Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Oh Bloat! - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oh Bloat!

I recently installed a new printer. Windows didn't seem to know its driver, so I "had" to supply the CD-ROM that came with the printer. Of course, being a device driver, it asked for admin privileges to install. I went for custom install instead of full, but that option failed and crashed in EMET with a buffer overflow. Not a good omen. But since I wanted to print, I de-selected "custom" and went for "recommended". Yes, I'm naive at times. Apparently, all it takes to "p0wn" me is to ship me a printer together with a CD. [blush].

20 minutes later, I was the proud owner of FOUR pieces of software that have NOTHING to do with printing. What the [beep]! And to add insult to injury, TWO of the four pieces didn't show up in Add-Remove-Programs, and hence could not be "easily" evicted again. The most annoying piece was "isuspm", Acresso Software Manager. Completely getting rid of the four pieces of bloatware required use of Sysinternals "Autoruns", plus generous "del /s /q /f *" at the prompt, plus six! reboots. Yes, I probably could have reverted to a snapshot, but I kinda wanted to keep the printer driver itself.

Hello, dear printer vendors: Charge me 15$ more for the printer, if you must, but stop wasting my time un-installing all that [beeping] [beep]!

If you are in a similar situation, ignore whatever comes with the printer (especially the CD!), go to the web site of the printer manufacturer, and search for the device driver for the model at hand. Somewhat to my surprise, they offered an "expert" install that came without all the crud, and just included the driver. Now .. why can't this minimal installation also be on the CD? Why screw all the poor home users [and naive ISC handlers :)] for no good reason except to make five measly dollars on the side??

 

Daniel

367 Posts
ISC Handler
You could take an optimistic approach, they gave you a training refresher on how to clean a computer. :-)
Tracy

1 Posts
Five bucks on everry printer they ship, WHETHER IT GETS SOLD TO A REAL CUSTOMER OR NOT, times 1 million printers? That's getting close enough for my retirement dream of buying a 53 foot Hatteras sport fisherman and living the rest of my days searching for giant bluefin tuna (to suppliment my depleted retirement funds). ;-)
Moriah

133 Posts
I hate to lean towards regulation, but honestly this type of behavior (of adding unneeded applications and software to installation programs) by hardware manufacturers should be illegal. I wonder if the EULA covered this bloatware because I was under the impression that they need your explicit permission to use your HDD space for any extra (unnecessary) software. Otherwise, it could very well be a legal violation.

Another pet peeve of mine is when you download and want to install the latest version of whatever-application and they jam in a few extra applications as well that you have to explicitly deselect. It should be the other way around, that you have to explicitly select the extra applications if you actually want them. Or better yet, don't "bundle" the software at all.
da1212

69 Posts
All that Windows needs to install a (printer) driver is a *.INF which references and copies a VERY small number of files.
There is ABSOLUTELY no need to ship some [beep] *.exe to unsuspecting users.
Educate your (l)users to install (printer) drivers the Windows way, and trash all hardware which does not allow this and/or does not ship with the (unpacked) *.INF etc.
Anonymous
If it was an HP printer in the 6th paragraph you gave them permission to remove "data" from your computer. Enjoy your spyware.
Anonymous
You can often download a basic driver, as opposed to the 'full feature' driver provided on the CD.
Anonymous
Quote:If you are in a similar situation, ignore whatever comes with the printer (especially the CD!), go to the web site of the printer manufacturer, and search for the device driver for the model at hand. Somewhat to my surprise, they offered an "expert" install that came without all the crud, and just included the driver. Now .. why can't this minimal installation also be on the CD? Why screw all the poor home users [and naive ISC handlers :)] for no good reason except to make five measly dollars on the side??



dolium volvitur Daniel... and the printer manufacture is?? Please elucidate.
ICI2I

63 Posts
I have a printer manufacturered by BROTHER.

I also have:

C:\Users\M\AppData\Roaming\FLEXnet\Connect\Database>

type isuspm.ini

[General]
Frequency=-1
[Schedules]
{869FCC6C-5669-4B0B-827E-2BBAACD88A87}=Nuance PaperPort 12
[{869FCC6C-5669-4B0B-827E-2BBAACD88A87}]
sch1=1000
sch2=1000
sch3=1000
sch1last=2015/05/18@13:53:57
sch2last=2015/05/18@13:53:57
sch3last=2014/09/13@18:06:26
sch1remind=-1
sch2remind=-1
----------------

Hmm. Now I know why I occasionally get reminded to "upgrade" (using my $$$) to a "newer" version of the PaperPort software.

Sigh.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!