Nothing is perfectly secure, and we’ll never eliminate every vulnerability out there. But we shouldn’t be seeing as many sloppy mistakes as we’ve seen from HP, Apple, Intel, and Microsoft in 2017.
Please, PC manufacturers: Spend time on the boring work to make our PCs secure. We need security more than we need shiny new features.
Apple Left a Gaping Hole in macOS, and Did a Bad Job Patching It
If this were any other year, people would be holding Apple’s Macs up as an alternative to the PC chaos. But this is 2017, and Apple has had the most amateurish, sloppy mistake of all—so let’s start there.
Apple’s latest version of macOS, known as “High Sierra”, had a gaping security hole that allowed attackers to quickly sign in as root and get full access to your PC—just by trying to sign in a few times without a password. This could happen remotely via Screen Sharing, and it could even bypass the FileVault encryption used to secure your files.
Worse yet, the patches Apple rushed out to fix this didn’t necessarily fix the problem. If you installed another update afterwards (from before the security hole was found), it would re-open the hole—Apple’s patch didn’t get included in any other OS updates. So not only was it a bad mistake in High Sierra in the first place, but Apple’s response—while fairly quick—was a mess.
This is an unbelievably bad mistake from Apple. If Microsoft had such a problem in Windows, Apple executives would be taking pot shots at Windows in presentations for years to come.
Apple has been coasting on the Mac’s security reputation for far too long, even though Macs are still less secure than Windows PCs in some fundamental ways. For example, Macs still don’t have UEFI Secure Boot to prevent attackers from tampering with the boot process, as Windows PCs have had since Windows 8. Security by obscurity isn’t going to fly for Apple anymore, and they need to step it up.
HP’s Pre-Installed Software Is an Absolute Mess
HP has not had a good year. Their worst problem, which I personally experienced on my laptop, was the Conexant keylogger.
Many HP laptops shipped with an audio driver that logged all keypresses
to a MicTray.log file on the computer, which anyone could view (or
steal). It’s absolutely crazy that HP wouldn’t catch this debug code
before it shipped on PCs. It wasn’t even hidden—it was actively creating
a keylogger file!There have been other, less serious problems in HP PCs, too. The HP Touchpoint Manager controversy wasn’t quite “spyware” like a lot of media outlets claimed, but HP failed in communicating with its customers about the problem, and the Touchpoint Manager software was still a useless, CPU-hogging program that isn’t necessary for home computers.
And to top it all off, HP laptops had yet another keylogger installed by default as part of the Synaptics touchpad drivers. This one isn’t quite as ridiculous as Conexant—it’s deactivated by default and can’t be enabled without administrator access—but it could help attackers evade detection by antimalware tools if they wanted to keylog an HP laptop. Worse yet, HP’s response implies that other PC manufacturers may have the same driver with the same keylogger. So it may be a problem across the wider PC industry.
Intel’s Secret Processor-Within-a-Processor Is Riddled with Holes
Intel’s Management Engine is a little closed-source black box operating system that’s a part of all modern Intel chipsets. All PCs have the Intel Management Engine in some configuration, even modern Macs.
Despite Intel’s apparent push for security by obscurity, we’ve seen many security vulnerabilities in the Intel Management Engine this year. Earlier in 2017, there was a vulnerability that allowed remote administration access without a password. Thankfully, this only applied to PCs that had Intel’s Active Management Technology (AMT) activated, so it wouldn’t affect home users’ PCs.
Since then, though, we’ve seen a raft of other security holes that needed to be patched in practically every PC. Many of the affected PCs still haven’t had patches released for them yet.
This is particularly bad because Intel refuses to allow users to quickly disable the Intel Management Engine with a UEFI firmware (BIOS) setting. If you have a PC with the Intel ME that the manufacturer won’t update, you’re out of luck and will have a vulnerable PC forever…well, until you buy a new one.
In Intel’s haste to launch their own remote administration software that can work even when a PC is powered off, they’ve introduced a juicy target for attackers to compromise. Attacks against the Intel Management engine will work on practically any modern PC. In 2017, we’re seeing the first consequences of that.
Even Microsoft Needs a Little Foresight
It would be easy to point to Microsoft and say that everyone needs to learn from Microsoft’s Trustworthy Computing Initiative, which began in the Windows XP days.But even Microsoft has been a little sloppy this year. This isn’t just about normal security holes like a nasty remote code execution hole in Windows Defender, but problems Microsoft should have easily been able to see coming.
The nasty WannaCry and Petya malware epidemics in 2017 both spread using security holes in the ancient SMBv1 protocol. Everyone knew that this protocol was old and vulnerable, and Microsoft even recommended disabling it. But, despite all that, it was still enabled by default on Windows 10 up until the Fall Creators Update. And it was only disabled because the massive attacks pushed Microsoft to finally address the problem.
That means that Microsoft cares so much about legacy compatibility that it will open Windows users to attack rather than proactively disable features very few people need. Microsoft didn’t even have to remove it—just disable it by default! Organizations could have easily re-enabled it for legacy purposes, and home users wouldn’t have been vulnerable to two of 2017’s biggest epidemics. Microsoft needs the foresight to remove features like this before they cause such major problems.
These companies aren’t the only ones having problems, of course. 2017 saw Lenovo finally settling with the US Federal Trade Commission over installing the “Superfish” man-in-the-middle software on PCs back in 2015. Dell also shipped a root certificate that would allow a man-in-the-middle attack back in 2015.
This all just seems like too much. It’s about time everyone involved gets more serious about security, even if they have to delay some shiny new features. Doing so may not grab headlines…but it’ll prevent the headlines none of us want to see.
Gracious Arrangement 123-hp-com-envy7158.com Thanks for sharing, Grand Case 123-hp-com-envy4520.com Thanks for sharing, Granted Chart 123-hp-com-oj4655.com Thanks for sharing, Gratifying Clarification 123-hp-com-ojp8715.com Thanks for sharing, Great Clue 123-hp-com-dj2655.com Thanks for sharing
ReplyDeletehp officejet 5252 install
ReplyDelete123.hp.com
ReplyDeletehttps://123hpcoms.blogspot.com/
www hp.com 123
ReplyDeletehttps://setup-wireless-printer.com/canon-pixma-pro-10-setup-windows/
ReplyDeletehttps://setup-wireless-printer.com/hp-laserjet-m9050-mfp-wireless-driver-mac/
ReplyDelete123 hp printer setup
ReplyDeletehp123.com
ReplyDeleteNice post. Keep sharing more. Also, visit us now for printer related information,
ReplyDelete123.hp.com/setup Envy 5055 ** 123.hp.com/envy5055 Setup ** 123 HP Envy 5055 Setup ** HP Envy 5055 Printer Support ** 123 HP Envy 5055 ** HP Envy 5055 Printer 123 ** HP Envy 5055 Setup Guide **Envy 5055 Setup ** 123 HP Com Support **123 Envy 5055Printer Setup **www 123 hp com setup **HP Com Support **HP Envy 5055 Printer Help **Envy 5055 123 Com **www HP Envy 5055 123 **123 HP Envy 5055 Printer **Envy 5055 Setup **Envy 5055 Printer Support **HP 5055 Printer Setup **HP Envy 5055 Wireless Printer Setup **HP Envy 5055 setup **HP Envy 5055 Support **HP Envy 5055 Printer Technical Help **123 HP Envy 5055 **Envy 5055 Printer Setup **123 envy 5055 Printer Guide **Envy 5055 Printer Setup Guide **Envy 5055 Printer Technical Support **HP envy 5055 Wifi Setup Guide **HP Envy 5055 Wireless Setup **
Thank’s for sharing great information. Visit our website.
ReplyDelete123.hp.com || 123.hp.com/setup || 123HP Setup || hp.com/setup || hp.com/123 || 123.hp.com setup || 123 HP Printer Setup || 123 HP Printer Support || 123 HP Setup Install || 123hpcom || 123 HP Printer Install || 123hpcomsetup || 123 HP Printer Setup || 123HP Install || hpcom/123 || 123hpcominstall || 123HP Setup || 123 HP Smart App || Install 123 HP || HP 123 Setup
This comment has been removed by the author.
ReplyDeleteI think this is a useful post and it is exceptionally helpful and proficient.
ReplyDelete123.hp.com || 123.hp.com/setup || 123HP Setup || hp.com/setup || hp.com/123 || 123.hp.com setup || 123 HP Printer Setup || 123 HP Printer Support || 123 HP Setup Install || 123hpcom || 123 HP Printer Install || 123hpcomsetup || 123 HP Printer Setup || 123HP Install || hpcom/123 || 123hpcominstall || 123HP Setup || 123 HP Smart App || Install 123 HP || HP 123 Setup
Great Content here some tips regarding HP Printer, Want to setup HP OfficeJet Pro? It is very simple that you can complete it in a few simple steps. After completing the hardware setup, connect the printer to the network.After that, all you have to do is navigate to 123.hp.com/ojpro6970 and download the software.
ReplyDelete123.hp.com, canon pixma tr8540 driver , canon imageclass lbp352dn driver , canon imageclass lbp151dw driver , canon pixma tr4551 driver ,
ReplyDeleteRoku device will allow you to watch free and paid video content on your TV or another device via the Internet.In this activation process, you need to go through the Roku.com/link activation first. You can use your Smartphone and even your desktop for the app trigger.
ReplyDeleteIf you do not have printer driver software in the printer kit then you can easily download it using the HP printer install wizard.There might be a case that when some problem arises during this connection and before proceeding further you need to fix this error.
ReplyDeleteEvery day activities of the users are tracked easily without any difficulty of running out of the updates and crucial details such as the missing calories. Garmin devices are of tremendous use to the people who are in a continual need to track their location and navigation, the garmin.com/express hence allowing you to utilize the apps with the changing needs.
ReplyDeleteIt is a valid link to activate amazon mytv activate or primevideo mytv activate in your device. You can watch Amazon prime video on amazon mytv, just you need to enter a 6 digit amazon registration code on your device.
ReplyDeleteyou can gain easy access to your favorite and many other TV networks by fubo.tv/Connect. FuboTv is an alternative to cable or satellite services where instead of having any of these, you can work with your internet connection.You can select your preferred package that will activate after the free trial.
ReplyDeleteGood content. You write beautiful things.
ReplyDeletemrbahis
sportsbet
sportsbet
hacklink
vbet
taksi
mrbahis
hacklink
korsan taksi
Success Write content success. Thanks.
ReplyDeletecanlı poker siteleri
betpark
kralbet
kıbrıs bahis siteleri
deneme bonusu
betturkey
canlı slot siteleri
kütahya
ReplyDeletenevşehir
erzincan
adana
bartın
5MPA6
salt likit
ReplyDeletesalt likit
U0Y8A