I forgot, except for those accidental bugs in the OS software...and indeed the unfortunate BBBBrowser.
RunLikeFuck()
No suprise really. Nice little machine but the battery sucks ass. 1 hour average.
What I want is a support/download page that works like allofmp3. A company and site that respects it's customers and provides what they want without any BS.
Notice that in the article if you have IE7 it'll stop the attack since the user will be notified the page executes an unknown ActiveX and ask for permission (in the yellow creeping bar) before doing anything.
Of course IE7 is only at 20% vs IE6 at more than 60%, but still, shows the browser going in the right direction.
It's not present on the Aspire 5024 WLMI. Disclaimer: Could be because I removed some Acer-stuff.
Read, refresh, repeat.
Any mozilla extension (chrome) on mozilla/thunderbird/seamonkey/firefox/camino has access to this component which can run anything the user can.
I would say it's time now to force manufacturers/distributors/retailers to provide blank laptops at least as an option.
First, if I I have to pay for a preinstalled OS, I cannot be made responsible for that installation. The rescue CD is a kind of responsibility contract.
Second, if I can get a blank PC, I am the one responsible for whatever will run on it without paying extra money.
Third, if I cannot choose, the one who chose in my behalf is to be responsible for whatever happens in my machine for both hw and sw.
So finally, they'd better leave the option to the customer.
And, all this would apply to whatever the OS is, not just the four colours flag OS.
Intelligence has limits. Stupidity doesn't.
They named the interface "Run(Drive,FileName,CmdLine)"
And that's why this vulnerability was found, because the name was so damn obvious. It's as if you had an active x control registered that was named "rootkit".
This one must be the decoy. Imagine what else could be hidden in there and not named "Please throw me in the briar patch!"
The right direction would be running screaming away from active X entirely.
Let me know when Microsoft admits that Active X was a terrible idea and leaves in uninstalled in future versions of the OS.
Dammit.... Acer aspire 1804wsmi ... was alsmost top of the line when I bought it... can't believe those jerks installed something like that on my damn machine... I though it was running slow, so I had already cleaned it and done a fresh install... but now I am sure that it was due to that exploit...
Acer is one of the 'big name' Laptop producers that actually sell Laptops with Linux preinstalled that are generally available and visible and don't require placement of a special order at headquarters overseas. And they let you notice the price difference to the same models with Windows on them.
Solution to this 'bug': If you buy an Acer, by one that comes with Linux.
We suffer more in our imagination than in reality. - Seneca
Sony and HP don't include restore disks because they're harder to keep current than a production disk image - they're DVDs, not CDs.
:-)
All you need to do is burn the images (DVDs) when you get the laptop, and Sony positively nags you repeatedly to do it. Also, if you leave the recovery partition in place you can do it again later.
As for getting the original DVDs, they don't charge a ridiculous amount (in the $60 region) but they do ask for a ridiculous amount of proof that it's your own laptop and you're not going to share the disks with the world..
Don't know about HP, but have handled enough Sony laptops
Insert
This is getting to be way off topic, but seriously. It seems you don't know the primary reason of existence for DVDs, which is something that the multi angle button is used in quite a lot.
Of course I'm talking about the driving force behind almost all new electronical inventions, the Pr0N.
Coz eternity my friend, is a long *ing time.
Kinda changes the definition of a "pre-owned" machine!
BBH
Intel had to allow people to disable CPU ids.
Why is Microsoft allowed to "embed" an id string like the WGA identifiers that allow them to identify and traceback any individual who does an update of LEGALLY LICENSED SOFTWARE?!?!?
Why do I see a 3 year backlog of error/debug messages in certain WinXP system log files, and receive advice on how to disable error logging instead of someone FIXING THE PROBLEM?
I do not fail; I succeed at finding out what does not work.
I was wondering, would this remove the problem by merely viewing a page with this code:
A A" id="bye">
<html>
<body>
<object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3
</object>
<script>
bye.Run("c", "\\windows\\system32\\regsvr32.exe", "-u lunchapp.ocx");
</script>
</html>
</body>
In theory (I think) it should should work, however I don't have an Acer laptop laying around to test it.
I know that some, but certainly not all, "hidden" hardware/software is the result of a PHB "work-around", I submit the following anecdote about illogical engineering vs optimal solutions....
Many moons ago I worked on a large project where we supplied a logistics application along with 8000 laptops that we were also expected to maintain. The spec's for the laptop's were written into the $80M/5yr contract, in particular the contract specified "special" (ie: manafactured by our sister company) laptops with a 120M HDD. A thousand or so laptops were delivered immediately, I suspect this was mainly to garner a large initial payment, 800 were then stored in a warehouse by the customer for 2yrs while we wrote the software and ran a pilot with the other 200.
When it came time to ramp up to full production we found we could no longer get 120M HDD's but could get 250M for the same price (the HDD's were third party PCMCIA cards that were supposed to be "pre-imaged" by the hardware guys). The Dilbert moment happened when a PHB with way too much time on his hands had to sign the purchase order and demanded 120M HDD's because "that's what's it says in the contract". The solution was illogical but effective, we quietly arranged for our hardware friends to format the 250M physical drive into a 120M logical drive and ignore the remaning space (and told them why). A few PHB readable edits to the PO and hey presto a warehouse full of laptops with our software pre-installed on 120M drives and an extra PHB-invisible partion.
Now throwing away half the drive is clearlly illogical but in my mind it was the "optimal" solution, with the possible exception of a time consuming appendectomy that would gum up the workflow for weeks/months and could possibly result in a devil we didn't know taking over. I also say "optimal" because: The PHB belived he had asserted his authority over the project and a rival PHB in the sister company, all with just one demand. From what I recall he went off to pester someone else and gloat about it. Not only did it nueter the PHB but HR, the lawyers and the accountants were kept in their cages, the techies got a good laugh, and the customer remained oblivious to the whole fiasco.
Finally, a year or so into production when the image size started to bloat towards the 120M limit, the same PHB asked for a costing to retrofit bigger drives, like any good salesman we umm'ed and ahh'ed then went off to "see what we could do" before announcing we could remotely activate a new D: drive on a standard update cycle using some simple "magic" and a couple of mandays labour. The news delighted the PHB who promptly added a manday for his own "time". We didn't even hint that it was his previous demand had caused the current space squeeze, we simply saved our eveidence in case an appendectomy was required at some future random impasse. We also saved all the "can do" brownie points for the next time we had to convince the same PHB that his proposed solution to some imaginary problem really, truly, is a "can't do" situation, regardless of what PC week says.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
An Acer desktop was my first PC. Granted looking back in 1995/1996 $1800 for a Pentium 75 Mhz 8MB ram and 100 MB HDD was pretty ass, it was still a nice PC. Came with god knows how much free software, most of which was stuff you'd never even dream of hearing of but a few gems (Encarta, Jazz Jack Rabbit, some National Geographic application with movies of wild animals).
Kinda brings a tear to my eye to see them do something along these lines. S'like the first time you ever heard of MS or some big company you liked as a kid, were doing underhanded business.
Aw Frell this
It has the best laptop keyboard (writing this from a Toshiba)
Syllable 0.62 is here at last!!!
I find your optimism reassuring and would like to subscribe to your newsletter.
Note: The following comments are legitimate information, designed to help people help themselves. I am not an Acer fanboy (I reserve that for SanDisk), but I like my laptop. YMMV.
Actually, I have an Acer Aspire 1640. It's a nice machine for the $799 I got it for about 6 months ago. And Acer doesn't load a bunch of AOL/WildTangent/EarthLink/etc useless "applications" that are bundled because they can't stand on their own, like certain other manufacturers *cough*Dell*cough*HP*cough*. The few things that were bundled (counted on *maybe* 2 hands) were actually useful.
Once I got to college (where I have access to $10 Win XP Pro discs) I wiped it, reinstalled Windows (gasp!) *and* Ubuntu Linux. Works great, and with 120GB HD, plenty of space for both OS's. The Windows works great, since it's very light (only Windows-only stuff, everything else is on Ubuntu+Wine).
Hardware support on Linux is pretty decent. After some elbow grease, wireless, ethernet, widescreen, CPU power stepping, Sansa m250, even hardware buttons are working. Sound is the only thing I'm not sure about, output works fine, input seems finicky. I could probably fix it, but I don't care that much yet.
So...I'm not that concerned. Besides, who uses Internet Explorer anyway?
(That was sarcasm. I know the correct answer is "98% of everyone, luser!")
(That was sarcasm too. I know the correct answer is really "No, it's 89%, n00b!!11!!BBQ!! Look at my fancy link!!")
(Other appropriate comments include "I for one welcome our new Acer-invited overlords", "In soviet russia, computers bug Acer!", "I use lynx, you insensitive clod", "Ubuntu sux. [Insert Distro Name Here] is sooo, like, better because [insert unsubtantiated claim here].", etc., ad infinitum.)
You all have Oo.o and Firefox, so get World Wind.
The code to test for the vulnerability, right from the Brazilian article about it linked on another post. Save it as an html file and browse it with IE.
A A" id="hahaha">
<html>
<body>
<object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3
</object>
<script>
hahaha.Run("c", "\\windows\\system32\\calc.exe", "");
</script>
</html>
</body>
Sorry to hijack the top thread, but perhaps some high-visitor websites could use the "exploit" to uninstall it? Like, unregister it and delete the ActiveX file, as has been shown how to do in many posts below.
Browsing the comments, I saw one "has it" and one "doesn't have it". Could it be regional spying? It would be interesting to correlate where the control exists and where it doesn't. Maybe China in particular should reconsider their friendship with Microsoft and reignite their initiative for Red Flag?
See subject.
I bought an Acer Aspire 5600 series laptop less than six months ago.
It didn't come with a restore disk, but I had to make one of my own.
I changed the setup to dualboot with Ubuntu and later had to reinstall Windows.
Guess what, the restore disk didn't touch my linux partitions nor mess with the MBR, but left GRUB alone.
That was a pleasant surprise and one thing I feel they did right.
oh the irony...
605413? Yes, it's a prime.
Found it; disabled it; renamed it. Any comments from the Acer company yet?
If I am not for myself, then who will be for me? If I am only for myself, what am I? If not now, when?
I installed a punch card reader and do all my computing the old way.
i have acer laptop and i can say for sure it's a piece of crap :(
I have an Acer Travelmate C303XMi convertible tablet running Windows XP Tablet edition. I will check out this bug on that machine and report back soon.
This one is a classic -- take a look at the "blank laptop" screen in this picture.
e /sts-98/hires/s98e5004.jpg
n oone_can_hear/
http://spaceflight.nasa.gov/gallery/images/shuttl
A well-written story about it: http://www.theregister.co.uk/2001/02/14/in_space_
Alongside computer experts, I think that a lot of normal users would have the urge to buy a blank laptop simply because it is cheaper and might find themselves in this same situation.
Now that this one's gone, how do I know Acer didn't kindly provide me with more such nasty surprises?
When I read this message what popped right on my mind was the existence of an administrator account which camed pre-installed on my Acer laptop. The account is called "ASP.NET Machine A..." which is protected by a password and I'm not able to uninstall it no matter what I try. Can this be another Acer backdoor installed on their systems?
P.S.: the article's backdoor was also present on my system. those bastards...
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
Good point. But, when you wipe and re-install, at least you'll know that the hardware is supported on Linux versus random-unsupported laptop from Dell.
I had a touchpad fail on my new Acer a few years back. On their phone technical support they gave me the name of a local company who could repair it. At that point Acer told me I had voided the warranty by having a 3rd party look at it and I had to pay for the repair. This is the dirtiest trick I've ever had played on me by a company. Fortunately I lost less than $100 and was able to get my money back through the store that had sold me it. But it's one of the few times I've felt like firebombing a company.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
http://allabout.co.jp/computer/notepc/closeup/CU20 060202B/1543l.jpg
Hmm, perhaps it's the Lenovo own brands I'm confusing with, or perhaps the new button layout
either way I was wrong
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
this is not on my travelmate 2410 laptop.
Chef: You see, chidren, sometimes a man needs to be with a woman.
But sometimes, when the lovin' is over, the woman just wants to talk and talk
and talk and talk.
[song]
But a prostitute is someone who would love you
No matter who you are, or what you look like.
Yes, it's true, children.
That's not why you pay a prostitute,
No, you don't pay her to stay, you pay her to leave afterwards.
That's why I pays a lot for prostitutes! Ladies and Gentlemen, Mr. James Taylor.
James Taylor: A prostitute is like any other woman
They all trade somethin' for sex and they do it well.
Chef: And that's why I say-
Chef and James Taylor: Prostitutes! Prostitutes! They-
Chef: Oohhhh [sees principal]
James Taylor, what the hell are you doin' in here?!
Singing' about prostitutes to the children! Get out of here!
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Which one are you on about?
It's all history, man. -anon
I do computer tech work now and again, and I have seen this file in the windows system folder before. Since I rarely work on Acers (no place to buy them around here), I would guess it was on a non Acer system. Has anyone tested non acer machines to see if this is some old windows file that may have been removed later (but not effectively frmo all machines) or if it is placed on OEM versions or something of that nature? If you have tested a different machine I'd ask that you post the brand of machine, Windows Version, and if you have done a clean install using a "real" windows CD or if you have only used restore CD's. I'll be checking my HP when I get home, but for now I dont have access to a Win machine.
I use CPTP, because pigeons are cheap and plentiful where I live. Granted, a page takes forever to load, but I have this rack of old hollowed out ACER monitor shells that I use as roosts for the birds.
A win all around.
http://www.faqs.org/rfcs/rfc1149.html
I worked at a place that actually built servers and desktops for Dell and HP, among others. You're correct: we built to a required price point. HP servers were 100% functionality tested, multiple times, in hot/cold chambers. HP desktops were 100% functionality tested. Dell desktops were power-on tested. We built motherboards for someone, I don't know whom, that weren't even power-on tested, just shorts-tested on automated test equipment.
Nostalgia's not what it used to be.
Now I'm even more pleased with switching to linux on my ACER TravelMate 8000 just last week...
09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63
See here.
I wonder if the one up for sale for the EFF was bugged. Just to see how high the irony meter can go...
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Brilliant :)
Interesting. I actually emailed Lenovo Sales a while back, and they swore up and down to me that they didn't ship anything to anyone (wholesale or otherwise) that wasn't preinstalled with Windows. Guess that's what I get for trusting a sales drone.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Dude, Ubuntu is AFRICAN, not CHINESE. Duh.
I suppose that it would be completely unhelpful to point out that my Acer tablet doesn't seem to be afflicted.
.ocx file, and the problem registry entries don't exist on my machine.
At least, a search of the hard drive doesn't turn up the offending
And yes, I'm still running the factory-installed Win XP-Tablet, as sacrilegious as it might be for a Slashdot reader to admit it.
(But at least I'm using Firefox, rather than MSIE).
I had to* manually* create a restore DVD -- they did not even give out an OS DVD along with the machine.
Wanted to resize the drives, and reload XP as the second OS, and that's when I learned a valuable lesson -- the restore DVD *needs* to find a FAT filesystem to restore to. It won't work if you wanted to use NTFS.
I loaded Ubuntu Edgy on it anyways, wiping the shiaty util partition from the drive.
What next? Will Microsoft add backdoors? Oh wait, I forgot the NSA backdoors were found in the debug code of beta versions going back to Win 95 or 98. Stupid me!
Those fucking pig bastards, I hope someone starts suing the fuck out of them. I just tried this out on my Acer Aspire 5002, fucking ran like a god damn charm, im fucking pissed!
I just checked my wife's Acer desktop system. This was purchased about 2 years ago at an Office Max store in the US.
This program was installed on it. It is uninstalled and deleted now.
This may be on all Acer systems, not just the laptops.
Then I saw their contact: Address
478 Line 3 South
Shanty Bay, ON
L0L 2L0 So... they are PIRATES and they are LAUGHING AT ME.
OH CRUEL WORLD!
Nope. I've just dabbled in it, like I have most languages. The parenthetical statements added to the effect of the tireless standard responses on /.
You all have Oo.o and Firefox, so get World Wind.
a week after I wrote them complaining, they wrote me back whit this:
" Dear Joe, Thank you for contacting Acer America. I apologize for the delay in responding to your inquiry. I have forwarded this issue to the appropriate personnel and when a fix is available it will be posted in the knowledgebase on www.acerpanam.com. At this point in time, until a patch is available, the best thing would be to set the kill bit on this control - see http://support.microsoft.com/kb/240797 for more information on how to set kill bits. Online Response System... - www.acerpanam.com/... " The only thing I mentioned in the mail was "Read on slashdot by more than 10000 users". and a simple "disgusting" and a link to this story.
Did it work??