Pre-installed crapware still a problem

A recent report from Duo Security shows that pre-assembled, ready-to-run computers purchased from major vendors almost always include pre-installed software that often makes those computers much less secure. That’s in addition to being unnecessary, unstable, resource-hungry, and often serving primarily as advertising conduits.

If you purchase a pre-assembled computer, you should uninstall all unnecessary software as soon as possible after powering it up. Before even connecting it to a network. It can be difficult to identify exactly which software should be removed, but a good starting point is to remove anything that shows the manufacturer’s name as the Publisher. PC World has a helpful guide.

And now the good news, at least for some of us: Microsoft now provides a tool that allows a user with a valid license to reinstall Windows 10 from scratch at any time. Minus all the crapware that the manufacturer originally installed.

Microsoft now less sneaky about Windows 10 upgrades

Now that their free Windows 10 upgrade offer is almost over, Microsoft thought this would be a good time to reduce some of the more devious tricks they’ve employed to fool users into upgrading from Windows 7 and 8.1 to Windows 10.

One incredibly annoying behaviour of at least one of the previous upgrade dialogs was that closing the dialog by clicking the ‘X’ button at the top right corner was actually interpreted by Microsoft as approval to proceed with the upgrade.

But it’s too little, too late for some users, many of whom encountered serious problems after their computers were upgraded to Windows 10 without their approval.

Techdirt has an amusing look at this issue.

Update 2016Jul04: Apparently Microsoft is making one final big push to get people to upgrade. The Verge reports on new, screen-filling upgrade prompts that are starting to appear on Windows 7 and 8.1 computers.

Major vulnerabilities in Symantec security products

Earlier this week, a Google researcher published a report on vulnerabilities affecting all Symantec security products, including Norton Security, Norton 360, legacy Norton products, Symantec Endpoint Protection, Symantec Email Security, Symantec Protection Engine, and Symantec Protection for SharePoint Servers. All platforms are affected.

From the original report:

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.

Symantec quickly released security advisories and updates to address the vulnerabilities, including SYM16-010 and SYM16-011.

Anyone who uses Symantec or Norton security products should install the available updates as soon as possible.