Slashdot Mirror
Dell, Toshiba and Lenovo Utilities Expose PCs To More Attacks
jones_supa writes: It turns out that OEM helper software is still often quite fragile and can expose systems wide open to attack. Currently Lenovo, Dell and Toshiba all have unpatched vulnerabilities in their various support utilities for Windows. These vulnerabilities were discovered by a security researcher who goes by the name Slipstream, and he has posted details onlinealong with proof-of-concept exploit code. The vulnerabilities allow arbitrary code execution, planting malicious files and modifying system registry values.
haven't they always?
You have a doughnut in the low level of your operating system that can communicate online without OS kernel protection, so essentially you boot to ram a executable that can modify the OS section of windows with impunity. About the same as Homer Simpson putting a doughnut into the reactor core to moderate the control rods!
This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
I really wish that there was a way to force hardware manufacturers to ship a vanilla OS without the value-added crapware. Maybe then older Android devices could get security updates, Windows and Android would be more secure and I wouldn't rage when stories like this hit the news. Again and again and again.
Most companies that produce PCs view the software side of things as a value-add - it's a checkbox criteria "put some shit on the box so we can say we have more shit". Unfortunately they view the software precisely like this - it's just shit, and it gets hacked together on a shoestring budget with no testing whatsoever. For most of us it'd be better if they just didn't add it in the first place.
Oh FFS:
"LSCTaskService is further associated with a file called LSCController.dll, which contains methods that can be called using HTTP GET and POST requests to its port. LSCTaskService can be made to run arbitrary code in the unprotected directory %APPDATA%\LSC\Local Store with system privileges, using a LSCController method called RunInstaller."
So javascript on a website can run arbitrary code with system privileges! FFS.
And Dell too? Having been caught installing a backdoor cert on its PCs, here it is again.
Yeah, but there is a new threat/consideration.
I wanted to perma-block Windows 10 on the machines I look after. Ran the batch file that turns everything off. Job done.
Two days later I notice the GWX icon on an HP machine. The "helpful" HP utilities (that I never consciously invoke myself) must have summoned the evil that is WX.
So I re-ran the perma-blocker AND did my best to kill all vestiges of HP helpers on the machine. So far so good.
I come here for the love
My mother's old Lenovo T41 recently crapped out on her finally and she almost went ahead and replaced it with a new Lenovo on her own. Luckily I stopped her with a stern lecture and bought her a spotless refurb'd HP elite book with a clean install of just win7pro that will do everything she needs and more. She had a huge disdain for anything "used" at first but when I educated her on superfish and other factory-grade malware that reassured her and she's loving it.
Now... if I get a call from her about allowing win 10 to overwrite that clean win7pro install I took an entire weekend to harden then I'm taking the elite book back and keeping it for myself (after scrubbing win 10 right back off).
may allah make all your goats pretty
No but the PC Decrapifier will... https://www.pcdecrapifier.com/
Consider hardware brands that are more about a real clean OS install.
Consider other better OS options.
Domestic spying is now "Benign Information Gathering"
A note on this, that I think is very important, is that Microsoft likes to stress that genuine Windows guarantees you'll be free of malware and exploits, but this is just false. In fact, I might even go so far as to say that it's the least guarantee (with the exception of Chinese flea markets.)
The one and only way to guarantee that your copy of Windows isn't infected with malware is to do the following:
Download the ISO from The Pirate Bay (use terms like untouched or MSDN with the OS version you download) and run an SHA1 hash against it. Google the hash, and if it matches what Microsoft publishes on the MSDN site, then you have no chance of being compromised.
Burn that or copy it to a thumb drive, boot it from bios, press shift+f10, type 'diskpart', type 'list disk', then 'select disk #' (where # is the primary boot disk number you see listed; likely disk 0), then 'clean'. There, now you've eliminated any chance of malware (and yes, this also wipes out the recovery partition, but you don't want it anyways as it likely contains exploitable OEM crapplets, plus it's needlessly using up part of your primary disk.)
"It turns out that OEM helper software is still often quite fragile and can expose systems wide open to attack"
Yes, we know.
In other news, water is still wet, the Sun still rises in the East.
Just cruising through this digital world at 33 1/3 rpm...
Uh this is no more secure than if you paid for a retail copy and also verified the SHA1 or purchased an MSDN subscription. Vendor-installed OS may come already compromised or with malware installed. If you want to save money, you could achieve the same thing installing Linux and the steps to download are a lot simpler. I realize it's fun to get modded up for encouraging pirating Windows but it's not really a behavior that should be supported. The alternative to paid Windows is free Linux not pirated Windows.
Or, for people who would prefer not to install some third-party crapware to get rid of other third-party crapware... you could type "windows start" into search, and it shows "See which processes start up automatically when you start Windows". Click on this (or press CTRL-Shift-Escape and click on the "Startup" tab), and you see a list of these processes. You'll see a category called "Startup Impact", with values of Low, High, or None (if disabled). You can right-click and disable these items right from that list, or open the folder location so you can figure out what they are, etc.
Irony: Agile development has too much intertia to be abandoned now.
The last fairly new HP I worked on has no entry in the uninstall list for "Hp Support Assistant." I traced where the program launches from and it uses an acronym to hide behind. Then the uninstaller the directory actually references some HP solutions framework thing. I tried removing that from its entry on the control panel and it said it can't remove it because it was needed by the HP Support Assistant. So I ran the uninstaller directly from the directory and it did quite literally nothing. So I had to remove the entire directory and every reference to it in the various boot time locations in the registry to truly kill it. That's what I like to call malware. It literally violates US laws pertaining to software having to be removable by the user if they want. I'm sure there's some preinstallation EULA BS to get around it though. Great upgrade to that crapware, HP!
Uh this is no more secure than if you paid for a retail copy and also verified the SHA1 or purchased an MSDN subscription.
The problem with a retail copy is that your software that rips it is invariably going to place its own timestamps and other variations in the file, so your checksum likely won't be valid. An MSDN subscription is also likely too expensive for most people.
I realize it's fun to get modded up for encouraging pirating Windows but it's not really a behavior that should be supported.
If you buy a computer that has Windows installed, and it comes with a COA, then you already own a paid copy of Windows. If you look at the license terms, the COA itself is proof that you own a copy of Windows, and so long as you install the same edition (home, pro, etc) and license channel type (retail, upgrade, OEM) to match that COA, then it's not a pirated copy. Want a simple way to ensure that? Easy: Download the best version possible (i.e. for 7, get ultimate, for 8+, get pro) and then when it asks, just type in the key listed on the COA. It will automatically select the version you've paid for and install it, and likewise it will even activate just fine with Microsoft's servers (or call in, if necessary.)
A computer illiterate friend has a Windows-infected computer and would like to replace the HDD with a SSD and has been nagging me to do it (because I must know how since I've used GNU/Linux the past 15 years and have no idea how Windows works). If I can just download some ISO for the version already on the old hard-drive and type in the things on the sticker and it'll be a genuine copy then that's fantastic.
As for the parent poster who was talking about "pirating" Windows: Please go kill yourself or give me my money back. You can't buy a non-Windows-infected computer and most of us have paid for dozens for Windows licenses that we've never ever used. If I ever do "pirate" a Windows copy then you can subtract that one against the zillion I've already paid for.
9/11: Never forget it was a false-flag operation
For those that don't speak the language, that's Welsh for, "Hello."
"So long and thanks for all the fish."
They've already proven that they can't write secure software and you want us to give them our credit card?
"So long and thanks for all the fish."
The best is when you try to uninstall HP Security Centre, but Windows refuses to run the uninstaller because... wait for it... HP _revoked_ the certificate the uninstaller is signed with! Oh it's hilarious - let me get this straight:
1. HP signs crapware with certificate X.
2. HP pre-installs crapware on a zillion PCs/laptops.
3. HP certificate ends up in the hands of retards who use it to sign a bunch of malware.
4. HP panics and revokes the certificate.
And now, due to HP's endless stream of incompetent boobery, I can no longer uninstall their garbage.
Couple I've looked at:
DisableWinTracking
I'm not sure where I got BlockWindows, so I'll just upload it here:
BlockWindows
I come here for the love
No, the sticker is NOT guaranteed to work with a RETAIL or MSDN ISO. If you can get an ISO from that OEM it will likely work, but you still might have to activate by phone MS. If you grab a Dell OEM disc for a HP computer, you certainly will.
Instead of going that route, get a couple of extra files from the OEM Project, and you can install pre-activated copies of Windows 7 / 8 / 8.1. Here's a link to the project. Good luck.
There is also a z_a_D Loader (reverse those letters and remove the underscores) on that site. It could help you, in the case he has a Dell motherboard in a HP case, and wishes to have HP branding instead of Dell. Windows 7 only, and disk cannot have GPT. I know nothing about it though. You didn't hear it from me.
Convenience... Reinstalling an updating Windows can take over a day. The Dell Decrapifier (Old name) takes a few minutes. And it is trusted software these days.
The problem with a retail copy is that your software that rips it is invariably going to place its own timestamps and other variations in the file, so your checksum likely won't be valid. An MSDN subscription is also likely too expensive for most people.
This is decidedly not true, even back in the Windows 98 days. From what I recall, all you had to do was to ensure that the disc had the same name.
If you buy a computer that has Windows installed, and it comes with a COA, then you already own a paid copy of Windows. If you look at the license terms, the COA itself is proof that you own a copy of Windows, and so long as you install the same edition (home, pro, etc) and license channel type (retail, upgrade, OEM) to match that COA, then it's not a pirated copy. Want a simple way to ensure that? Easy: Download the best version possible (i.e. for 7, get ultimate, for 8+, get pro) and then when it asks, just type in the key listed on the COA. It will automatically select the version you've paid for and install it, and likewise it will even activate just fine with Microsoft's servers (or call in, if necessary.)
Also not true. There's a way outside Microsoft to pre-activate software (at least Windows 7). All that are needed are some certificate files in the OEM/$$/OOBE section of your install DVD or USB.
Let me direct you to MDL, specifically the Projects & Applications area. To be clear, this is not a piracy site, this is just a bunch of hackers working on things like BIOS mods (allowing your laptop to run all WiFi cards / unlocking hidden menus), Pre-install activation, retail copies from digital river, and K-M-S servers for Enterprise and VL versons of Windows. Not for piracy, but just so they can figure out how those things work.
Anyway, back on topic, it's easy to roll your own disc to do a fresh install, as long as you can get it from a trusted location. Sadly, as of Windows 7, you can no longer slipstream service packs into your source discs, so you have to download each new version manually. I'd been slipstreaming Service Packs back into my discs since the Windows 2000 days. Nu2.nu was a great reference for getting ISOs to boot off of CD ROMs that had the El Torito extensions required.
This is decidedly not true, even back in the Windows 98 days. From what I recall, all you had to do was to ensure that the disc had the same name.
This depends on a few things; namely, what retail copy did you buy? Not all of them are on MSDN, as that isn't its intent. In addition, as I stated, some tools add their own bits and do things in their own manner. Using a tool like dd will get you a proper hash, but again, assuming you have the right disc.
Also not true.
It's very much true, and nothing you say below contradicts what I said.
There's a way outside Microsoft to pre-activate software (at least Windows 7). All that are needed are some certificate files in the OEM/$$/OOBE section of your install DVD or USB.
Why go through all of that when you can just type in the key? Granted in some cases the ei.cfg file is set so that it's only for a certain edition, but if you simply delete it you don't have that problem.
Sadly, as of Windows 7, you can no longer slipstream service packs into your source discs, so you have to download each new version manually.
Not true, the process is just different. You can still slipstream drivers, updates, etc as well. You just have to use the dism tool on the WIM files. In fact, MDL describes that process quite well.
No, the sticker is NOT guaranteed to work with a RETAIL or MSDN ISO.
There's an easy to make it work if it doesn't: Simply delete the ei.cfg file. In fact, that's the only thing that sets the difference between the different version discs since Vista and up.
There is also a z_a_D Loader (reverse those letters and remove the underscores) on that site. It could help you, in the case he has a Dell motherboard in a HP case, and wishes to have HP branding instead of Dell. Windows 7 only, and disk cannot have GPT. I know nothing about it though. You didn't hear it from me.
If you're going that route, then just use any ol' ISO you want (so long as hash is correct) and tell the Daz loader to activate based on your BIOS SLIC image. It will convert whatever you have to an OEM copy, and it won't even need to install its bootloader.
http://answers.microsoft.com/e...
If his computer was made by a manufacturer which is still around, he can get a recovery DVD from the company for a small fee.
If not, see the section of the page titled "What to do if you cannot get recovery media from your manufacturer". Basically, you take a retail copy of the OS in question and delete a .cfg file. That will allow you to install the OS using an OEM key. This is actually a lot easier if you use a thumb drive to install the OS rather than a DVD, since with a thumb drive your can just delete (or rename) the ei.cfg file.