Duo's research shows the Superfish controversy was but an extreme example of a wider security problem involving pre-installed software from multiple manufacturers.The OEM software landscape is complicated and includes a depressing amount of superfluous tools for vendor support, free software trials, and other vendor-incentivized crapware, Duo Security researchers warn.Some apps do nothing more than add a shortcut to launch your web browser to a specific site.The OOBE [out-of-box experience] is annoying to most people for a number of reasons. In addition to wasting disk space, consuming RAM, and generally degrading the user experience, OEM software often has serious implications on security. A few examples include Superfish, which abused the Windows Platform Binary Table to install persistent adware on unwitting Lenovo users' personal computers. The eDellRoot fiasco made a mess of the Windows root certificate store for Dell users.The two-factor authentication firm reckons simple enhancements like the consistent use of encryption, specifically transport layer security (TLS), would have significantly raised the bar for attackers.Dell – one high-risk vulnerability involving lack of certificate best practices, known as eDellRoot. Hewlett Packard – two high-risk vulnerabilities that could have resulted in arbitrary code execution on affected systems. Five medium-to-low-risk vulnerabilities were also identified. Asus – one high-risk vulnerability that allows for arbitrary code execution as well as one medium-severity local privilege-escalation flaw. Every vendor shipped with a preinstalled update that had at least one vulnerability, resulting in arbitrary remote code execution and thereby complete compromise of the affected machine.
OEM updaters are highly privileged, easy to exploit, and not difficult to reverse engineer – coupled with limited security review, this creates a perfect storm for an attacker, Duo concludes.Duo's study of OEM updates was put together by Darren Kemp, Chris Czub and Mikhail Davidov.El Reg passed on Duo's research to Acer, Asus, HP and Lenovo with a request for comment. No word back, as yet. Dell has responded since the publication of the story to say:We are aware of the Duo Security report. As always, customer security is a top priority for Dell. And like Duo Security called out in the report, we fared comparatively well in their testing and continue to test our software to identify and fix outstanding vulnerabilities as we examine their findings more closely. We thank those in the security community like Duo Security, whose efforts help us protect our customers through coordinated vulnerability disclosure.Kit accessed included the Acer Aspire F15 (UK version); Asus TP200S and Asus TP200S (Microsoft Signature Edition); Dell Inspiron 14 (Canada version) and Dell Inspiron 15-5548 (Microsoft Signature Edition); HP Envy, HP Stream x360 (Microsoft Signature Edition) and HP Stream (UK version); and Lenovo Flex 3 and Lenovo G50-80 (UK version).The consumer electronics giant's support staff have admitted drivers for its PCs still don’t work with Microsoft's newest operating system and told customers they should simply not make the upgrade.
- Battery for lenovo IdeaPad Z570
- Battery for Lenovo IdeaPad Y710
- Battery for Lenovo IdeaPad Y550
- Battery for LENOVO IdeaPad U310
- Battery for Lenovo IdeaPad U160
- Battery for Lenovo IdeaPad U110
- Battery for LENOVO IdeaPad S300
- Battery for Lenovo IdeaPad S100
- Battery for Lenovo IdeaPad S12
- Battery for Lenovo IdeaPad S10-3 0647-29U
That’s nearly a year after Microsoft released Windows 10 and with a month to go until its successor – Windows 10 Anniversary Update – lands.Samsung’s customers have complained repeatedly during the last 12 months of being either unable to install Microsoft’s operating system on their machines or Windows 10 not working properly with components if they do succeed.However, with the one-year anniversary fast approaching it seems neither of these tech giants have succeeded in solving these persistent problems.A Register reader with a Samsung NP-R590 laptop got in touch when he couldn’t install Windows 10 and after he approached Samsung support.He complained that his Broadcom wireless card does not work with windows 10.In an email seen by The Register, our reader was told frankly by Samsung:“Honestly speaking, we don't suggest installation of Windows 10 to any Samsung laptop or PC and we are still coordinating with Microsoft regarding to this matter, Samsung's UK support said.“The Drivers that we have on our website are not yet compatible to the latest version of Windows. What we usually recommend is to keep the current Windows version and we'll update you once the Windows 10 have no more issues on any Samsung laptops and computers or even monitors.”
Samsung's email limply advised the reader to contact Microsoft directly for more information, at its Thames Valley Park campus in Berkshire, UK.The Register contacted Microsoft to find out when updated drivers for Samsung PCs and Windows 10 would be released.Microsoft only managed a boilerplate statement attributed to a spokesperson. “Microsoft and Samsung are committed to Windows 10, and are working closely together to provide the best possible Windows 10 upgrade experience,“ it said.Microsoft “encouraged” Samsung users to visit that company's own website to “ensure upgrade is supported by their PC. A Samsung spokesperson has contacted us since the publication of this story to say:We apologise for any confusion caused by a recent incident where a customer service representative mistakenly provided incorrect information about Windows 10 upgrades for Samsung notebooks. We would like to remind our customers that they can visit the Samsung website where there is detailed information on the Windows 10 upgrade applicability for each Samsung notebook model run by Windows 7, Windows 8 and Windows 8.1Hands-on In its most recent quarterly earnings report, Microsoft highlighted its increasingly popular Surface line as the growth leader in its More Personal Computing line of business. Surface led the category with 61 per cent growth in constant currency, a rise driven by the top products in the line, the Surface Pro 4 tablet and the Surface Book detachable-tablet laptop.
- Battery for Lenovo IdeaPad S9
- Battery for Lenovo G575
- Battery for lenovo G570
- Battery for Lenovo G555
- Battery for Lenovo G550
- Battery for Lenovo G470
- Battery for Lenovo BATHGT31L6
- Battery for Lenovo B550
- Battery for lenovo B470A
- Battery for Lenovo B460E
- Battery for Lenovo B460A
Despite its popularity, the future of Surface — particularly the Surface Pro 4 and the Surface Book — may depend on Microsoft’s ability to address a reliability issue now known colloquially by an alarming number of users as “Sleep of Death.”I purchased a top-of-the-line Windows 10 Surface Book in February. With an Intel Core i7-6600U dual-core processor and 1TB of flash storage, it wasn’t cheap. The system had a base price of $3,199; configured with Office 365, a Surface Dock, and Microsoft Complete Accident Protection, I spent a bit over $4,000 (including tax). That may be a hefty price tag for a laptop, but I prefer to max out an initial configuration — not because I’m a power user or advanced gamer, but in hopes of prolonging my system’s lifespan and delaying the always painful process of migrating to a new system.The Surface Book was pleasing to use right out of the box. It balances the delicate tradeoff of having a bright, high-resolution (3,000 x 2,000-pixel) screen, driven by an Nvidia GeForce GPU, while still being lightweight (3.34 pounds, with keyboard) and sporting a long battery life. The screen detaches to become a nifty tablet — this feature usually works — though with less battery power, since one of the two batteries is in the keyboard attachment.