OEM Laptops and Windows 10 Security Paper Suggests Remove McAfee from PC's

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Late last year, Duo Labs, the security research team of Duo Security, purchased a stack of OEM (Original Equipment Manufacturer) laptops to see how secure they were. Some problems immediately jumped out at us, like the eDellRoot issue, but a few other issues took a bit more sorting through.

I took a look at the network by sniffing the laptops as they were first booted, and then, once configured. The idea was to judge how secure the laptops were based on network traffic and network presence.

Spoiler alert - from a network perspective, the laptops I looked at were kind of a mess.

Our Findings: Laptop Security & Privacy
Normally, we would just find the flaws, report them to the vendor, and release this paper after patching was complete and everyone was safe. But in this case, we found issues that would not necessarily meet the criteria of a vulnerability report.

The main takeaways include:
  • Many of the privacy issues found affected all of the laptops. Some were more serious than others, but all laptops had issues.
  • Network protocol-related security issues affected all laptops, starting from as soon as the laptop appeared on the network during initial boot.
  • After Patch Tuesday updates, many privacy settings that were adjusted were reset to their default settings - without any notification to the end user.
  • The lone OEM Microsoft Signature Edition model was more desirable since it contains less bolted-on and unneeded software, resulting in less questionable traffic.
  • One particular finding: McAfee is using web bugs that can be used to track and serve advertising to users. In our opinion, this is the only purpose these web bugs serve. In addition, it is against security best practices to trust third party sites and allow them to load content. It puts users at risk and benefits only the vendor and advertisers.
Some of the issues were so glaring we felt compelled to provide tips on securing these laptops. Download our paper (PDF) for a full technical explanation of our security research and what you can do to minimize the impact of those results.

Real-World Impact: Security Concerns & Attack Scenarios
The main attack scenario to consider is not the new laptop user at home - at least from a network perspective - but, rather, when that new laptop user grabs their fresh purchase and heads out the door to the coffee shop, the hotel on a trip, the favorite restaurant chain with “free Wi-Fi,” and so on.

Default laptop settings and protocols make it easier for an attacker to sniff, grab, view and redirect the unsuspecting laptop user’s traffic for illicit purposes. Attackers can steal online bank account passwords, view company data and more due to default firewall settings and services that are exposed on the network.

This is just powering it up - good hygiene like using strong passwords and two-factor authentication, regular patching, and safe web surfing habits are not even being discussed in this scenario.

Default Settings Compromise Privacy
There are a lot of new features in Windows 8 and 10 that collect data about the user and laptop. Some of that data is uploaded to Microsoft and OEM vendor servers. On Windows 8, there are five screens of privacy settings, and on Windows 10 there are thirteen.

All of them are on by default. Many of the applications and services connected to these privacy settings start phoning home as soon as the laptop is connected to a network, before you are logged in. For anyone concerned about privacy, it would be ideal to have a chance to opt out - particularly when it’s not obvious that the collection and uploading of data is even happening.

Turning them off seems like it would be a straight-forward process, but in some cases it requires either a service to be disabled or registry keys created/adjusted. So, an average user either wouldn’t know how to do it, wouldn’t think to do it, or both.

Additionally, when some of these applications and services get updated on Patch Tuesday, they resort to their default settings - without warning. This means every Patch Tuesday you will have to be in the habit of checking those privacy settings to ensure they stay off.

Data Collection Privacy Concerns
Encrypted network traffic was not examined, although after some investigation it was possible to tell at least the type of data being transmitted back to a Microsoft or OEM vendor server. It might give one comfort to know that virtually all privacy-related data was encrypted before transmission, but the data is still being collected nonetheless.

I understand the desire of the vendors to collect data to improve their products, I would just prefer to not be opted in without consent, particularly after I’ve adjusted the privacy settings with the explicit intent to stop data collection.

Conclusions
For the inexperienced beginner, the paper may seem rather daunting, but for your average IT person, this should be fairly easy to follow and understand. And let’s face it, every one of us who “computer” for a living have become the family and friend de facto standard help desk for those nerd-challenged who get a new laptop, and were probably asked to “make it secure from the various evils you keeping going on about”, so this one’s for you.

Is the laptop safe enough to take to a hacker conference? Well, it won’t be low-hanging fruit if you complete the mitigation steps, but I’d still consider it at risk in extremely hostile environments.

This is a laptop running Microsoft Windows and a blog post about risks and turning off the really crazy stuff, not a hardening guide. That being said, I’d be a lot more confident handing the laptop back to your tech-challenged friend if the steps from the Detailed Mitigation Instructions section of the paper are taken.

At least from a network perspective, things will be a lot better before they pack up that laptop and head to the nearest coffee shop with public Wi-Fi.

Download the full technical paper (PDF) for detailed mitigation instructions, including how to adjust Windows 8 and 10 privacy and security settings:
  • Removing McAfee and setting up Windows Defender
  • Adjusting firewalls to stop the transmission of data
  • Disabling settings for Windows privacy
  • Disabling and deleting OEM apps that gather data
And how to configure advanced security settings, including:
  • Disabling LLMNR, Smart Multi-Homed Name Resolution, WPAD, Teredo Tunneling and ISATAP
  • Other low-level privacy setting adjustments
Download the full technical paper (PDF)
 

8-Bit Ghetto

Level 1
Verified
Mar 16, 2016
46
Yeah remove all pre-installed security software and junks that come with it because they are just wasting spaces and resources. This is why I hate buying laptops in the market because they come with pre-installed apps that I don't really need it.
 
  • Like
Reactions: Cats-4_Owners-2

Entreri

Level 7
Verified
May 25, 2015
342
First thing I do is uninstall McAfee, then every single software OEM has put on a laptop besides OS and required software (e.g. Nvidia).

So much bloatware, I went from 1 minute boot up to 10 seconds, Win10 machine, no SSD. Some people do a clean install, I was too lazy.
 
  • Like
Reactions: Cats-4_Owners-2

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Download clean iso from MS, format laptop, clean install.

Precisely what I did on my brand new laptop previously. Download the WIn10. format it and then clean install.

Once clean install, uninstall those unnecessary "gadgets".

One by one install these:
Office + PDF reader/writer.
Light Virtualization software,
Anti-Executables

Finally, good to go!.
 
  • Like
Reactions: Cats-4_Owners-2

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
  • After Patch Tuesday updates, many privacy settings that were adjusted were reset to their default settings - without any notification to the end user.

This happens to any system, not just OEM.

It is funny they do not touch the subject of Lenovo bloatware on BIOS level, despite this had caused an uproar before. They however touch the McAfee Web beacons which I agree it should not be there. Yet, it does not mean the McAfee product itself is bad. This should be added to their report and not just jump into conclusions because of the privacy issues and simply advise in how to remove. (they briefly make a comparison on detection/protection by just tossing numbers without proper info to backup how those numbers came alive...)

Some solutions present in OEM systems are not bloatware. ASUS ROG for example do not ship with bloatware, nor does Alienware or even MSI.
Origin is custom built anyway, so you can list what software you want.

Lenovo has history of bloatware, Acer and Dell as well. For the average user, who does not know much about computers, chances of them removing the bloatware is minimal, even more minimal for them to come across this article/pdf. Let alone remove bloatware that has "privacy concerns". The same users will perhaps read an article somewhere no the web, see some Ghostery usage recommendations and just download install and forget, which as we all know, to run ghostery and prevent partially the data collection, you have to tweak the default settings, despite even if you opt for no data collection, they still collect behind the scenes anyway (this is why I do not recommend Ghostery to anyone).

McAfee’s use of Tealium’s tag technology brings into question what information McAfee is tracking on its users - certainly enough to try and get you to purchase their products and services.
I am surprise they are not hammering Microsoft for the privacy issues. Nowadays the privacy topic is just spiraling out of control. Soon we will have Norton and the likes involved, because everyone who is jumping to the bandwagon of privacy issues is just getting too paranoid, forgetting that the "issue" always existed for the most part.

Finally in regards to disabling telemetry and other stuff in windows, why going through the trouble of regedit etc when there are free tools available that do that. Fair enough recommending for the advanced user but new users will never do that. Chances of them doing that would be greater if GUI tools would be mentioned.


All in all, agree and disagree. The whole privacy topic is just old news by now and everyone wants a piece of the pie.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Honestly another big way for Microsoft to promote their Windows Defender as primary Antivirus there, although the main point is the removal proposal of OEM programs because its not indeed related to protection but gathering information without user awareness.

That is the problem when it comes on massive advertising, other security companies have no ability to surpass because of its way to compete.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top