You might assume your new PC is secure, but is it? In the U.S., the Federal Trade Commission just charged seven rent-to-own computer companies and a software design firm with computer spying. Some 420,000 rent-to-own computers allegedly secretly collected personal information, took pictures of users in their homes, and tracked their locations. Meanwhile Microsoft found that PCs from China had malware embedded before reaching consumers. The virus “could allow a hacker to switch on a microphone or Webcam, record keystrokes and access users’ login credentials and online bank accounts.” And, an FBI investigation found that counterfeit routers purchased by various US government agencies also were pre-loaded with malicious software. Do you assume your new PC is secure, or if not, what steps do you take to secure it?
At the very least, I would wipe the stock installation of Windows with a fresh, clean version of the OS. Preferrably from a known-to-be-trusted copy of Windows… ie. the retail version, direct from Microsoft. Windows can’t get any more “clean” and pure than that. Too bad those discs cost an arm and a leg, though. But more likely these days, I would just nuke it in favor of something else. Linux, BSD… whatever. And boom… no spyware or any other form of malware.
Edited 2012-09-25 22:56 UTC
You can download the ISOs for Windows from DigitalRiver for free and use the product key on your machine if you want a clean install.
I know absolutely nothing about DigitalRiver. What they are, what they do, whether they can be trusted.
Microsoft outsources downloads for the Home Use Program and the MSDNAA to Digital River. Trust them as much as you trust Microsoft…
That being said, a quick $searchEngine search will reveal direct links to the ISOs on their servers.
Unless your OEM is using a BIOS certificate method of activation, in which case a product key is not used at all but a certificate in the machine’s BIOS is checked against a certificate in the OEM copy of Windows. Fortunately, it seems this method is mostly phased out, but I’ve still encountered it on occasion.
I am always amazed when I meet people who don’t do this (ok, well not so much now after several years, maybe more sad than amazed). It should be common sense by now that you should only use a five foot stick when dealing with computers fresh from the store/manufacturer.
People ask me to “make the computer go faster” and all they had to do was get rid of the bazillion of infections that their OEM was nice enough to provide. Had they just done that *before* they started to blast it with their personal files…
Clever move: Get everyone hyped up about what your rent-to-own or OEM might be sticking on there so you don’t think about what the “official” hackers might be up to. I’ll give the feds this, they know how to get people riled up at anyone but them.
I would never trust any Windows install. This used to be no problem, because all you had to do was reinstall from the OS media. Now, of course, they don’t give you any media, so that you’re stuck with all their preloaded crapware, malware, whatever. My solution these days has been to rely on Linux for daily use and only use Windows for certain apps.
Very true. I agree. I never did fully trust OEM versions of Windows, and these days it’s worse than ever. At least in the past they were stored on a form of ROM, but now, it’s all on a rewritable, infectable drive. If it couldn’t be trusted in the past, then it really can’t be trusted now. Hard drive crash? $30+ to get a replacement CD/DVD-ROM disc set that should have been shipped with the machine in the first place.
I personally wouldn’t settle for anything less than official Microsoft retail media of the OS, and because that tends to cost so much and with so many licensing limitations (also enforced with software), Linux and BSD are the best choices.
Edited 2012-09-26 00:55 UTC
All you gotta do is google it and you can find the media pretty easily and if it is coming from an obviously safe download source you are going to be fine.
There is a difference between being careful and paranoia.
As bad as it is on Windows, it’s even worse on Android. With Windows, at least you can find a clean ISO if you’re smart enough to know where to look. With Android, you’re happy if somebody manages to unlock the bootloader and port stock Android to your device. Even then, you’re installing a build that was made by some hacker whom you don’t even know.
For this reason (and many others), I only roll with pure Google devices
That’s when a technet subscription comes in handy. I usually wipe and install Windows Pro/Ultimate instead of whatever OEM version they give you.
Problem is… when your TechNet subscription runs out, if you don’t renew it, don’t you have to surrender your rights to use that copy of Windows? If so, then what exactly does TechNet solve, except changing your payment from a one-time fee for the license to a subscription that needs to be renewed every year in order to be allowed to keep using the operating system?
Edited 2012-09-26 09:07 UTC
Well the surrending thing nobody does and Microsoft doesn’t give a shit about it, unless you are running your business on it Microsoft aren’t going to care.
I am still running my MSDNAA stuff.
That might be (and probably is) true, but that doesn’t exactly make it legal to break the terms. You’d be better off just installing an alternate OS. One you wouldn’t have to break the terms of agreement with in the first place.
Or I could pay the subscription or buy the full versions and not worry about it.
Making a little jab about the fact you don’t like the license is getting a little tired. We get it you don’t like Microsoft’s Stuff … that is okay, but you don’t have to litter every thread with it.
But what good is using Linux if you don’t constantly & publicly congratulate yourself for not using Windows? Who are we to stand in the way of their smug self-satisfaction & delusions that anyone cares what OS they use?
I forget about that.
Also compiling your own kernel as a rite of passage, not even OpenBSD recommend this.
My OEM Windows 7 has been installed by myself, I have the original disc with the sticker still in the DVD box and not stuck on my machine, so it’s easier to read the serial number.
I don’t have additional crap as I’ve not bought a prebuilt machine. That’s the way to go.
I have a laptop with an OEM install of Win7. They installed some crap that I can’t seem to get rid of. Been meaning to get around to a clean install. Forgot about the DigitalRiver ISOs. Thanks!
I don’t buy pre-built/pre-installed systems for my personal use so this is a non-issue for me. At work it’s not my job to deal with it (although we’ve never had any problems).
That being said, the very first thing I would do is reformat and do a clean install. Reinstalling is fast and requires almost no attention so why would you keep all that vendor-installed crapware on your system?
XP installs used to be painful (had build developer images for the department as I was the only person that could install SQL 2000 without f–king it up … don’t ask). I wasn’t allowed to use nlite and could only create Service Pack Images from the original disks.
Since I’ve been able to do USB stick installs of Vista and 7, I have been in heaven.
The Fedora USB Stick Creator they made that runs on Windows is also golden for installations.
Edited 2012-09-26 19:47 UTC
The last few 7 installs I’ve done have been from usb stick and I agree, couldn’t be easier. I can’t remember which usb creator I used now but there are a few of them that work well. I think Microsoft even supplies one now as well.
The one Microsoft Supplies is pretty much
1) Tell me the Drive
2) Tell me the ISO.
Been setting up this little Acer Revo and the AV (McAfee), was just f–king everything up. The rest of the programs were trials and games, but nothing malicious and could be easily uninstalled.
It is a shame, because I was pissed off with the PC for being slow when it was McAfee, f–king sucks.
Maybe that is why a lot of people of frustrated with Windows when they encounter it, if they are used to using another OS they have installed themselves.
But I know why Microsoft are going their own way a bit with the surface, a pure version of Windows like a “pure install”.
the little box is running like a charm now, just about to install XBMC, ePSXe and MAME … and I will have a nice little media box.
Edited 2012-09-26 20:34 UTC
what steps do you take to secure it?
Easy peesy. Wipe it and install Linux.
And I built my own secure, low power router using Smoothwall.
At the moment I’m working on getting a native install of linux on my android tablet. Once that happens android will be gone for good also. What a piece of filth that is!
Umm, how exactly is Android a “piece of filth”? Not that I’ve ever used it, mind.
http://www.theregister.co.uk/2011/04/22/google_android_privacy_conc…
For starters!
They’re in the business of data harvesting. Anything they make is riddled with malware IMHO. Filth as I like to call it.
Almost all to do with android is constantly phoning home and if you turn it all off, the device becomes useless, even as a paper weight!
I wonder if any pre-compromised machines come with BIOS or EFI rootkits, to prevent formatting and reinstallation from entirely wiping out the malware. Writing a BIOS rootkit is not exactly trivial, but I would think that the bar is lowered quite considerably for OEMs.