There’s another example in the news of bad guys turning away from attacks on Windows and finding vulnerabilities in other programs. In my mind, it’s another striking reason to remove every bit of preinstalled software from new computers and remain very conservative about installing anything new, especially the software bundled with new hardware.
HP and Compaq computers arrive with preinstalled utilities for software updates and system monitors and information centers and god knows what all. It’s intended to keep you safe. Instead, HP has left you less secure and open to attack.
Last week a hacker posted exploits of security problems in the HP programs that could be used to break into the computers and do the usual bad things – install programs, allow the computers to be used in bad guy exploits, or whatever. The bugs exist in more than two dozen models of HP laptops sold for years, in HP’s “Quick Launch Buttons” that run as part of “HP Info Center.”
HP posted a “fix” that basically turns off some of those programs. That’s only effective for those people following the news who seek out the fix, of course. Most people with HP laptops have no idea those programs exist on their computers.
Yesterday the same hacker posted messages scoffing at HP’s response and distributing new code that exploits more weaknesses in HP’s “Software Update” program. An e-mail is sent, someone clicks on a link in the message and goes to a malicious web site, and BANG! the HP computer is dead. A brick. It becomes an ex-computer.
This is not a slam at HP. I’m no fan of the software they’ve been writing for the last couple of years, all too often badly designed and buggy, but they’re not much worse than many other vendors. Instead, it’s a reminder – remove that preinstalled software from new computers, be conservative about what you install, and never ever click on links in suspicious or unknown e-mail messages!
