In designing our products and services, Acer strives to comply with the highest safety standards. To protect our customers and their data more thoroughly, we welcome security researchers, academic staff, and others from the security community to provide any information about potential security vulnerabilities that they may have. We work with those who raise major security vulnerabilities and confirm all relevant reports. Acer would like to express its sincere thanks to all those who submit relevant opinions, with the following URL (https://www.acer.com/ac/zh/TW/content/support) available for the provision of the latest software versions for verification of vulnerability reproducibility.
We work with partners, industry, and the security community to resolve vulnerabilities. When we receive notification of a potential vulnerability, we conduct a thorough investigation and work with the submitter to remedy it, while also arranging for public announcement of the issue. For example, Acer and Intel cooperated to announce a vulnerability and the status of its resolution. Vulnerabilities related to the Acer Care Center were also disclosed and addressed, with an announcement made on the website. In 2019, Acer received a notification of a security vulnerability in Acer Quick Access, which we further verified and provided a solution for on our official website.
Acer is committed to ensuring that our products are protected against attacks throughout the supply chain life cycle, from parts procurement and manufacturing to transportation, service, and recycling. We require all suppliers to comply with the requirements to reduce the risk of counterfeiting, malware, and tampering.
Acer strives to create the safest designs for users, including but not limited to the following measures:
- In terms of hardware design, we employ the Trusted Platform Module (TPM) 2.0 standard, an international standard for a secure cryptoprocessor which can reduce the risk of hackers trying to seize passwords and encryption keys for sensitive data; Kensington locks, which can physically protect data by making machines difficult to steal; a selection of security screws for desktop computers, preventing users from easily opening cases and stealing internal parts; and System Health Indicators for desktop computers, which will flash a red indicator on the power button immediately upon the detection of an abnormality to alert the user and remind them to carry out proper inspections of the system. If the user cannot access the system, they can also enter the system indicator status in the Acer Control Center and BIOS.
- On the software side, Acer Control Center and Acer Care Center enable users to connect to the Acer support infrastructure, accommodating all their support needs including a full range of services, inspections, and updates to ensure equipment is up-to-date and running smoothly; Acer Office Manager (AOM) enables offices without dedicated IT staff to effectively directly control and maintain the computers of various users across the company, as well as to monitor devices and platforms throughout the enterprise ecosystem; Proshield provides a secure personal storage area and file encryption and destruction; Norton Antivirus can detect potential threats and remove them; and, for desktop computers, there is a USB Device Filter that can set USB restrictions applied to company staff based on the needs of the particular company: read-only, only permitting mice/keyboards, or no restrictions at all.
- As for firmware, hard drives can be password-protected, preventing unauthorized access to user drives, while OPAL provides even stricter protection.