Acer Computer has been found to have been installing a Windows app onto its laptops since 1998 that essentially is a security-breaching activex control that allows any executable to run! If you have an Acer notebook you can test your system here:

http://vuln.sg/acerlunchapp-en.html

Just got my Acer 5680 and tested this out. Looks like they're still including this Activex on their machines shipped out as recently as last week.

I use IE7 and it prevents this from running. So for you other Acers out there you should upgrade. Don't know about Firefox or other browsers though.

Excuse my ignorance. What does this mean? With other browsers can ACER see what you'e doing with your computer? Or What?

In a nutshell, the Acer activex control allows a run() by any web site to execute any program with zero security or protection. None. All versions of IE up to 6 are defenseless, and even IE7 asks you if you want to run it rather than blocking it. Since its from Acer most users will probably accept it without question.

I have no idea what Acer was thinking by leaving such a huge hole. I can imagine lawsuits are being dreamt up at this time.

It's also not always clear why some manufacturers have done this from time to time. Sometimes they don't know or check what any third party OEM software is installing on their hardware and sometimes they intend it for another purpose. Things like this are sometimes intended to be used to "assist" the customer remotely for troubleshooting purposes.

Sony got caught with this big time when they knowingly installed a rootkit on some cd's although it wasn't an active x control.

Microsoft's "Genuine Adavantage Validation Tool" was another one and it's still around on alot of XP Installs.

The intent seems to be what you have said, but this was a very, very callous and sloppy way to try to provide customer support.

There was a lengthy discussion about this on slashdot yesterday or the day before yesterday where others have posted a workaround... Here is the discussion: http://yro.slashdot.org/article.pl?sid=07/01/08/0515200

The workaround is to use Window's register utility's unregister feature to remove Acer's ActiveX (ocx) control's entries from the registry like so:

Click Start Menu > Run and type:
regsvr32 -u lunchapp.ocx

Hi everyone,

There's an official patch up on Acer's website. You can download it here (http://support.acer-euro.com/drivers/utilities.html).

There's also a press release here (http://www.acer.co.uk) so they heard... :)

Don't know about Firefox or other browsers though.
Firefox does not support ActiveX so it is immune. I would guess that most, if not all, browsers other than MS IE are immune as well. ActiveX is a gaping security hole, has been since MS released it. The best thing is to disable it for all but trusted sites.