Of eight different bloatware updaters found (some brands used more than one), only the Lenovo Solution Center 3.1.001 updater complied with best security practices across the board.
Without going into excruciating detail, Duo tested five major security components in the updaters: whether the update manifest (or list of updates to be installed) was transmitted over secure channels whether the manifest was digitally signed to verify that it came from the OEM and not an impostor whether the updates themselves came with secure authentication and whether the updater authenticated incoming code. In theory, it’s simpler than updating each program individually, but in practice, it’s much less secure, and devotes resources to programs you don’t really need in the first place. While the basic Windows Updater is quite secure, hardware manufacturers often add their own updaters, which also keep the bloatware and some drivers up-to-date.
(There may be vulnerabilities in other bloatware programs, but the researchers determined - correctly - that the updater would be the easiest point of attack.) In each case, the problem stemmed from the built-in updaters created for the various forms of bloatware. MORE: Best Antivirus Protection for PC, Mac and Android
0 kommentar(er)
