An eggplant could hijack bloatware
-
A study of software bundled by large PC vendors on their machines has found that the bloatware apps leave users exposed to easily exploitable vulnerabilities while being of little use to customers.
The research arm of infosec firm Duo Security, Duo Labs, looked at how well vendors secure updaters for their value-added bloatware, and found that each original equipment manufacturer shipped software with at least one serious vulnerability.
...
A total of 12 serious vulnerabilities were found in the OEM updaters, affecting PCs from well-known brands such as Dell, HP, Asus, Acer and Lenovo.
...
"The level of sophistication required to exploit most of the vulnerabilities we found is somewhere between that possessed by a coffee stain on the Duo lunch room floor and your average potted plant - meaning, trivial," the researchers wrote.TexMex Sauce: http://www.itnews.com.au/news/pc-makers-blasted-for-bad-bloatware-security-420300
-
Nothing new, but it's scary to see vendors are not learning. First thing for every machine under my control is to deploy a clean OS image / fresh install.
Probably they just don't want to learn, it's an additional source of income (and maybe an even better one than the hardware itself). Same with Java JRE for example, bloatware included in the installer and you have to explicitly disable it.
-
@thwr said in An eggplant could hijack bloatware:
Nothing new, but it's scary to see vendors are not learning.
I doubt that that is a factor. The issue is that they do not and never have cared. Bloatware only exists for consumers and businesses that don't follow the most basic best practices. No one who actually cares is affected by the bloatware. So there is no incentive for the vendors to protect customers from themselves in a case like this.
-
@scottalanmiller said in An eggplant could hijack bloatware:
@thwr said in An eggplant could hijack bloatware:
Nothing new, but it's scary to see vendors are not learning.
I doubt that that is a factor. The issue is that they do not and never have cared. Bloatware only exists for consumers and businesses that don't follow the most basic best practices. No one who actually cares is affected by the bloatware. So there is no incentive for the vendors to protect customers from themselves in a case like this.
It's amazing to me that consumers don't care. I hear all the time about how this or that sucks about their Windows machine, of course quickly followup up by some MAC fanboy touting how their Apple is awesome - but I guess the lost cost is what runs the day, and consumers only care about the lowest cost, even if the experience is total crap.
So one might ask, why hasn't anyone come out with a clean PC platform? Well, actually they have, Many of you already know about Microsoft's Signature Edition PC line - Where MS acquires several different vendor's machines, retools the OS to be lean and clean, then sells them at normal MSRP for that vendors device. The problem with this is I don't think there are that many low end priced machines, but way worse than that - MS does not advertise this line at all - and this is something I just don't understand!
-
@Dashrender said in An eggplant could hijack bloatware:
It's amazing to me that consumers don't care.
It shouldn't. It maps to the same behaviour that you always see from consumers. In fact, the term consumer is often used to denote situations where the buyer is not discerning.
-
@Dashrender said in An eggplant could hijack bloatware:
I hear all the time about how this or that sucks about their Windows machine...
People in general love to complain. You can't go by how much they complain, you have to go by how much they are willing to alter their behaviour which is, by and large, zero.
-
@Dashrender said in An eggplant could hijack bloatware:
- but I guess the lost cost is what runs the day, and consumers only care about the lowest cost, even if the experience is total crap.
Oh no, it isn't cost. One of the other hallmarks of the "general consumer" is overpaying. Most consumer goods, be in computers, cameras, stereos, appliances, etc. actually cost more than better performing commercial or prosumer equipment. Consumers tend to care about marketing and branding, not quality or price.
-
@Dashrender said in An eggplant could hijack bloatware:
So one might ask, why hasn't anyone come out with a clean PC platform?
They are everywhere. Most whiteboxes are like that. Bottom line... there isn't a major market for these in the consumer space. Because... people do not care. The question only feels obvious to you because you are not accepting that they don't care, but all of the consumer behaviour around this issue is explained perfectly by that one thing... bloatware doesn't matter to most consumers. At least not enough to think twice about it.
-
@Dashrender said in An eggplant could hijack bloatware:
- MS does not advertise this line at all - and this is something I just don't understand!
Who would buy it?
- Not normal consumers... they don't care.
- Not professionals or prosumers... they are not affected by bloatware as they do fresh installs.
-
@scottalanmiller said in An eggplant could hijack bloatware:
@Dashrender said in An eggplant could hijack bloatware:
- but I guess the lost cost is what runs the day, and consumers only care about the lowest cost, even if the experience is total crap.
Oh no, it isn't cost. One of the other hallmarks of the "general consumer" is overpaying. Most consumer goods, be in computers, cameras, stereos, appliances, etc. actually cost more than better performing commercial or prosumer equipment. Consumers tend to care about marketing and branding, not quality or price.
That might, and probably is, be true for non computer things, but in general I don't see the average person buying a MAC, they are still buying PCs, and typically not the expensive ones (not that buying an expensive consumer PC would matter in this case, it would still be a consumer device with crapware on it).
-
@scottalanmiller said in An eggplant could hijack bloatware:
@Dashrender said in An eggplant could hijack bloatware:
- MS does not advertise this line at all - and this is something I just don't understand!
Who would buy it?
- Not normal consumers... they don't care.
- Not professionals or prosumers... they are not affected by bloatware as they do fresh installs.
You don't think, given the choice between a machine with crapware and the same machine same price with no crapware, they wouldn't buy the crapware free machine? that's exactly how you have to advertise it!
-
@Dashrender said in An eggplant could hijack bloatware:
@scottalanmiller said in An eggplant could hijack bloatware:
@Dashrender said in An eggplant could hijack bloatware:
- but I guess the lost cost is what runs the day, and consumers only care about the lowest cost, even if the experience is total crap.
Oh no, it isn't cost. One of the other hallmarks of the "general consumer" is overpaying. Most consumer goods, be in computers, cameras, stereos, appliances, etc. actually cost more than better performing commercial or prosumer equipment. Consumers tend to care about marketing and branding, not quality or price.
That might, and probably is, be true for non computer things, but in general I don't see the average person buying a MAC, they are still buying PCs, and typically not the expensive ones (not that buying an expensive consumer PC would matter in this case, it would still be a consumer device with crapware on it).
They might not buy the most expensive, but they very, very rarely go for the most cost effective. If they did, they would be getting commercial gear and Linux most of the time. Price just isn't the biggest driver, at all, for consumers.
-
@Dashrender said in An eggplant could hijack bloatware:
You don't think, given the choice between a machine with crapware and the same machine same price with no crapware, they wouldn't buy the crapware free machine? that's exactly how you have to advertise it!
Exactly, they just don't care. Many actually argue that they like the bloatware. At best, people will choose the bloatware free only if the two items are identical, there is zero downside to the one without the bloatware (cost is identical, all features are identical) and if the choice is forced upon them rather than being optional... and still only if you market it as bloatware to their faces and shame them into it rather than letting them see marketing for the bloatware.
I can't say it enough... they don't care. At all.
-
It's not like minimal effort, bloatware-free machines don't exist. White boxes, commercial equipment, fresh installs, Linux installs, Chromebooks.... bloatware is not everywhere and yet people only seem to avoid it by accident, never as part of their buying decision.
-
If you want to see what I mean, try this experiment:
Go door to door and do a quick survey about it. Ask people "If you went to the store to buy your laptop or desktop next time and you had two identical models of computer, one with extra software installed on it by the manufacturer and one without; everything else is identical including price and availability; which would you choose?"
I guarantee that when presented with a choice, more than half with choose the bloatware because without pressuring them to think otherwise, they don't even consider it a negative.
-
@scottalanmiller said in An eggplant could hijack bloatware:
@Dashrender said in An eggplant could hijack bloatware:
@scottalanmiller said in An eggplant could hijack bloatware:
@Dashrender said in An eggplant could hijack bloatware:
- but I guess the lost cost is what runs the day, and consumers only care about the lowest cost, even if the experience is total crap.
Oh no, it isn't cost. One of the other hallmarks of the "general consumer" is overpaying. Most consumer goods, be in computers, cameras, stereos, appliances, etc. actually cost more than better performing commercial or prosumer equipment. Consumers tend to care about marketing and branding, not quality or price.
That might, and probably is, be true for non computer things, but in general I don't see the average person buying a MAC, they are still buying PCs, and typically not the expensive ones (not that buying an expensive consumer PC would matter in this case, it would still be a consumer device with crapware on it).
They might not buy the most expensive, but they very, very rarely go for the most cost effective. If they did, they would be getting commercial gear and Linux most of the time. Price just isn't the biggest driver, at all, for consumers.
Considering that most consumer buy their computer in the store, there are no linux PC options I know if in Best Buy and the like so that's out, nor are their business class machines there.
But talking about business class machines - where do you find cheaper business class machines than consumer ones? New I don't know of any, unless you're looking at lower end business versus higher end consumer.
I just looked up a HP 400 mini, and it's $450. That's without a monitor. that's probably inline with the cheap stuff at the likes of Best Buy. Though the SFF is only $50 more.
-
@scottalanmiller said in An eggplant could hijack bloatware:
It's not like minimal effort, bloatware-free machines don't exist. White boxes, commercial equipment, fresh installs, Linux installs, Chromebooks.... bloatware is not everywhere and yet people only seem to avoid it by accident, never as part of their buying decision.
Whiteboxes require going into a computer specialty shop - most people will avoid those because they think they will be oversold or the nerd behind the counter will spout a bunch of stuff at them they won't understand.
Commerical can't be purchased in a typical consumer store.
Fresh installs, People don't want to install software/OSs, that's why Linux isn't on my people's machines already
Linux - see above
Chromebook - OK I might have to give you this one. Only time will tell if the consumer is willing to accept the Chromebook as their only larger display computer experience.
-
@Dashrender said in An eggplant could hijack bloatware:
Considering that most consumer buy their computer in the store, there are no linux PC options I know if in Best Buy and the like so that's out, nor are their business class machines there.
And why do they shop in a local store that doesn't bother to carry those options? Because there is no market for them... because they don't care. If they cared, people would sell them what they want and make money.
-
@Dashrender said in An eggplant could hijack bloatware:
But talking about business class machines - where do you find cheaper business class machines than consumer ones? New I don't know of any, unless you're looking at lower end business versus higher end consumer.
They used to nearly always be cheaper. I think more recently that has changed as cheaper consumer machines have become common (because they don't have support and warranties.) But this is a new thing.
-
@Dashrender said in An eggplant could hijack bloatware:
I just looked up a HP 400 mini, and it's $450. That's without a monitor. that's probably inline with the cheap stuff at the likes of Best Buy. Though the SFF is only $50 more.
ANd is much higher quality. So, in a way, cheaper.