This may be a good reason to spend the extra money and buy a laptop from the "business" section of a manufacturer's website rather than the "consumer" side. For an explanation of some of the differences, see Laptops for work and play: the differences that matter. In sum, the business computers cost more but are expected to last longer.
And for some, the customer can choose which software comes pre-loaded. That's an important option. While the pre-loads on the cheaper units help keep the price low, they can be a little sloppy on security. See Pre-Loaded Laptop Software Comes With Security Risks. Excerpt:
Pre-loaded OEM software has serious implications for system security. For example, in early 2015 adware called Superfish pre-installed on Lenovo laptops tampered with the Windows Platform Binary Table, allowing attackers to eavesdrop on unwitting users’ web browser traffic. Later in the year, some Dell computers became vulnerable to man-in-the-middle attacks because of an issue with the eDellRoot certificate authority.
“Every time something like this happens, we are reassured that the offending vendor of the day cares deeply about our security and privacy. Unfortunately, a cursory analysis of most OEM software reveals that very limited, if any security review was performed,” the report states.
“The thing about software updaters is that they are inherently privileged. They have to run with full system permission in order to change and modify anything,” says Darren Kemp, an analyst and author of the Duo Lab report. “A lot of the vulnerabilities we found were easy to find and easy to exploit; it is a real enticing target for attackers.”
So what does the buyer of a new computer do?
Short of explicitly disabling updaters and removing OEM components altogether, the end user can do very little to protect themselves from the vulnerabilities created by OEM update components. However, Duo Security did provide users with some advice:
-Wipe any OEM system, and reinstall a clean and bloatware-free copy of Windows before the system is used. Otherwise, reducing the attack surface should be the first step in any system-hardening process.
-Identify unwanted, unnecessary software and disable or uninstall it — less complexity generally results in fewer security flaws.
-Purchasing Microsoft Signature Edition systems may be beneficial, but it is not guaranteed to protect end users from flaws in OEM software altogether.
-Dell, HP, and Lenovo vendors (in specific cases) appeared to perform more security due diligence when compared to Acer and Asus.
Hmm. Windows operating systems aren't cheap when starting from scratch. But maybe it would be worth it.
Comments