Out-Of-the-Box Exploitation Possible On PCs From Top 5 OEMs (arstechnica.com)

← Back to Stories (view on slashdot.org)

Out-Of-the-Box Exploitation Possible On PCs From Top 5 OEMs (arstechnica.com)

Posted by msmash on Wednesday June 1, 2016 @05:10AM from the security-woes dept.

According to a report published by two-factor authentication service Duo Security, third-party updating tools installed by Dell, HP, Lenovo, Acer, and Asus (the top five Windows PC OEMs) are exposing their devices to man-in-the-middle attacks. Dan Goodin, reports for Ars Technica: The updaters frequently expose their programming interfaces, making them easy to reverse engineer. Even worse, the updaters frequently fail to use transport layer security encryption properly, if at all. As a result, PCs from all five makers are vulnerable to exploits that allow attackers to install malware.Duo Security adds: Hacking in practice means taking the path of least resistance, and OEM software is often a weak link in the chain. All of the sexy exploit mitigations, desktop firewalls, and safe browsing enhancements can't protect you when an OEM vendor cripples them with pre-installed software.

81 comments

Min score:

Reason:

Sort:

Apple is doing it right by Anonymous Coward · 2016-06-01 05:12 · Score: 1

Why that kind of crap happening on both smartphones and computers, is there anyone still surprised why Apple didn't want carriers to install their own crapware on iPhones?
1. Re:Apple is doing it right by houstonbofh · 2016-06-01 05:27 · Score: 1
  
  Because it pays... At one point Dell was making more from bounties on preinstalled crap then they were from the margin on the computer itself. And people will give away all of there personal information for a $5 off coupon these days. https://www.pcdecrapifier.com/
OEM Rescue Kit by Anonymous Coward · 2016-06-01 05:13 · Score: 5, Interesting

OEM Rescue Kit
1. Re:OEM Rescue Kit by advocate_one · 2016-06-01 05:41 · Score: 0
  
  mod parent up please... ;)
  
  --
  Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
2. Re:OEM Rescue Kit by Anonymous Coward · 2016-06-01 05:53 · Score: 0
  
  My OEM rescue kit looks an awful lot like Fedora on a USB stick...
Transport Layer Security by Anonymous Coward · 2016-06-01 05:16 · Score: 0

That's a job for the TSA !!
1. Re:Transport Layer Security by houstonbofh · 2016-06-01 05:32 · Score: 1
  
  No, because the TSA would want to look inside each packet, and would induce latency. ;) And filter nothing anyway...
2. Re:Transport Layer Security by FatdogHaiku · 2016-06-01 05:36 · Score: 1
  
  No, because the TSA would want to look inside each packet, and would induce latency. ;) And filter nothing anyway...
  Yeah, they just look...
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
3. Re:Transport Layer Security by Anonymous Coward · 2016-06-01 06:35 · Score: 0
  
  I am pretty sure they would do the same they thing they do at airports. Make you throw away your exploding water and buy $5.00 bottles of certified non-exploding water from the vendor just past the checkpoint. In other words, they do nothing but make it more expensive.
4. Re:Transport Layer Security by BronsCon · 2016-06-01 06:58 · Score: 1
  
  ... and grope.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
That's because they're LUDDITE PCs! by Anonymous Coward · 2016-06-01 05:18 · Score: 0, Troll

App apping devices running Appdows 10 are 100% secure and appy because they ONLY app apps, unlike LUDDITE PCs that let hackers pwn them with LUDDITE software!
Apps!
Hmm.... by LichtSpektren · 2016-06-01 05:22 · Score: 0

You'd have to be a moron to buy anything from Dell or Lenovo by choice, after the root certificate crap they both pulled.

So what Windows OEMs are left that don't fuck up their computers? Let's start by eliminating the five mentioned in TFS, and also Microsoft, Sony and Samsung because they have a history of abusing their customers and have terrible support. That leaves us with... LG, Toshiba and MSI. And a bunch of tiny companies.

No wonder the PC market is declining so hard.
1. Re:Hmm.... by Anonymous Coward · 2016-06-01 05:27 · Score: 0
  
  "the root certificate crap they pulled" - yes, heaven forbid a major PC manufacturer got caught working with companies that expose their customers to privacy risks.
  What do you put in your food that makes you so oblivious to reality?
2. Re:Hmm.... by Anonymous Coward · 2016-06-01 05:30 · Score: 0
  
  A simple fresh windows install seems sufficient to get rid of the OEM crapware.
  I was unaware of the root certificate issue though which I assume is not fixed by a simple reformat and os install.
3. Re:Hmm.... by houstonbofh · 2016-06-01 05:31 · Score: 1
  
  I am seeing a lot more of my commercial clients go back to WhiteBox PCs. It is cheaper, and when you buy enough, you do not have the support issues. "Since I am getting 50 PCs form you, can you throw in 2 extra motherboards for warranty hotswap?" Some even keep a few full desktops in the back for swapping out failures. At the lower prices, they can afford to! (Note: The "lower price" includes the cost of un-fucking each desktop from Dell or HP... Not just the hardware, which is only the beginning!)
4. Re:Hmm.... by Anonymous Coward · 2016-06-01 05:32 · Score: 0
  
  Everybody here who isn't a moron buys from the likes of Dell and then installs a clean OS image. Crapware is a problem for home user numptiess, not IT professionals.
5. Re:Hmm.... by geekmux · 2016-06-01 05:33 · Score: 2
  
  You'd have to be a moron to buy anything from Dell or Lenovo by choice, after the root certificate crap they both pulled.
  Well, at least you described the average computer user accurately, who still believes a "root" problem is caused by dandelions growing in their yard.
  This would also imply that the average computer user knows or cares about computer security. They care about price when buying a computer, not security, hence the reason they go to the vendor with the most subsidized OEM crapware on the machine.
6. Re: Hmm.... by Type44Q · 2016-06-01 05:35 · Score: 1
  
  After a horrible defective rate with MSI motherboards back in the 90's, I haven't tended to consider them a decent company...
7. Re:Hmm.... by mlts · 2016-06-01 05:42 · Score: 2
  
  This has been a best practice for decades. It doesn't matter what the platform is, be it a Dell that was on special from Amazon, a Mac, an Oracle box, or a POWER8 that will be used for LPARs... it gets completely flattened and installed from scratch. Even my smartphones and tablets get erased and reflashed from scratch.
  The Dell cheapie I bought, I just bought OEM Windows install media, stuffed a SSD in there, and it works fine. With most drivers being from Windows or OEM stuff, there is no Dell specific upgrade utility on the system. I don't see why I should bother installing a vendor application, unless there is some specific functionality. For example, there was a year or two where HP had motherboard NICs from nVidia with hardware firewalling built in, which came in handy to block bad sites in hardware before they could even touch the OS, as well as protect the Web browser.
8. Re: Hmm.... by Rosyna · 2016-06-01 05:49 · Score: 4, Interesting
  
  A clean install may not work. There is a hook in Windows 8 and later that allows OEM firmware to supply a list of software to install after a clean install.
  The feature was originally designed so Windows could automatically install necessary OEM-specific drivers without requiring a custom installer be used. Sadly, OEMs have used it to install vulnerable crapware.
  You just can't win against crapware.
9. Re:Hmm.... by Anonymous Coward · 2016-06-01 06:14 · Score: 0
  
  Dell's "root certificate issue" was just a poorly-configured root certificate used by Dell to sign all of their software. When it was pointed out how stupidly bad they screwed it up, they revoked the cert and issued a different one that didn't cause massive security holes in everything. I think the turnaround time on it from the PR hitting the fan until the fix was around 3-5 days. It had been in use for almost a year, but the fix came promptly when the problem was pointed out.
  Lenovo's, OTOH, was a nightmare. The root certificate screw-up was only part of the problem. To my knowledge, it's still not fixed and is still shipping on new consumer-grade Lenovo computers.
10. Re:Hmm.... by Tharkkun · 2016-06-01 07:58 · Score: 1
  
  You'd have to be a moron to buy anything from Dell or Lenovo by choice, after the root certificate crap they both pulled. So what Windows OEMs are left that don't fuck up their computers? Let's start by eliminating the five mentioned in TFS, and also Microsoft, Sony and Samsung because they have a history of abusing their customers and have terrible support. That leaves us with... LG, Toshiba and MSI. And a bunch of tiny companies. No wonder the PC market is declining so hard.
  Except Lenovo only installed it on a select few consumer models. They are still the goto in the Corporate world. Dell however is complete garbage now.
Considering the computer store I worked for... by Anonymous Coward · 2016-06-01 05:26 · Score: 1

made more from pre-installed software, especially games, than we did from the hardware, this problem will never go away. The closer to malware that the software is, generally the more profitable it is.
So the question is by H3lldr0p · 2016-06-01 05:31 · Score: 1

are the OEMs getting paid to put this crap on there, is it just that cheap to let someone else do it (and buy some liability insurance), or a combination of the two?
1. Re:So the question is by Anonymous Coward · 2016-06-01 06:04 · Score: 0
  
  It's been pretty well established that the shovelware (aka crapware) helps subsidize the cost of the PC. All the major manufacturers do it. I'm torn between screwing the manufacturers for this practice by accepting the subsidy and then wiping the OS, or buying from a company like System76 that has the OS I want and none of the crapware.
Step 1: buy the box Step 2: wipe, install clean OS by xxxJonBoyxxx · 2016-06-01 05:35 · Score: 1

Step 1: buy the box Step 2: wipe, install clean OS

I had had enough with bloatware years ago, so now it's nothing but OEM Windows (if not Linux) for me.
It shouldn't be allowed by wonkey_monkey · 2016-06-01 05:39 · Score: 2

The updaters frequently expose their programming interfaces
The dirty beggars.

--
systemd is Roko's Basilisk.
Is Linux really any better? by Anonymous Coward · 2016-06-01 05:49 · Score: 0

I don't want to use Windows. I don't really want to use OS X, either. But once I've excluded those, my only other options are Linux and FreeBSD.
Linux happens to support my hardware better, so I've tried to use it. But modern Linux distros are just so awful.
It wasn't always this way. I had some great experiences using Linux in the late 90s and early 2000s. But when I tried Linux earlier this year, I ran into all sorts of problems with systemd. I'm clearly not alone, given how many bug reports and mailing list emails from other people I read when trying to solve my problems!
Shit, it was only a few days ago that I saw a story here at /. about how systemd now breaks screen and tmux! That's fucking unbelievable!
To make matters worse, it's like all of the major Linux distros have switched to systemd, too. Unless I want to relegate myself to niche distros like Slackware or Gentoo, or use insecure outdated versions of other distros, I'm forced to use systemd! Well none of those are options for me.
After much fighting with systemd, I found myself face to face with GNOME 3. What a frigging disaster! I've used countless desktop environments since the 1980s, and GNOME 3 is the worst I've ever seen. Everything about it is just plain awful, in my opinion. I found it to be a usability nightmare.
Now I think I'll just get a Mac. It's not my first choice, but thanks to how the major Linux distros have ruined themselves I have no choice.
1. Re:Is Linux really any better? by macs4all · 2016-06-01 05:56 · Score: 2
  
  Now I think I'll just get a Mac. It's not my first choice, but thanks to how the major Linux distros have ruined themselves I have no choice.
  Come on in, the water's fine!
  
  Seriously, like many others, once you start digging into OS X, you will find that it is the "Linux" you always dreamed-of. "Linux" in quotes, because OS X is actually a Certified Unix.
  
  And you will also find out that, despite the shrill language of the Apple-Haters around here (the vast majority of whom have never even TOUCHED an OS X Mac), there is QUITE the serious OS going on under the hood.
2. Re:Is Linux really any better? by Anonymous Coward · 2016-06-01 06:13 · Score: 0
  
  You are not a human. You are a chatbot, or one of those automatic complaint generators, or one of those paid Russian hackers.
  Dear Slashdot:
  Please help us find a way to ensure we are talking to human beings here. That would make a good story in itself. We need a way of filtering out the bots
3. Re:Is Linux really any better? by Bing+Tsher+E · 2016-06-01 06:23 · Score: 1
  
  Windows NT 4.0 with Interix installed is a Certified Unix, too.
  I have OS X installed on both of my iMac G4s. I wish it was easier to run NetBSD on them, but closed hardware is closed hardware.
4. Re:Is Linux really any better? by Anonymous Coward · 2016-06-01 06:23 · Score: 0
  
  If you can't tell the difference, there is no difference-- for you.
5. Re:Is Linux really any better? by mlts · 2016-06-01 06:29 · Score: 2
  
  I have fallen into the same hole as the grandparent. I'm not happy with the desktops on the major Linux distros, I could hack my own or use an off-brand distro, but then there is the issue of updates, and just spending time fiddling with it, when I have many other things to do. So, I went the OS X route because it is usable out of the box. Plus, I'm not liking the route MS is going with Windows, where they can do an update/forced restart anytime. That and the telemetry privacy concerns.
  All and all, I get about 95% of what I like with Linux on OS X. Ansible, borg, xz, and other utilities install with little issue with brew, and with proper ACL setting, /usr/local can be kept owned as root, while letting an admin user do updates. XCode isn't bad, as I've had to write Objective C code to watch the thermal and memory pressure of a machine, and have it throttle an app before either got out of hand. OS X Server's git server is decent, and eventually I may just buy a Mac Mini for running a LDAP server and VPN server, although I have no clue if it can support 2FA, which is a must. Plus, since Mac Minis support ESXi, I can use it for another compute node if I need.
6. Re:Is Linux really any better? by Anonymous Coward · 2016-06-01 06:35 · Score: 0
  
  Your comment is a perfect indicator of the sorry state of the GNU/Linux community today.
  Instead of accepting that a great many people have had severe problems with GNU/Linux software like systemd, PulseAudio, and GNOME 3, you come up with this nonsense about "chatbots" and "automatic complaint generators" and "paid Russian hackers".
  Could you be any more out-of-touch with reality?
  Well, at least you didn't throw in false accusations of "shilling", I suppose!
  As long as the Linux community lives in a state of denial, the situation will never improve.
  We'll continue to see Windows running on 90% of desktops and laptops, with OS X responsible for 9.95%, and GNU/Linux essentially nowhere to be seen.
  The only time Linux will be viable is when, like in the case of Android, pretty much everything running above the kernel is thrown out and replaced with non-GNU, non-systemd, non-PulseAudio, non-GNOME 3 software!
7. Re:Is Linux really any better? by jedidiah · 2016-06-01 06:47 · Score: 1
  
  Been there, done that. That includes owning Macs and working with real Unix. If you are a power user, you will just find Macs annoying. If you are a serious old school Unix user, you will find it's certification laughable.
  Although the real problem with MacOS is not MacOS itself. It's the hardware. You get stuck with strange novelty form factors targeted to n00bs. They don't even have a proper workstation model any more.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
8. Re:Is Linux really any better? by jedidiah · 2016-06-01 06:50 · Score: 1
  
  Some comments really do look like they've been generated by Eliza. This is especially true of the intentionally vague ones. It's hard to evaluate something that by it's very nature can't be quantified.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
9. Re:Is Linux really any better? by macs4all · 2016-06-01 07:15 · Score: 1
  
  Windows NT 4.0 with Interix installed is a Certified Unix, too.
  I have OS X installed on both of my iMac G4s. I wish it was easier to run NetBSD on them, but closed hardware is closed hardware.
  What's "closed" about the hardware? Oh, you mean like pretty much EVERY GPU on the market, right.
  
  Why would you want to bother running NetBSD when OS X is a kissing-cousin to same?
  
  Besides, have you even LOOKED? Check out this Google Search. Looks like there are a number of NetBSD Options for PPC Macs.
10. Re:Is Linux really any better? by macs4all · 2016-06-01 07:24 · Score: 1
  
  I have fallen into the same hole as the grandparent. I'm not happy with the desktops on the major Linux distros, I could hack my own or use an off-brand distro, but then there is the issue of updates, and just spending time fiddling with it, when I have many other things to do. So, I went the OS X route because it is usable out of the box. Plus, I'm not liking the route MS is going with Windows, where they can do an update/forced restart anytime. That and the telemetry privacy concerns.
  All and all, I get about 95% of what I like with Linux on OS X. Ansible, borg, xz, and other utilities install with little issue with brew, and with proper ACL setting, /usr/local can be kept owned as root, while letting an admin user do updates. XCode isn't bad, as I've had to write Objective C code to watch the thermal and memory pressure of a machine, and have it throttle an app before either got out of hand. OS X Server's git server is decent, and eventually I may just buy a Mac Mini for running a LDAP server and VPN server, although I have no clue if it can support 2FA, which is a must. Plus, since Mac Minis support ESXi, I can use it for another compute node if I need.
  I'm no expert on 2FA; but a second on Google revealed this thread, which could be helpful.
  
  OS X El Capitan and iOS 9 have also introduced 2FA through use of an AppleID; but I'm not sure if/how that applies to LDAP.
  
  This Google Search may prove helpful on the LDAP on OS X front.
11. Re:Is Linux really any better? by Anonymous Coward · 2016-06-01 07:25 · Score: 0
  
  You hit upon my biggest beef with Apple. I wish Apple would split off an "enterprise Mac" division to focus on computers, not sleek toys. These days, I would pay a Mac Pro price for a tower Mac Pro, because it will be a machine I can upgrade and keep current for at least 3-5 years, and after that, it will still be usable for a number of years still. I just can't stand the latest "upgrade" process being to buy a new box every 2-3 years, because I tend to use and keep computers going for a long while. It is understandable that Apple won't make a "Mac Pro Mini" because of their near death experience in the days of Power Computing... but it would be nice to have either a full tower or something like that, which can be kept upgraded as time goes on. The current cylinder Mac Pro is OK (assuming it gets a refresh come WWDC), but for the flagship machine, it should have more to offer for onboard storage than what it does. It at least should have two m.2 slots, or perhaps a "docking station" that uses TB-3 so one can use desktop RAID with it at full speed.
  OF course, OS X needs a new filesystem. HFS+ just... needs... to... die...
12. Re: Is Linux really any better? by Anonymous Coward · 2016-06-01 07:30 · Score: 0
  
  But how will that help?
  We've given you literally hundreds of extremely detailed examples and I'm still called a bot or shill, despite still having most of the same problems to this day.
  I'm sick of my Linux servers no longer rebooting on the first try.
  I'm sick of having to change the 100+ character prefix to the screen command every apt-get upgrade - in fact sick of even needing it - for a program I've used over 20 years to remain functional longer than two weeks.
  I'm sick of gnome3s lack of fitting to my work flows.
  But most of all I'm sick of asking for help over and over yet only being called a liar and idiot, while showing I am both telling the truth and Far more capable than you on a Gentoo or older Debian machine.
  You had a few hundred tries, and now there is no longer a point to explaining details.
  So deal with it. Or in fact don't deal with it, because I left your little broken community already with many of the other people that have proven over the decades to know how to actually make things work. You can enjoy whatever is left.
13. Re:Is Linux really any better? by mlts · 2016-06-01 07:34 · Score: 1
  
  I might fiddle with Duo security, or just fire up a VM whose sole purpose in life is to handle VPN duty. That way, it is isolated, and can be hardened well. Nice thing about OS X and Linux is that they play well together.
14. Re:Is Linux really any better? by macs4all · 2016-06-01 07:35 · Score: 2
  
  Been there, done that. That includes owning Macs and working with real Unix. If you are a power user, you will just find Macs annoying. If you are a serious old school Unix user, you will find it's certification laughable.
  Although the real problem with MacOS is not MacOS itself. It's the hardware. You get stuck with strange novelty form factors targeted to n00bs. They don't even have a proper workstation model any more.
  That's funny. I have been seeing more and more "power users" and "real Unix" users that are generally quite happy with their Macs and OS X.
  
  As for a "proper workstation", that definition is going by the wayside more and more with each passing year. If you really want to have a "tinkerer's box", then I suggest you build yourself a nice Hackintosh. Recommended hardware lists and help forums abound.
  
  Why do you think that Apple turns a blind eye to the Hackintosh Community? Do you really think they couldn't REALLY lock OS X to "genuine Apple Hardware?" Of COURSE they could. But they don't (and no, their little token "Do Not Copy OS X" file is obviously not the best they could do). Why?
  
  Because it probably only loses them a few thousand unit sales per year, and that is far more palatable to Apple than having to spec, design and spin-up a whole other product class that would only sell a few million units per year. Peanuts to a company the size of Apple.
  
  I can assure you, that if Apple saw the sales of Macs drop, and a simultaneous rise in the number of Hackintoshes, they would likely create a "slot-monster" box again.
15. Re:Is Linux really any better? by macs4all · 2016-06-01 07:38 · Score: 1
  
  I might fiddle with Duo security, or just fire up a VM whose sole purpose in life is to handle VPN duty. That way, it is isolated, and can be hardened well. Nice thing about OS X and Linux is that they play well together.
  I'll just have to take your word for it. I got over my "working ON my computer" phase a LONG time ago. Now I just want something that works. And IMHO, life's just too frickin' short for Linux. ;-)
16. Re: Is Linux really any better? by N!k0N · 2016-06-01 08:14 · Score: 1
  
  Devuan (beta) is solid. Default is sysvinit, but you can change as you wish. Their package management has systemd pinned upstream, so you don't have to worry much about it sneaking in either.
17. Re:Is Linux really any better? by i.kazmi · 2016-06-01 09:03 · Score: 1
  
  I am writing this from a laptop running Kubuntu 16.04 and while there are things which I find inconvenient/annoying, I am generally pretty happy with the overall experience.
  
  I am not trying to troll you but I like my computer's environment set a particular way and I am actually genuinely interested in knowing if the OSX GUI can now support my workflow instead of me having to adapt so here goes; I use a multi-monitor setup with a panel on both screens, each of the panels has its own Application launcher, taskbar (which shows only applications from the screen the panel is on and does not autosort/group applications) and a notifications tray and I like to use focus-follows-mouse instead of click-to-focus. Last time I checked (with Yosemite, a friend let me keep their old Mac Book Pro for a month to play with), OSX wouldn't let me do either of these things (I could not get the dock to show up on both screens or get it to not group windows of the same application together and even when i eventually managed to get focus-follows-mouse working, the unified toolbar (which I couldn't switch off) made it nearly impossible to use). I realise someone somewhere might think that the interface of OS X is perfect but as far as I am concerned, I could not see myself using it in it's default configuration and since I couldn't modify it either, I didn't really see the point of getting a Mac if I was going to install Kubuntu on it at the end of the day anyway.
18. Re:Is Linux really any better? by macs4all · 2016-06-01 10:38 · Score: 1
  
  I am writing this from a laptop running Kubuntu 16.04 and while there are things which I find inconvenient/annoying, I am generally pretty happy with the overall experience. I am not trying to troll you but I like my computer's environment set a particular way and I am actually genuinely interested in knowing if the OSX GUI can now support my workflow instead of me having to adapt so here goes; I use a multi-monitor setup with a panel on both screens, each of the panels has its own Application launcher, taskbar (which shows only applications from the screen the panel is on and does not autosort/group applications) and a notifications tray and I like to use focus-follows-mouse instead of click-to-focus. Last time I checked (with Yosemite, a friend let me keep their old Mac Book Pro for a month to play with), OSX wouldn't let me do either of these things (I could not get the dock to show up on both screens or get it to not group windows of the same application together and even when i eventually managed to get focus-follows-mouse working, the unified toolbar (which I couldn't switch off) made it nearly impossible to use). I realise someone somewhere might think that the interface of OS X is perfect but as far as I am concerned, I could not see myself using it in it's default configuration and since I couldn't modify it either, I didn't really see the point of getting a Mac if I was going to install Kubuntu on it at the end of the day anyway.
  Ok, let's tackle these one-at-a-time. If I misunderstand, let me know and I will try to realign my thinking... I am not an expert in all things regarding multiple desktops and docks; but I might be able to help.
  
  Keep in mind that no OS has everything; but the question is, can you "get there". And I think that the answer in your case is "Yes".
  
  1. Multiple Docks. I am not sure if any of these might help; but there sure are a LOT of choices!
  2. Multiple Desktops (Spaces). Again, not sure if any of these will fit the bill; but again, there are a LOT of options...
  2a. Windows Grouped by Application, and "multiple displays have separate Spaces". I found this when looking for a way to have Multiple Menubars (see #4, below). It might help with some of your Window Grouping.
  3. Focus-follows-mouse. Well, there are a few "terminal" solutions. The best one (CodeTek VirtualDesktop Pro) seems to cost $40 though. If you don't like any of that, try this Google Search.
  4. Unified "Toolbar" (MenuBar?). Hmmm. If the "Displays have Separate Spaces" setting won't do what you want, there are a few other options. This one might be the best overall solution. It's $15, but allows you to do several cute things with MenubarS (plural!).
  
  Or you can always whip out XCode and create your own haxie/extension!
19. Re:Is Linux really any better? by MobileTatsu-NJG · 2016-06-01 13:02 · Score: 1
  
  Step 1: Disable anonymous posting.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
20. Re:Is Linux really any better? by armanox · 2016-06-02 01:24 · Score: 1
  
  I may not be able to speak for NetBSD, but the PPC G4 is (was) perfectly supported in Linux (I'm running Ubuntu 10.04 on my PowerMac G4 Quicksilver).
  
  --
  I'm starting to think GNU is the problem with "GNU/Linux" these days.
21. Re:Is Linux really any better? by armanox · 2016-06-02 01:48 · Score: 1
  
  Ah, Focus-follows-mouse. My favorite thing about classic UNIX desktops (CDE, 4DWM, FVWM). I don't think you can do that in modern GNOME, much less in OS X. For you next item - Out-of-Box OS X ships with a Dock (Warf in GNUStep terms), which is not what you are looking for in this case. You would need to find a third party panel, which would likely include it's own task picker.
  And hey - I think I agree with you that the main reason to buy Apple hardware is the OS. I've always been an Apple fan (but I learned how to type/compute on Apple (II and Macintosh) computers in school). OS X doesn't get the crown of my favorite UNIX (if I could get focus follows mouse then it might, until then it's IRIX) desktop, but it does a pretty good job for most people. I for the most part work off of my MBP these days (I replaced my 2006 MBP in Feb. this year with a 2012 (the non-rMBP) model) largely due to my disgust with the way the Linux world is going. My workflow wasn't really impaired (I usually Alt-Tab or OpenApple-Tab to find switch programs, rather then use the task picker) - iTerm replaces Konsole just fine for me, and every other Linux program I use is on OS X (actually, I could probably get KDE to build on OS X if I really wanted to....), plus I get to run the Blizzard games as well.
  
  --
  I'm starting to think GNU is the problem with "GNU/Linux" these days.
22. Re: Is Linux really any better? by Anonymous Coward · 2016-06-02 02:48 · Score: 0
  
  You obviously have no clue what you're talking about, are talking out your ass just to sound 'cool' on /., and clearly haven't tried a desktop Linux lately.
  
  What issues did you have with systemd exactly? The only people complaining are system admins because it breaks the work flow they've followed their entire careers. On a desktop though, you don't even know it's there - other than faster startup times and better DE integration. As a Linux dev who also maintains an in-house distro, I think systemd is fucking great, but I can see why some power users may take issue. Many of its haters though are just me-too trolls who quite obviously don't know what the fuck they're talking about. And the issue about supposedly breaking screen was about a default setting Debian is using with systemd - not systemd itself. Oh, and it didn't break anything, just changed how you invoke long running processes as a regular user. I think it's a sane default and use it on my machines, but you are free to change it.
  
  As for Gnome3, that's totally subjective - I don't love it, but I like it better than any other DE I've tried, and enabling a few extensions makes it fit my work flow perfectly. Outright rejecting it though is either fanboi crap or, once again, ignorant me-too troll bullshit. Of course if it doesn't work for you, there are plenty of other DEs to try.
23. Re: Is Linux really any better? by Anonymous Coward · 2016-06-02 02:54 · Score: 0
  
  If you're having a problem with reboots hanging - either fix why it's hanging or enable the reboot watchdog in systemd.
  
  If you don't like having to prefix screen to persist after you log out, either change the logind setting to allow persistent user processes, or create an alias in your bashrc (or whatever).
  
  That you don't know these basic things shows you are, in fact, an idiot.
24. Re:Is Linux really any better? by Anonymous Coward · 2016-06-02 03:16 · Score: 0
  
  Shit, it was only a few days ago that I saw a story here at /. about how systemd now breaks screen and tmux [slashdot.org]! That's fucking unbelievable!
  This behaviour was a) effectively a switch choice *set by Debian* not the systemd maintainers b) easy to switch off and c) reverted to default to off within a few days. But I'm sure people on slashdot will still be using it in anti-systemd rants in 2 years time.
25. Re: Is Linux really any better? by Anonymous Coward · 2016-06-02 03:39 · Score: 0
  
  I'm sick of my Linux...
  I'm sick of having...
  I'm sick of gnome3s...
  But most of all I'm sick of asking...
  Oooo! A sensitive and chatty chatbot! And not a very healthy one. Take some Xanax and come back tomorrow. Quit your bellyaching and always use Slackware. It comes without gnomes... or house elves.
26. Re:Is Linux really any better? by aaronb1138 · 2016-06-02 03:39 · Score: 1
  
  The Linux community is still in denial over the fact that claims of "year of the Linux desktop" starting around 1998 were quickly destroyed by Windows 2000 and XP. Windows 7 certainly put the final nails in that coffin.
  
  Linux/GNU is a fine OS for monolithic servers with minimal update needs and it works fine as a base kernel to run a completely different environment and API on top, as is the case with Android.
27. Re:Is Linux really any better? by armanox · 2016-06-02 15:46 · Score: 1
  
  My experience (this decade) has been that Linux will work on the majority of hardware on the market. True, you might have to install video drivers (and I had one laptop that needed me to install the ethernet driver, but it worked following that)
  
  --
  I'm starting to think GNU is the problem with "GNU/Linux" these days.
28. Re:Is Linux really any better? by Anonymous Coward · 2016-06-02 17:22 · Score: 0
  
  Quiet you...
29. Re:Is Linux really any better? by i.kazmi · 2016-06-03 11:21 · Score: 1
  
  Sorry for the delayed reply, been very busy.
  
  When I said I wanted a panel on both screen, I meant something like what KDE has but since you're not a Linux person, you can think of the Windows 7 panel (which has the start button, the taskbar, notifications tray and a clock) but where Windows 7 only lets you have the panel on the primary display, I want it on both displays (and the taskbar on each panel to display programs that are running on that screen). The only alternative to the standard dock that OS X comes with that came close to what I wanted was uBar but I could only get it to display on one of the screens instead of both of them (I was using a free trial, it costs $20).
  
  I can't stand docks (on any operating system). I don't need that many applications permanently pinned to an edge of the screen, I need Netbeans or Ninja IDE along with Firefox and/or Chrom(e)(ium) and maybe one or more of GIMP, LibreOffice and a virtual machine. The whole concept seemed broken and wasteful to me and even when I removed all the unnecessary items from the dock and left only the ones I wanted, the windows of the same applications were still grouped together into a single item on the dock instead of having multiple entries despite acres of space (eg if I had 5 windows of Firefox, there was a single firefox icon which I had to click to get to a list of the windows that were open).
  
  With focus-follows-mouse, I got it working through one of the terminal solutions but the experience was sub-optimal (at best). The unified menubar made it nearly impossible to use and in the end I just gave up. I did not come across BinaryBakery but that does seem interesting.
  
  If I have to whip out XCode to roll my own solution, how is it different from what I have to do with Linux (where KDE has me covered on the GUI side of things but I need to faff around with config files to get hibernation working, probably won't be an issue if I bought a Dell with Ubuntu or a System 76)?
  
  I understand that no OS can cater to everyones needs/wishes but I think this is not an improvement over what I have at the moment, it actually seems more painful. Won't you agree?
30. Re:Is Linux really any better? by i.kazmi · 2016-06-03 11:40 · Score: 1
  
  Luckily I have always used KDE so getting focus-follows-mouse to work has never been that much of an issue for me. Even got it to work on Windows 7 (through several registry hacks).
  
  I tried to get KDE to build on OS X as a last ditch effort, ran into dependency hell which I couldn't resolve despite a lot of effort and in the end figured that it was probably not worth the time I was pouring into it.
  
  The only real gripe I have with Linux is the problems SystemD is introducing by trying to 'correct' the Unix way of doing things.
  
  Pretty much all the games I want to play these days are available on steam with Linux support (I am probably in the minority there but as long as I can get my fix, I'm not fussed).
31. Re:Is Linux really any better? by armanox · 2016-06-03 15:32 · Score: 1
  
  Systemd is easily my biggest complaint as well. I have seen so many weird errors pop up since systemd became the default, so many systems suddenly refuse to boot (over what used to be non-fatal errors), or have issues when they are running because of strange defaults (and despite what the pro-systemd crowd says, if it worked before and systemd was the only thing that changed then it is systemd's fault. It breaks the UNIX way of "be as compatible as possible" and now systemd on Debian is going to break nohup and similar programs? SMH.) Red Hat is going to lose the area that made Linux popular (servers) chasing the desktops they will never have.
  
  --
  I'm starting to think GNU is the problem with "GNU/Linux" these days.
32. Re:Is Linux really any better? by macs4all · 2016-06-04 15:41 · Score: 1
  
  orry for the delayed reply, been very busy.
  No worries! I'm much the same...
  
  I wish I could find a screenshot of what you are talking about with KDE's "Panels".
  
  BTW, I noticed you other Post about trying to get KDE to Compile under OS X, and I must say, it seems you are REALLY Swimming Upstream here. I mean, I find TONS of references and even solutions for making KDE Look and even Act like OS X; but really nothing on making OS X look and act like KDE. JUS' sayin'... ;-) but, hey, there isn't anything wrong with swimming upstream: You want what you want. I get that.
  
  Having said that, were you planning on having separate SPACES on each Monitor, or simply having an "Extended Desktop" across both monitors?
  
  I have just done a little more research; but here are a few things you might like. Don't take this as "my final answer"; but rather a few more things to check out along the way, ok?:
  
  If you really like that Win 7-esque "Start Menu and Taskbar" look, this is your guy (if it has proper Multimonitor/Multi-Space support). It looks like it emulates the Taskbar's "Each Document Has An Icon" thing, too.
  
  Also, Did you look at this thing for Focus-Follows-Mouse? You mentioned trying a Terminal Command; but the thread that talked about those said that the Codetek thing I linked here was "the only thing that really worked".
  
  I think that Focus-Folliws-Mouse thing, along with this Menubar-Per-Window thing would get around your objection to OS X's Single Menubar.
  
  A couple of well-liked Alternatives to the Dock I found:
  
  Dock-It. And DragThing.
  
  One thing is for sure, you CANNOT just disable the OS X Dock. It is actually responsible for some stuff you (and the OS) don't want to do without. But with a couple of Terminal commands, you CAN make it really, really tiny, and auto-hide it with a really long time-before-unhide. So, essentially, you can get rid of it for all intents and purposes.
33. Re: Is Linux really any better? by Anonymous Coward · 2016-06-05 14:42 · Score: 0
  
  I call bullsh*t...in 5 minutes you can install another windows manager. you don't have to use gnome 3 or KDE base, hell, Ubuntu even has several official flavors that mimic the traditional older Windows managers
Sensationalized news by bluefoxlucid · 2016-06-01 05:53 · Score: 1

Let's put this into perspective.
If your attacker can either A) hack into the Internet back-end routers; or B) physically colocate on your private network, he can hack your PC during an update check.
If we assume update checks are sufficiently frequent, then your most likely attack is from a PC on your network--a neighbor or white van that's connected to your wifi, assuming it's not encrypted with a non-trivial password ("lemonade_ghost_riders" would keep the NSA out if they had to brute-force your WPA2--don't use that password; it's public knowledge now).
The only reasonable scenario is a targeted attack by an infected machine on coffee-shop wifi. Such an attack would need to connect to the local wifi, spoof ARP packets of the router at your particular device, spoof ARP packets of your device at the router, and interpose itself. Not impossible, but very much not reasonable if two competing devices are attempting to do it.

--
Support my political activism on Patreon.
1. Re:Sensationalized news by omnichad · 2016-06-01 06:03 · Score: 4, Informative
  
  A) hack into the Internet back-end routers; or B) physically colocate on your private network
  Or just compromised DNS on your router. There are an awful lot of vulnerable router firmwares out there still in common use.
  
  Such an attack would need to connect to the local wifi, spoof ARP packets of the router at your particular device, spoof ARP packets of your device at the router, and interpose itself.
  You give coffee shops too much credit. Log into router after getting on free wifi, because the username and password are still set to the factory default. Change default DNS servers handed out on DHCP to your external host. No need to spoof anything.
  For that matter, if the coffee shop has a lower power AP, you can just bring in a discreet high-powered AP and use the same SSID. Laptops will just connect to the highest powered signal with the same SSID. Instant MITM.
2. Re:Sensationalized news by bluefoxlucid · 2016-06-01 06:22 · Score: 1
  
  True. My point was mostly that the general theme of security news is "OOOOOOOOOOOOOH SCARY HACKERS WILL HIJACK YOUR PRECIOUS DELICATE LITTLE PC ACROSS THE INTERNET!" and people imagine sitting at home, unwrapping a new desktop, turning it on, and getting hacked 4,000 times. That doesn't happen.
  Hacking home routers is actually really hard from outside. Most routers don't expose any open ports to the WAN side, so you can't just route around their broken Web apps. There's this continuing myth that you can get someone's Comcast IP address, punch it into your Web browser, and hack their router like some kind of wizard from the 90s; it's trivial to demonstrate this doesn't work, but also trivial to fool someone into thinking it's real by punching in their public IP from inside their own network--the routers often block the port *on the WAN link* by firewall policy, so if it comes from LAN link and goes to WAN IP it works, which looks an awful lot like your router's configuration being open to the world.
  The entire attack surface of a modern home router is the Linux TCP/IP and netfilter stack.
  
  --
  Support my political activism on Patreon.
3. Re:Sensationalized news by omnichad · 2016-06-01 06:34 · Score: 1
  
  Right. This would assume that their router had been hacked via the previous PC and was already running the attack.
4. Re:Sensationalized news by Tharkkun · 2016-06-01 07:48 · Score: 1
  
  Let's put this into perspective.
  If your attacker can either A) hack into the Internet back-end routers; or B) physically colocate on your private network, he can hack your PC during an update check.
  If we assume update checks are sufficiently frequent, then your most likely attack is from a PC on your network--a neighbor or white van that's connected to your wifi, assuming it's not encrypted with a non-trivial password ("lemonade_ghost_riders" would keep the NSA out if they had to brute-force your WPA2--don't use that password; it's public knowledge now).
  The only reasonable scenario is a targeted attack by an infected machine on coffee-shop wifi. Such an attack would need to connect to the local wifi, spoof ARP packets of the router at your particular device, spoof ARP packets of your device at the router, and interpose itself. Not impossible, but very much not reasonable if two competing devices are attempting to do it.
  Exactly. If you're being victimized by a man in the middle attack you have a *lot* more to worry about than your Dell/Lenovo/HP driver update suite being non-encrypted.
5. Re:Sensationalized news by jetkust · 2016-06-01 09:01 · Score: 1
  
  Do routers really let guest accounts log into them? And if so, why?
6. Re:Sensationalized news by omnichad · 2016-06-01 09:08 · Score: 1
  
  Not sure what you're asking. But a small business that happens to be cheap will be using an off-the-shelf consumer router as their "access point" and will require no password to connect and join the network. Yes, routers generally let wireless clients access the administration features, provided they know the password (still set to default). Not every consumer even owns a wired device.
7. Re:Sensationalized news by jetkust · 2016-06-01 10:01 · Score: 1
  
  I'm assuming any sane businesses are using the Guest Access or Guest Mode feature on their router, which is a separate isolated network, meaning each user connected to it is completely isolated from the other users and only has internet access. They are not actually on the network. It makes no sense the router would accept a login from such a user. I don't use a lot of public networks, but the one I do use, Starbucks, you are completely isolated. You can't just ping random people at will. You have internet access and nothing else.
8. Re:Sensationalized news by KiloByte · 2016-06-01 10:08 · Score: 1
  
  Most routers don't expose any open ports to the WAN side
  Depends on the ISP. At least around here, UPC wants port 443, Netia both 443 and 4567, for their backdoors.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
9. Re:Sensationalized news by bluefoxlucid · 2016-06-01 10:26 · Score: 1
  
  I bought my router from Amazon.
  
  --
  Support my political activism on Patreon.
10. Re:Sensationalized news by omnichad · 2016-06-01 12:58 · Score: 1
  
  So you don't mean just any coffee shop. That's a multinational corporation. Don't assume most small businesses are even willing to spend enough on a router with a guest network.
A problem? by Junta · 2016-06-01 06:09 · Score: 1

expose their programming interfaces, making them easy to reverse engineer
I fail to see how this statement should ever be construed as bad. If done properly, knowing the programming interfaces and how they work should in no way compromise the security of the system.
Also, while it's good that the new Lenovo utility employs all the security best practices and it wouldn't hurt to have signed manifests, if TLS is working properly the signed manifest seems likely to be a mostly redundant security feature.

--
XML is like violence. If it doesn't solve the problem, use more.
Solution isn't that hard by Mr_Silver · 2016-06-01 06:27 · Score: 1

Put Windows onto a USB stick.
Download Double Driver and put on stick.
Back up the drivers using Double Driver onto a folder on the aforementioned stick.
Start the Windows 10 install. Go have dinner.
Copy the drivers to the hard drive.
Reinstall any drivers from the folder on the drive as and when you need them. I tend to find the default wireless one provided by Microsoft to be rather flakey.

--
Avantslash - View Slashdot cleanly on your mobile phone.
That's why it's so important to clean up a new box by mmell · 2016-06-01 06:31 · Score: 1

Whenever I've bought a PC (that I didn't immediately install Linux on), I go through and remove all non-OS (preinstalled) software, including the OEM's updater. I make exceptions for antivirus (actually, I don't on my hardware but I do an awful lot of this for family) as well as full software suites such as MS-Office (rarely pre-installed).
I wasn't even worried about security from OEM updaters; I just don't want to spend the time, bandwidth and CPU cycles checking two sources - especially since any driver or OS patches are likely to come from Microsoft first, and I wouldn't trust an OEM to correctly relay such patches to me. Also, I don't want the OEM "updating" me to an older downgraded version of a driver or patch because they just put it up yesterday while Microsoft has had the patch up for weeks or even months.
Lock up that researcher by Anonymous Coward · 2016-06-01 06:37 · Score: 0

He said "hacking".
Anyhow, another good example of how computer security industry posers are abusing words and failing to heeding the consequences. Here, it sounds very much like this particular loser is advocating security by obscurity and "locking down" things such that end-users end up with even less control... but not more security. Good job, "researcher"!
Re:Step 1: buy the box Step 2: wipe, install clean by Anonymous Coward · 2016-06-01 06:40 · Score: 0

No such thing as a clean install of Windows anymore.
Linux, the headless box in the closet by drnb · 2016-06-01 07:08 · Score: 1

Linux is also fine for the headless box in the closet performing server functionality or providing a console environment (yeah, its still useful for some thing). Sometimes I have cpu intensive console jobs that will be running for days at a time and I'd rather not be running them on a laptop. Such headless boxes are generally an old PC that's been retired from development use.
Re:Apple is **MS Windows** doing it right by drnb · 2016-06-01 07:53 · Score: 1

Apple is also a nice way to get a clean MS Windows environment via Boot Camp. Its an end user installation of Windows, like a build-your-own-PC, so its a fairly clean install.

I've been building my own PCs from parts since 386 days. I've only had a small fraction of the Windows problems others complain about. Even good Linux compatibility. OK, it may help that the "No" and "Cancel" buttons are my friends, especially when someone is generously offering to install something for me. And I look out for those sneaky checkboxes on the installers of products I do want, sneaky checkboxes that enable the installation of some 3rd party crapware. On second thought some of the crapware is not 3rd party, I also do custom installs not default installs to catch that.

So yeah, 3rd party bundling is the source of much trouble, whether at the PC factory or in a software installer.
adviso. by Anonymous Coward · 2016-06-01 12:14 · Score: 0

https://tech.slashdot.org/comments.pl?sid=9179991&cid=52224549
Use Windows for your games until every game developer tells Microsoft to fuck off and codes for Linux. For everything else, see link I pasted above.
Microsoft tried to make multi-booting a hassle but it's not. Secure boot is a name. It is not a secure boot. Not only is Windows not secure when you bring your retail PC home, it is either Windows 10 Global Mother Fucking Spyware edition out of the box... or it's a 7/8 that goes full Global Mother Fucking Spyware as soon as you let it update.
Bill has enough money to write a decent fucking OS.. from scratch. Ask the US gov why his shit is spyware, why Google tracks, why Facebook profiles, etc.
Cunts. Wrap it up. dabbbft.
Re:That's why it's so important to clean up a new by Dwedit · 2016-06-01 15:35 · Score: 1

Then Windows 10 proceeds to install the OEM crapware automatically, since it is embedded in the system BIOS.