A recent security analysis of OEM laptops running Windows 10 by Duo Security Inc concluded that all analyzed devices had privacy and network protocol related issues.
The seven laptops, produced by Dell, HP, Lenovo and Acer, shared many of the privacy and security issues, while some laptops had additional issues caused by installed OEM software.
The team looked at the network traffic that each device produced, and noticed -- among other findings -- the following:
Six of the seven laptops came with McAfee security software pre-installed. The researchers discovered that systems the software was installed on connected to a third-party tag server on the Internet.
Tags allow for management of cookies, tracking a browser/computer/user across time and space for marketing purposes, helping a vendor comply with “Do Not Track” settings in browsers, allow for the management of content such as new product offerings based upon numerous factors including time (like the first 30 days of a trial that starts after you power on your computer for the first time).
Odds are that McAfee is mainly using tags for the latter, but as I could find no documentation anywhere about how they are actually using it, I am assuming they are gathering at least some data from users
Suggestion: Uninstall McAfee software and use another security solution instead.
Automated network services put the computer at risk as soon as it started to talk on a network.
The researchers found the following protocols or services to be problematic from a privacy or security perspective:
1. Link Local
Link-local is an older protocol. In basic terms, it allows for a network interface to “self-configure” an IP address when other methods are absent (such as DHCP) or have simply failed (unable to read a config file).
However, when a wireless network interface is introduced, the local network segment is now confined by how powerful the wireless network interface actually is. This means that an attacker could conceivably start manipulating the wireless “local network” as they see fit.
2. WPAD and LLMNR
WPAD is really trying to make things easier for the end user. One common thing for the computer to ask is “where is the web proxy so web browsing will work?” WPAD is the one that asks the question and fields the answer. The issue - much more prevalent for wireless - is that anyone nearby could provide that answer, even when no proxy is required.
LLMNR is the IPv6 version of link-local, and as we mentioned previously an attacker could answer some of those important questions the victim computer is asking, allowing for the manipulation of traffic to the attacker’s advantage
3. Smart Multi-Homed Name Resolution
Smart Multi-Homed Name Resolution remembers what DNS server is the quickest. You connect up to the Wi-Fi at the coffee shop, the DNS for the coffee shop is deemed the fastest (probably by default), and then you connect up to the VPN at work.
Sure, your DNS requests are now going over the VPN, but a copy of the requests are still being sent to that coffee shop DNS, leaking DNS queries to the coffee shop’s ISP, or to anyone else in the coffee shop sniffing the Wi-Fi.
4. Teredo Tunneling and ISATAP
Teredo Tunneling and ISATAP are both technologies that build upon the same territory laid down by our friend link-local. Both are intended to help the computer operate IPv6 in IPv4-only and IPv4/IPv6 mixed environments respectively. However, if you plan on taking your new laptop to the coffee shop (or any other place with free Wi-Fi), there is an inherent danger of MITM attacks
Tap on the Windows-key, type regedit.exe and hit enter. You may need to confirm an UAC prompt before the Registry Editor opens. Keep it open until you are done disabling all features below.
To disable LLMNR
To disable Smart Multi-Homed Name Resolution
To disable WPAD
Disable teredo tunneling and ISATAP
Privacy related settings were reset after certain updates were installed on machines running the Windows 10 operating system.
Since it cannot be helped, it is suggested to go through the Settings after updates are installed to make sure they have not been reset.
If you notice issues after making changes to the computer running Windows, then it is suggested to remove the Registry keys that you have created, and to change the state of services to enabled again.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.