In designing our products and services, Acer strives to comply with the highest safety standards. To protect our customers and their data more thoroughly, we welcome security researchers, academic staff, and others from the security community to provide any information about potential security vulnerabilities that they may have. We work with those who raise major security vulnerabilities and confirm all relevant reports.
We work with partners, industry, and the security community to resolve vulnerabilities. When notified of a suspected vulnerability, we conduct a thorough investigation and, if confirmed, work with the person who submitted the issue to remedy it while also coordinating public release of the information. Acer verifies reproducible vulnerabilities using only the latest software versions available on the website. In 2020, we were made aware of five vulnerabilities related to Acer websites or software through this website, three of which were confirmed to be genuine and fixed immediately. We have also published related information and solutions to Intel’s security vulnerability announcement on the website.
Acer is committed to ensuring that our products are protected against attacks throughout the supply chain life cycle, from parts procurement and manufacturing to transportation, service, and recycling. We require all suppliers to comply with the requirements to reduce the risk of counterfeiting, malware, and tampering.
Acer strives to create the safest designs for users, including but not limited to the following measures:
- In terms of hardware design, we employ the Trusted Platform Module (TPM) 2.0 standard, an international standard for a secure cryptoprocessor which can reduce the risk of hackers trying to seize passwords and encryption keys for sensitive data; Kensington locks, which can physically protect data by making machines difficult to steal; a selection of security screws for desktop computers, preventing users from easily opening cases and stealing internal parts; and System Health Indicators for desktop computers, which will flash a red indicator on the power button immediately upon the detection of an abnormality to alert the user and remind them to carry out proper inspections of the system. If the user cannot access the system, they can also enter the system indicator status in the Acer Control Center and BIOS.
- In terms of software, 2020’s Acer ProShield Plus provides a secure personal storage area and file encryption and destruction. Users can set up alerts to record invalid logins, and the system will also send email alerts. Once access is disabled, the user will be regarded as an intruder, and their image recorded by the camera and logged in the security report. Users can set the protection status for each browser (Edge, Chrome, Firefox), and once Windows Hello authentication fails, the user’s data (bookmarks, accounts, passwords) will be locked. On the software side, we continue to work to protect customer information with Acer Control Center and Acer Care Center, enabling users to connect to the Acer support infrastructure for all their support needs, including a full range of services, inspections, and updates to ensure equipment is up-to-date and running smoothly; Acer Office Manager (AOM) enables offices without dedicated IT staff to effectively directly control and maintain the computers of various users across the Company, as well as to monitor devices and platforms throughout the enterprise ecosystem; Norton Antivirus can detect potential threats and remove them; and, for desktop computers, there is a USB Device Filter that can set USB restrictions applied to company staff based on the needs of the particular Company: read-only, only permitting mice/keyboards, or no restrictions at all.
- As for firmware, hard drives can be password-protected, preventing unauthorized access to user drives, while OPAL provides even stricter protection.