Acer May Be Bugging Computers 396
tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"
Re:Phew! (Score:3, Insightful)
Re:The 4th USB port (Score:5, Insightful)
Plus, if they do no wireless, Wifi-only and Wifi+BT models, with a single Mini-PCI slot, they would need both Wifi and Wifi+BT cards, if they have a "hidden" USB port, they only need to stock Wifi mini-PCI cards and USB bluetooth adapters, the same adapters that are sold independently.
Re:The 4th USB port (Score:3, Insightful)
Lessons learned... (Score:5, Insightful)
2) When you can't build your own (laptops), *always* re-install your OS after purchasing a new computer, and for God's sake use a real install CD and not the recovery one provided by the manufacturer.
Re:Isn't it a little bit naive (Score:3, Insightful)
P.S. I want to see Holmes on Homes run across a secret explode-on-remote-command thing in an episode. That would make my week.
Easy fix for this problem (Score:2, Insightful)
Re:Wow (Score:2, Insightful)
And he would be absolutely correct, well acer is not exactly off the hook here either.
Re:Wow (Score:2, Insightful)
acer is not exactly off the hook here either.
That's an interesting way to put it. But I guess that's the only way to rationalize it if you were desperate enough to pin this on Microsoft for some reason.
Re:And now that it's publicized... (Score:2, Insightful)
Re:Easy fix for this problem (Score:2, Insightful)
Re:Isn't it a little bit naive (Score:2, Insightful)
I believe that everyone who has a flashing 12:00 on their VCR/DVD player should be fined until they know how to fix it.
I've got a flashing 0:00 on my stereo and I'm a computer programmer. Do I know how to set it to the correct time? Sure! Thing is, the clock resets whenever the electricity goes out. It's not that it happens that much, but there was a period here (I think they were working on the grid) that it failed for a minute every few days. I got sick 'n tired of putting in back the time and that is why it's still flashing.
According to you, I should get fined.
It will never change: a computer can do no "big harm" (according to the public) as can a grill combined with gasoline. Sure, idenitity theft, aiding spambot networks, and "degraded performance" are things that these no-technical people can and will experience but none of these exactly "harms them". At least not in the short term, because long term is not in their scope. Sure, worst case they get their identity stolen, but they will not "link" this to "bad security habits" they had in the past: it will be the "Evil Hackers" that did it. (Exactly "How" is magic to them, and to them they did nothing wrong) It's a bit like coming home and finding that your dog pooped in your slippers. You hold his nose into the poop to "teach him a lesson", alas, the poor dog doesn't understand the punishment because he pooped there hours ago and doesn't link the punishment with the "offense". (Note, I don't have a dog and I only heard that this. Don't take it as a "fact" but as an illustration.)
I used to be for a "internet capability license", but I just ditched that idea. I had the unfortunate experience to teach "initiation to information technology" (=Glorified Word course) to 13 year olds in a "technical school". Now, you have a bunch of 13 year olds that don't even know how to use a keyboard correctly! Sure, that should have been the first thing I should have explained, but I didn't know better! I was in the illusion that keyboards were self-explaining. (Hint: they are not) So, they all know how to surf (with Flash games and MySpace-style homepages being favourites) but they type their capital letters by pushing in "Caps Lock" then pushing the letter they want and then pushing "Caps Lock" again. These habits are hard to get out, because they have been doing this forever at home.
The general "computing public" is no more than these 13 year olds, and worse: those 13 year olds will learn eventually because they are young and their minds still absorb a lot. Now, for adults, the picture is not so rosy.
Hey, I don't care anymore! I've gone back to IT, and am happy with people that know shit: Because of [slashdot.org] this [slashdot.org]
On behalf of Acer (Score:3, Insightful)
Solution to this 'bug': If you buy an Acer, by one that comes with Linux.
Re:Phew! (Score:2, Insightful)
Re:On behalf of Acer (Score:5, Insightful)
Re:Wow (Score:1, Insightful)
Funny you mention that, because I think that's the level of cognitive awareness needed to turn this into a "it's all Microsoft's fault" debate.
And actualy the lawsuite for spilt coffee and a million bucks entailed the coffee being so hot it melted the cup
Yes, well. Would you rather I use another example of a frivolous lawsuit? There's lots of them to go around.
This type of stuff shouldn't be able to happen after how many exploits causing malicious harm to computers.
I don't understand this. Are you saying it's Microsoft's fault, or that Acer is less culpable?
I can do lots of bad stuff with an XPI extension, like turn your machine into a spam zombie, download kiddie porn and randomly delete your documents. Would you mind much if I blame the Mozilla foundation for things like that?
Multiple Angles (Score:3, Insightful)
Of course I'm talking about the driving force behind almost all new electronical inventions, the Pr0N.
Wider scope (Score:5, Insightful)
Intel had to allow people to disable CPU ids.
Why is Microsoft allowed to "embed" an id string like the WGA identifiers that allow them to identify and traceback any individual who does an update of LEGALLY LICENSED SOFTWARE?!?!?
Why do I see a 3 year backlog of error/debug messages in certain WinXP system log files, and receive advice on how to disable error logging instead of someone FIXING THE PROBLEM?
Re:present on Aspire 1690 (Score:5, Insightful)
Re:@mozilla.org/process/util;1 (Score:5, Insightful)
The difference between ie activex and fx extensions is that firefox encourages you to go through addons.mozilla.org, for which all the extensions are reviewed (though I don't know how thoroughly) and update automatically (eg if exploits are found).
Re:Wow (Score:2, Insightful)
Re:to those of us uneducated (Score:3, Insightful)
OK, let's say you are gullible enough to think that they can take all of that they want, and still not put you at risk - now, think for just a moment about who 'they' are...? What are the odds of 'they' going to all that trouble and not having some plan to do something with what they glean that you will not be pleased with...? Still not impressed?
How's this... Acer sits around and waits for just the right time and boom - they toggle a flag on your computer that makes it appear that it needs to have XYZ repaired, and what do you know, the only resource is...ACER!!
There is an old saying (paraphrased, I don't recall the exact quote), "Never attribute to malice what can be explained by incompetence." I think this is just a case of gross incompetence, but not malice.
Re:Lessons learned... (Score:3, Insightful)
So, for the other 99% of users (you know, the ones who just want a computer that does what it's advertised to do), what's the solution?
Re:Phew! (Score:4, Insightful)
I run Debian
Re:PHB == appendix (Score:3, Insightful)
While I don't know the specifics of your situation and am not fond of defending PHB decision, sometimes there is a logical reason to do something that appears stupid because "that's what's it says in the contract". For example, the contract could have a requirement to ship all machines in the same configuration, so if you upgrade it later you have to go back and update all the older machines at your cost; or you could be charging someone else more for 250g machines with contract provisions that give them a "best price" so when you sell 250g devices to A at a price less than you charge B; B is entitled to a refund.
I've seen some really stupid looking (on the surface) things done that were understandable once you learned the contractual reasons behind them - for example we would not let anyone use a conference room in our building - even though it set empty 90% of the time. Why? We were allowed to charge a client for 100% of the cost of the room - and had to discount that if anyone else used it. Since we weren't going to give up the revenue it sat empty most of the time. Stupid? Not when you looked at the bottom line, even if it meant people had to find another room to use.
Generally companies are not so inflexible - until something goes wrong and lawyers start looking over thr contract and contract performance - and suddenly the no big deal things become problems.
Re:I'm not impressed with this IE7 "improvement" (Score:4, Insightful)
You don't need to sandbox the plugin itself - you need to sandbox any code the plugin downloads and executes. For example, a Java VM plugin is not in a sandbox, however *it* sandboxes the bytecode itself - the VM restricts what the code can do. On the other hand, ActiveX failed to do this since it provided functions to access every aspect of the host environment.
So this isn't anything to do with insecurities in the browser, this is down to insecurities in the plugin. Any firefox plugin that allows anything downloaded from the web to execute arbitrary commands on the host would be considered similarly insecure.
Re:to those of us uneducated (Score:3, Insightful)
Well, duh
A good con man always remembers the mark... Not stepping in it is all part of the dodge [filmogs.com]. Most times, during those days, it was one way, and the odds of seeing the same mark were pretty low. Families and individuals going to California [lyricsfreak.com] to make a new start for their future, right after the war, were all part of an influx that would last for decades.
U-Haul celebrated 60 successful years in 2005 [uhaul.com], which puts them in business starting in 1945. The 'American Dream' that drove the migration west kept U-Haul busy and growing, and it wasn't until 1987 before their records revealed more equipment leaving California than was going in.
Re:Lessons learned... (Score:3, Insightful)
Buy a Mac.
(Seriously.)
Re:The 4th USB port (Score:3, Insightful)
That's an insane attitude. Do you have any idea how many other unused parts there are in any PC? Strip it down to the motherboard and you'll find blank places for additional ports. Sometimes these even have blankers on the case in laptops. I used to work as an engineer in a laptop factory and one of our models had the places for a 9V adapter (it had a mains adapter as standard) as well as space for more video ram and a COM port. Never once were these ever used in any models we made, apart from a couple of prototypes. You'd need to see the board or the schematics to even know about their existence.
You got what you paid for. Consider the "hidden" usb port a bonus. My current laptop has a built-in webcam hooked up to one of these ports. The internal architecture really isn't all that important to me as an end-user.
Re:Phew! (Score:2, Insightful)
There Should be. We need a "+1 Godly" also, and perhaps a "-1 Meaningless Evangelism" to handle all those "My OS Sucks Less than yours" posts.