McAfee shovelware emits tracking beacons

Researchers at Duo Labs bought a "stack" of OEM laptops and audited the preinstalled shovelware they came with, looking specifically at the security implications of the default settings.

They found a hot mess. Hardware companies are still installing man-in-the-middle certificates, even after Lenovo and Dell were pilloried in the press for doing just this.

There are a host of other problems, though. Most interesting is that McAfee's "security" software emits a tracking beacon that appears to be gathering data for targeted advertising. Remember, it used to be that if you weren't paying for a product, you were the product; but today, even if you pay for the product, you're still the product.

One particular finding: McAfee is using web bugs that can be used to track and serve advertising to users. In our opinion, this is the only purpose these web bugs serve. In addition, it is against security best practices to trust third party sites and allow them to load content. It puts users at risk and benefits only the vendor and advertisers.

Bring Your Own Dilemma: OEM Laptops and Windows 10 Security
[Mark Loveless/Duo Labs]

(via /.)