A Warning to Windows Users on Acer Laptops
Update, Jan. 16, 12:57 p.m: Acer has released an update that automates the deactivation of the culprit file, as described in this blog. The patch can be downloaded from this link here. Also, U.S. CERT has issued an advisory about this threat.
Anyone using a laptop made by computer maker Acer Inc. should be aware of a serious security threat apparently resident on many -- if not all -- models shipped with Microsoft's Windows OS over the past decade or so.
According to research first published in November and picked up only recently by geek and security news sites, Acer computers ship with a Microsoft ActiveX control that gives bad guys the ability to control any aspect of the computer remotely if the user is browsing with any version of Internet Explorer but the latest (at least in IE7 the browser is supposed to ask you if you want to run the ActiveX control, whereas older versions of IE may simply let it run automagically). Online criminals would need to lure the Acer user to a malicious Web site to pull off the hijacking -- a common Internet fraud tactic.
ActiveX (or "hacktiveX" as it is sometimes derisively called by security researchers) is a Microsoft creation that is deeply woven into the Windows operating system and into Internet Explorer. ActiveX was designed to allow Web sites to develop interactive, multimedia-rich pages, but such powerful features rarely ever come without security trade-offs.
It's not clear what function this particular ActiveX has, other than to perhaps make it easier for Acer to troubleshoot issues should customers call with support problems. Acer users can check to see whether the control is present on their machine by clicking "Start," "Search," and then entering the filename, "lunchapp.ocx". It's probably safe to go ahead and remove it by clicking "Start," "Run," and type "regsvr32 -u lunchapp.ocx" (without the quote marks). Although it might not be a bad idea to set a restore point in Windows before you do (in Windows XP, you can get to the page to set a System Restore point by clicking "Start," "Programs," "Accessories," and then "System Tools.")
I put a query in to Acer about this on Monday and again today, but have to hear back from them. I'll be sure to update this post in the event that I receive a response.
About a year ago Security Fix wrote about the danger of sloppily designed ActiveX controls. Cue the wavy lines on the screen and psychadelic music as we take you back to that post:
As it turns out, a poorly designed ActiveX control distributed by a Fortune 500 company that most consumers already trust can be just as dangerous as a malicious control foisted by a dodgy Web site. According to estimates by Richard M. Smith, a privacy and security consultant at Boston Software Forensics, more than half of all Windows PCs contain one or more ActiveX controls which allow for system takeover from malicious Web pages.
Smith found dangerous security problems in ActiveX controls distributed by dozens of other major companies, including PC manufacturers and even some of the nation's largest Internet service providers. In some cases, he said, these insecure controls come pre-installed on a Windows PC from the factory. Last year, computer maker HP and Internet service provider America Online fixed similar flaws in ActiveX controls that shipped with their software.
The most recent high-profile scare over an ActiveX control came as part of the recent controversy over a flawed piece of anti-piracy software installed by certain Sony BMG music CDs. After the label released a program to help customers remove the software, security experts found that the program left behind an ActiveX control that any Web site could use to plant any files -- even viruses or spyware -- on a visitor's computer if they browsed the site with IE.
Posted by: friedman | January 10, 2007 2:00 PM | Report abuse
Posted by: Bk | January 10, 2007 2:04 PM | Report abuse
Posted by: antibozo | January 10, 2007 2:27 PM | Report abuse
Posted by: ERS | January 10, 2007 2:30 PM | Report abuse
Posted by: Cowboy_K | January 10, 2007 3:50 PM | Report abuse
Posted by: tlcoles | January 11, 2007 4:09 AM | Report abuse
Posted by: Dennis | January 11, 2007 10:33 AM | Report abuse
Posted by: Michael Walsh | January 11, 2007 1:12 PM | Report abuse
Posted by: Anonymous | January 11, 2007 4:05 PM | Report abuse
Posted by: D. Boone | January 11, 2007 5:08 PM | Report abuse
Posted by: reader | January 12, 2007 4:04 AM | Report abuse
Posted by: J. Warren | January 16, 2007 10:26 AM | Report abuse
Posted by: UnhappyAcer | January 17, 2007 7:49 PM | Report abuse
Posted by: embjr | January 19, 2007 5:44 AM | Report abuse
Posted by: Michael Walsh | January 19, 2007 8:25 AM | Report abuse
Posted by: Michael Walsh | January 19, 2007 8:27 AM | Report abuse
The comments to this entry are closed.