Skip to main content

Bloatware can have your PC hijacked in 10 minutes

Bloatware that comes preloaded with a bunch of laptops you can get off the shelf can put your computer to so much risk it's ridiculous.

Those are the overall conclusions of a new research done by security experts at Duo Security. They have tested 10 different laptops by some of the most popular manufacturers including HP, Acer, Dell, Asus and Lenovo, sold across the US, Canada and the UK.

Bloatware (some also refer to it as 'crapware'), is essentially unwanted computer software that comes pre-installed on a new computer. Most of it is considered useless.

But having bloatware on your computer, and needing to update it through the manufacturer's updater, spells trouble. In many cases, these updaters aren't secure and can allow hackers to modify them, adding potentially harmful programs.

"For example, in one Lenovo updater, they obviously put in a lot of effort to secure it, and then running parallel to it was another updater that had none of the security features enabled,” Duo Security's director of security research, Steve Manzuik, told IBTimes UK.

All manufacturers have been notified of the security vulnerabilities. Some reacted quickly, others not so much. "Asus and Acer were the worst. With Asus, there were two different vulnerabilities. This one had code execution that was quite obvious and easy to exploit – it literally took less than 10 minutes to attack the system using that vulnerability," said Manzuik. They were told the issues would be patched, but three months later they’re still active, he added.

Duo Security believes the best way to protect yourself from any potential harm is to simply uninstall all third-party bloatware.

In a lot of cases, our biggest concern is that a lot of people are buying these laptops and then bringing them into the corporate network. IT guys need to tell them to remove bloatware and clean the computers up," warned Manzuik.

Lee Munson, security researcher for commented: “Bloatware is remarkably easy to remove from your PC. Much like any other unwanted program, all you need to do is open your Control Panel, scan through the list of programs installed on your machine, and choose which you would like to uninstall. While I would recommend doing this the first time you use your new machine, it is a process that can be undertaken whenever you like; just be careful not to remove anything that actually is useful.

“Bloatware, like any other type of software, can be vulnerable and susceptible to attack and it really is down to the user to educate themselves about the risks and how to check what is running on their system and how to remove unwanted programs.

"If any type of regulation or legislation were to be brought in to deal with bloatware, well, we know how well that normally pans out…”

Photo credit: scyther5 / Shutterstock

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.