Posted on Wednesday February 12, 2020Bloatware is pre-installed software (that may or may not be malicious) that typically requires an unwarranted amount of disk space, slowing down your computer and exposing you to more cybersecurity risks.
In mid-2014, Lenovo users noticed that something was awry with their web browsers: banner ads were breaking webpage layouts and pop-ups were making surfing unpleasant. A deep dive into the problem led to the discovery of pre-installed software called Superfish - malware in the form of an adware pusher.
The app caused an uproar not only because of its disruptive ads, but also because it was found that Lenovo had essentially interrupted what's known in the industry as the certificate chain - a chain of trust whereby companies that run machines that users visit as they traverse the internet provide certificates that prove they're a legitimate party. With Superfish, Lenovo allegedly used self-signed certificates - as Lenovo is a known and trusted brand - making Superfish the root Certificate Authority (CA), meaning it can decide which encrypted communications to trust.
This was bad news for data privacy because in theory, Lenovo could have used Superfish to generate a valid encryption certificate, giving them an opportunity to abuse this trust to spy on PC owners. It also meant that malicious hackers could simply use Superfish's encryption methods and abuse them to intercept other people's internet traffic.
Microsoft has developed and deployed its fair share of bloatware as well. The Windows 10 operating system, in particular, has plenty of them, such as:
While some users find value in these add-ons, many prefer to start with a leaner operating system due to storage space and processing power concerns. If they want a particular software, they prefer to download it themselves so they can have greater control over their machines and how they experience their hardware and software.
Like Superfish, other Windows 10 bloatware can also cause critical vulnerabilities. One ironic incident involved a pre-installed version of Keeper Password Manager. Instead of keeping passwords safe, it allowed malicious actors behind any website to steal passwords due to bloatware. While Windows 10 users needed to enable Keeper to store their passwords that exposed them to vulnerabilities, it makes you wonder why such a flawed password manager app was there in the first place.
Removing inclusions you did not ask can be a hassle, but it's actually fairly easy. Windows has been kind enough to include a robust bloatware removal tool so that you can remove all apps you don't need. Here's how: