Bloggers Received Acer Laptops With Flaw

    January 9, 2007
    WebProNews Staff

A public relations effort by Microsoft and Acer to provide a number of bloggers with Acer laptops loaded with Windows Vista became something of a PR nightmare for Microsoft; Acer has its own little issue to handle now too.

Bloggers Received Acer Laptops With Flaw
Did Acer’s Laptops Disappoint?

The angst proved palpable after PR firm Edelman began contacting a large number of bloggers who write about Microsoft and offered them Acer Ferrari laptops preloaded with Vista. Although the laptops were being made available with no strings attached, a lot of people began complaining loudly about the campaign.

Many bloggers expressed concern about being compromised by such a lucrative gift. Others complained that plenty of bloggers quietly accepted the laptops without comment, and likely no plans to disclose their arrival.

They may have something to talk about now, if they didn’t plan to do so previously. Inside of Acer laptops, there is an extra library file present that according to security firm F-Secure could pose a problem if compromised:

Yesterday, we tested a library taken from a Acer notebook. It’s very common that vendors sell machines with preloaded applications and system components of their own. The library, named LunchApp.ocx, is probably supposed to help with browsing the vendor’s website, enable easy updates and such – it turns out… it also makes all those machines vulnerable to a specially crafted html file that could instantly download malicious file(s) onto the user’s machine and then execute them. It gets even better… “safe for scripting” is enabled on the .ocx library by Acer so you wouldn’t even see when it’s used.

Improved security has been a mantra recited by Microsoft throughout the half-decade it took to build Vista. Even the disclosure that a bug has already emerged targeting Vista hasn’t done much to alter their stance.

As F-Secure noted, LunchApp is an Acer component, added by the OEM to machines destined for market. Microsoft doesn’t control that code. But if a bunch of blogger machines suddenly ‘lost their lunch’ so to speak over an exploit hitting LunchApp, Microsoft will very likely hit the windshield of blame like a big juicy bug. Splat!

Add to | Digg | Reddit | Furl

Bookmark WebProNews:

David Utter is a staff writer for WebProNews covering technology and business.