Lenovo Busted For Stealthily Installing Crapware Via BIOS On Fresh Windows Installs

from the not-learning-any-lessons dept

It looks like Lenovo may not have learned much from February's Superfish shenanigans. If you recall, Lenovo was busted for stealthily installing adware on consumer laptops. Worse, the Superfish adware in question opened up all Lenovo customers to man-in-the-middle attacks by faking the encryption certificate for every HTTPS-protected site customers visited. When pressed, Lenovo idiotically denied there was any security threat introduced by faking encryption certs solely for the sake of pushing ads.

Lenovo's now under fire this week for reinstalling the company's bloatware on Lenovo laptops, even if customers have completed a fresh install of Windows. First noticed by an Ars Technica forum regular and confirmed by readers at Hacker News, as well as users over at Reddit, Lenovo appears to be hiding its crapware install in the laptop BIOS, so it gets installed even after fresh Windows installs:
"I had this happen to me a few weeks ago, on a new Lenovo laptop, doing a clean install with a new SSD, Win 8 DVD + wifi turned off. I couldn't understand how a Lenovo service was installed and running! Delete the file and it reappears on reboot. I've never seen anything like this before. Something to think about before buying Lenovo. I searched and found almost nothing about this, so it may be something they started doing in the last few months.
Apparently, Lenovo's using a Windows function called Microsoft Windows Platform Binary Table (WPBT), originally designed to help simplify the installation of proprietary drivers and anti-theft software (obviously since any smart thief would do a clean install relatively quickly after theft). Except in this case, Lenovo's using it as a method to force the laptop to phone home to Lenovo servers so adware can be installed.

Basically, before booting Windows, the Lenovo Service Engine (LSE) built into the laptop's firmware replaces Microsoft's copy of autochk.exe with Lenovo's version. Lenovo's version then ensures that LenovoUpdate.exe and LenovoCheck.exe are present in Windows' system32 directory, with full administrative rights. Lo and behold, you then get Lenovo crapware -- and a machine that phones home to Lenovo servers -- even if you think you've avoided such practices via what you incorrectly assumed was a truly clean OS install.

You'll be shocked to learn that this practice isn't particularly secure. Back in April, Security researcher Roel Schouwenberg found and reported that a buffer-overflow vulnerability in the LSE (not to mention insecure network transmission) could easily be exploited by hackers. Once Lenovo learned of the security risk, and likely received a wrist slap from Redmond for running afoul of Microsoft's security standards regarding WBPT, Lenovo very quietly backed away from the practice last June, then released tools for laptops and desktops to aid in the removal of the LSE.

Clearly, since users are only just in August realizing this problem exists, Lenovo did a wonderful job communicating the issue to its customers. Lenovo now says that any computer sold since June should not include this stealth crapware install mechanism, but somehow it still thought it was a great idea to employ this technology from between October 2014 and April of this year. While Microsoft's WPBT may be well-intentioned, it's also hard to see how it couldn't foresee the potential pitfalls of letting third parties use the BIOS to inject additional software into a fresh install (regardless of whatever "guidelines" they've belatedly attached).

Meanwhile, on the heels of the Superfish scandal, it's becoming pretty clear that customers who want actual control of the hardware they own might just want to steer clear of Lenovo until the company wises up.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: adware, bios, crapware, fresh install, malware, reinstall, thinkpads, windows
Companies: lenovo


Reader Comments

The First Word

customers who want actual control of the hardware they own

This is a great article because it gives a nice clear example of not only what corporate-level actors think of our privacy and security, but also just how opportunistically they will act when left to their own unregulated and profit-driven whims.

It leads me to ponder: between now and the future of armed AI battlebots kicking down doors instead of cops, what kind of future can we predict for implantable computing?

Lenovo's actions are a nice foreshadowing.

So are smart tv's that share your every spoken word with third parties.

So are advanced persistent threats in the hard drive mcu firmware(s) and unpatchable firmware vulnerabilities that affect nearly every USB memory stick in existence.

So is the hidden second operating system in every phone, the baseband OS.

So are the terms in the Windows 10 license agreement that obligate the user to agree to so many kinds of spying, automatic updating, and remote top-down command-and-control from big brother Microsoft.

For that matter, so are the ubiquitous, corporate-owned, proprietary and for-profit nature of the cell phone and internet network architectures. Why aren't corporations racing to embrace the Internet Of Things and the future beyond by designing an open, community-owned, peer routed and decentralized network architecture where all we will need to do to join is put up an antenna? Something that is free to join, neighborhood-centric, and useful for civic and community organising?

Its clear that if the hardware manufacturers are left to their own devices (pun intended), implanatable computing with a proprietary for-profit software-as-a-service unmoddable hardware locked proprietary baseband operating system, and advanced persistent spyware and adware in every BIOS and firmware will be the norm, and not some glaring exception.
—stimoceiver

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 13 Aug 2015 @ 6:59am

    How?

    How can anyone be stupid enough to buy anything from them at this point? I wouldn't trust them if they were selling a calculator, and I certainly wouldn't trust them with a computer.

    Forget 'stop buying until they wise up', after these last two stunts, people should stop buying from them permanently, as it's blatantly obvious they're not to be trusted.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 13 Aug 2015 @ 7:05am

      Re: How?

      That. I was considering Lenovo for my next notebook but they had themselves removed from the list in that superfish issue. Now they made sure they will never be an option in anything.

      link to this | view in chronology ]

      • icon
        Paul Renault (profile), 13 Aug 2015 @ 9:25am

        Re: Re: How?

        Make sure you let them know of your decision, eh.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 13 Aug 2015 @ 1:16pm

          Re: Re: Re: How?

          Not just them, but ALL of the other manufacturers as well. This is where you make examples of things like this.

          It needs to be a real fear for any company pulling shit like this to face going right the fuck out of business!

          link to this | view in chronology ]

        • icon
          Almost Anonymous (profile), 23 Nov 2015 @ 2:16pm

          Re: Re: Re: How?

          They are, with their wallets. This is the only language most corporations understand anyway.

          link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Aug 2015 @ 7:40am

      Re: How?

      This. Lenovo is on my "do not buy" list.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Aug 2015 @ 7:42am

      Re: How?

      How can anyone be stupid enough to buy anything from them at this point?
      Do you mean Lenovo or Microsoft here? It's Windows that has the non-optional feature to install crap from the firmware tables.

      link to this | view in chronology ]

      • icon
        Ninja (profile), 13 Aug 2015 @ 8:02am

        Re: Re: How?

        I pirate Windows when needed. I'd love to see stuff fully ported or at least well emulated on Linux. Wine is a good start.

        link to this | view in chronology ]

      • icon
        John Fenderson (profile), 13 Aug 2015 @ 8:28am

        Re: Re: How?

        And it's Lenovo who flagrantly abused that ability. It isn't always possible to avoid Windows (although I do my very best to). It is always possible to avoid Lenovo.

        link to this | view in chronology ]

        • identicon
          Pissedoff Vet, 10 Sep 2016 @ 6:23pm

          Re: Re: Re: How?

          It isn't always possible to avoid windows. How is that? I do not have any windows systems and have not since XP. Even then I just had an alternate disk drive to boot to. As I said I do not have anything MicroSnot on anything. I find it not only easy to live without MicroSnot but quite refreshing!

          link to this | view in chronology ]

      • identicon
        Pissedoff Vet, 10 Sep 2016 @ 6:16pm

        Re: Re: How?

        I personally will not buy Lenova and have not nor will I use anything MicroSnot. Bill Scrapes should be in jail.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Aug 2015 @ 9:21am

      Re: How?

      How? That's easy enough. They have a long history of fairly robust hardware, resulting in a solid reputation. Both system quality, and reputation have declined over the years, but it's not the sort of thing that vanishes overnight.

      link to this | view in chronology ]

      • icon
        That One Guy (profile), 13 Aug 2015 @ 1:58pm

        Re: Re: How?

        And? The highest quality hardware in the world doesn't mean squat if you can't trust it, and quite clearly if it's coming from them you can't. With actions like this, what little reputation they have should vanish overnight, as unless it's a reputation for being sleazy and treating their customers like crap, they clearly don't deserve it.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jun 2016 @ 7:54am

      Re: How?

      honestly was just looking at a lenovo laptop like 5 mins ago and then I stumbled upon the superfish articles. I was reminded that these companies do too much.

      link to this | view in chronology ]

    • identicon
      pissedoff vet, 10 Sep 2016 @ 6:13pm

      Re: How?

      I have not and will not ever buy Linova. I have many people ask me my opinion of laptops and tablets to buy. My only answer is to tell them what I have for my own use but the only strong recommendation I make is steer clear of Linova and Chrome anything. Period. Oh and definately do not use MicroSnot.

      link to this | view in chronology ]

  • icon
    Ninja (profile), 13 Aug 2015 @ 7:06am

    If it can be abused it will be abused it seems. How can we know NSA doesn't replace such firmware with something that meets their ends for instance? Or China intel? Or whoever? Seems it's an 'useful' feature that is not that useful after all.

    link to this | view in chronology ]

    • icon
      PaulT (profile), 13 Aug 2015 @ 7:41am

      Re:

      "If it can be abused it will be abused it seems."

      The law of unintended consequences. It may well be perfect useful for its intended purpose. But, supply a tool and some people will work out how to misuse it.

      The only mystery is how it's is a surprise to anybody that it was misused - or why Lenovo apparently believed that nobody would notice.

      link to this | view in chronology ]

      • icon
        Ben (profile), 13 Aug 2015 @ 9:07am

        Re: Re:

        But, supply a tool and some people will work out how to misuse it
        I think "use it differently" might be more appropriate -- it is the epitome of "hacking". Granted this case is an example of the "black" form of hacking; to paraphrase Hanover Fist: "They should be torn into itsy little pieces and buried alive."

        Lenovo has certainly earned a spot on my "do not buy" list.

        link to this | view in chronology ]

    • icon
      RalphieW (profile), 24 Nov 2015 @ 3:58pm

      Re:

      Nice try, FUDpacker. This is *Lenovo*- noonoe else has been caught red-handed TWICE doing this..

      but sure, anyone else *could* do this.

      IF you could cast your aspersions elsewhere while we discuss the greedy, arrogant Chinese company who's done this (again) *TWICE* in the space of 18 months. Eyeaaah, that'd be greeeeeat.

      link to this | view in chronology ]

      • identicon
        RalphieW's little buddy, 9 Aug 2016 @ 4:54am

        Re: Re:

        IF you could cast your aspersions elsewhere while we discuss the greedy, arrogant Chinese company who's done this (again) *TWICE* in the space of 18 months. Eyeaaah, that'd be greeeeeat.

        Yeah, please quit reminding people of all the times the government has been caught hacking into people's computers. Let's keep it focused on Lenovo. Eyeaaah, that'd be greeeeeat.

        link to this | view in chronology ]

        • identicon
          Pissedoff Vet, 10 Sep 2016 @ 6:49pm

          Re: Re: Re:

          I think you are failing to engage you're brain before running you're mouth.
          It's just Lenova this blog is about. There are others and they all should be nuked!
          I foolishly bought a nice little "USELESS' laptop. It has Chrome OS on it and it is UEFI locked. It is basically usless unless connected to the Internet. I dusted it off a couple months ago but I didn't turn it on. I have tried to talk to Google about unlocking UEFI so I can replace that useless Chrome OS piece of shit. NO luck. Any one know how to talk them into how to unlock it? NO! I thought not.

          link to this | view in chronology ]

  • identicon
    RightShark, 13 Aug 2015 @ 7:48am

    a question

    What happens if you wipe the Windows and install Linux?
    Do the crapware call-home programs still work?

    Not that I am now inclined to buy Lenovo for any reason.

    link to this | view in chronology ]

    • icon
      Karl Bode (profile), 13 Aug 2015 @ 7:55am

      Re: a question

      Since it relies on Microsoft's WPBT technology to replace autochk.exe I assume Linux should be fine.

      link to this | view in chronology ]

      • identicon
        Pissedoff Vet, 10 Sep 2016 @ 6:20pm

        Re: Re: a question

        Nope, many Linux packages allow this shit too. To answer you're question my old Panasonic Tough book has phone home seurity in the bios. I have it turned off but know for a fact if I installed MicroSnot Windows it will still run. I have yet to find any indiation that it runs on my version of Linux but I do see things making attempts to do thing I have blocked so my only gripe is the huge log files and I'm sure some slow down. Still looking. My log file is now over five million nine hundred lines and growing several lines per second.

        link to this | view in chronology ]

    • icon
      crade (profile), 13 Aug 2015 @ 8:17am

      Re: a question

      As far as I can tell, the actual execution of this code is in the windows software itself, after boot, so if you boot Linux or anything else it will probably never check or run anything in the WPBT.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 13 Aug 2015 @ 8:32am

        Re: Re: a question

        it will probably never check or run anything in the WPBT.

        WPBT tables, and other windows specific software constructs no longer apply when Linux is booted. To pull the same trick under Linux requires Linux specific software, and would have to deal with the variability of Linux, like different boot loaders. Windows provides a much more consistent execution environment than Linux, which relies more on source code portability.

        link to this | view in chronology ]

        • icon
          crade (profile), 13 Aug 2015 @ 9:28am

          Re: Re: Re: a question

          It would also be even more pointless in Linux than it is in windows.. Linux doesn't have the concept of software that is outside the User's control. If they implemented WPBT support, a hypothetical thief who installed a fresh Linux on the system could just not install the WPBT support part.

          link to this | view in chronology ]

    • identicon
      RD, 13 Aug 2015 @ 9:10am

      Re: a question

      "What happens if you wipe the Windows and install Linux? "

      You get reported for "piracy", naturally.

      link to this | view in chronology ]

    • icon
      Almost Anonymous (profile), 23 Nov 2015 @ 2:18pm

      Re: a question

      It's possible that the operating system is locked into Windows using UEFI Secure Boot. Just sayin'.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2015 @ 7:49am

    How about crossing over to Linux? I tried to work with Win 8/Win10 (hooray driver enforcement), but things like this confirm my suspicion of these shenanigans with Windows these companies pull. My question is who else is using BIOS similar to this? At least Lenovo's trick is shown the door when it attempts to hijack a fresh Linux install.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2015 @ 7:49am

    Duh! Lenovo is made in China!

    This is just the Junior Varsity warming up for the Big Game.

    Thanks, Microsoft, for making pwning so easy.

    link to this | view in chronology ]

  • icon
    scotts13 (profile), 13 Aug 2015 @ 8:15am

    Send this article

    Send this article to the people in government who think their much-wanted "backdoor into everything" will never be abused. They won't understand, but at least you'll have done your due diligence.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 13 Aug 2015 @ 8:23am

      Don't give them ideas

      What makes you think they wouldn't support this method of slipping unwanted code into a system, whether the owner of the system knows it's there or not?

      'Delete everything and start with a fresh install in an attempt to try and ensure that the only programs on your machine are ones you chose yourself? Hah, no, soon as it boots it calls home and installs the backdoor code again.'

      link to this | view in chronology ]

  • identicon
    JustShutUpAndObey, 13 Aug 2015 @ 8:22am

    WPBT considered harmful to security

    I'm old enough to recall plugging in a physical ROM chip when I wanted to upgrade my BIOS. ROM is Read-ONLY-Memory. I could step through the ROM to examine it, and I could be certain nobody could re-write it.

    As usual, the modern world has traded away safety for a little more convenience

    link to this | view in chronology ]

    • icon
      tqk (profile), 13 Aug 2015 @ 9:28am

      Re: It's not just Lenovo

      After watching this slow motion trainwreck (Win 10) unfold, if you're in IT and proposing to update machines to Win 10, I'd have to wonder who you're actually working for. It's been quite a while since MS pulled such boneheaded crap and was still able to say and get away with, "What? What did we do wrong? This is supporting users. These are features they'll appreciate!"

      I suspect the Russian FSB, Israeli Mossad, and the NSA have all taken minority ownership positions in MS.

      link to this | view in chronology ]

  • icon
    Violynne (profile), 13 Aug 2015 @ 8:59am

    The anagram for "Lenovo" is "No Love".

    It's the corporation's secret motto.

    link to this | view in chronology ]

  • icon
    lars626 (profile), 13 Aug 2015 @ 9:05am

    All laptops?

    Did they pull this trick on the direct sale business models too or just the consumer ones? If they did this to GM or Ford or one of the big banks they could be facing a tsunami of legal action.

    Is there a way to pull this trick on a Linux machine?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Aug 2015 @ 10:15am

      Re: All laptops?

      This "trick" requires the cooperation of the operating system being used, so it's Windows-only. It is technically possible to add the required support into Linux, but the community would never accept such a change.

      link to this | view in chronology ]

    • identicon
      Pissedoff Vet, 10 Sep 2016 @ 6:24pm

      Re: All laptops?

      Yes!

      link to this | view in chronology ]

    • identicon
      Eric, 8 Dec 2016 @ 9:47pm

      Re: All laptops?

      Linux can't keep Intel Management Engine from running. Core 2 was last Intel CPU safe to use. AMD added management then too. IME is a computer in computer, able to phone home with data from any part of computer while main CPU is off.

      link to this | view in chronology ]

  • icon
    Phoenix84 (profile), 13 Aug 2015 @ 9:25am

    Thinkpad killed

    Lenovo has succeeded in killing the great Thinkpad line.
    I was afraid it was going to happen.
    I have a T500 (T61p before that), back when Lenovo just bought them from IBM.
    The thing is a workhorse, and still works great to this day (the T61p sadly succumbed to the bad nVidia chip of that era, T500 replaced it).
    The keyboard change was the first nail. This is the final.
    So ended an era.
    It will most likely be my last Thinkpad. Sadly there isn't much else of quality anymore either.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2015 @ 9:32am

    Stallman was right

    Every day the FSF's stances seem less and less extremist.

    https://www.fsf.org/campaigns/free-bios.html

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Aug 2015 @ 4:47pm

      Re: Stallman was right

      As I recall, it took a while for others to convince Stallman a free BIOS was important, as he had considered it basically hardware until that point (these were probably the pre-TPM/restricted-boot days). He doesn't seem fully conviced of the importance of free hardware designs yet, suggesting people wait for fabrication technology to improve before rejecting non-free hardware (whereas he declared non-free software unethical long before free-software-only systems were practical). Others such as the lowRISC project are working on it though.

      It may be worth noting, by the way, that it's not so difficult to grab an old system (one you don't mind bricking) and port Coreboot to it.

      link to this | view in chronology ]

  • icon
    stimoceiver (profile), 13 Aug 2015 @ 9:37am

    customers who want actual control of the hardware they own

    This is a great article because it gives a nice clear example of not only what corporate-level actors think of our privacy and security, but also just how opportunistically they will act when left to their own unregulated and profit-driven whims.

    It leads me to ponder: between now and the future of armed AI battlebots kicking down doors instead of cops, what kind of future can we predict for implantable computing?

    Lenovo's actions are a nice foreshadowing.

    So are smart tv's that share your every spoken word with third parties.

    So are advanced persistent threats in the hard drive mcu firmware(s) and unpatchable firmware vulnerabilities that affect nearly every USB memory stick in existence.

    So is the hidden second operating system in every phone, the baseband OS.

    So are the terms in the Windows 10 license agreement that obligate the user to agree to so many kinds of spying, automatic updating, and remote top-down command-and-control from big brother Microsoft.

    For that matter, so are the ubiquitous, corporate-owned, proprietary and for-profit nature of the cell phone and internet network architectures. Why aren't corporations racing to embrace the Internet Of Things and the future beyond by designing an open, community-owned, peer routed and decentralized network architecture where all we will need to do to join is put up an antenna? Something that is free to join, neighborhood-centric, and useful for civic and community organising?

    Its clear that if the hardware manufacturers are left to their own devices (pun intended), implanatable computing with a proprietary for-profit software-as-a-service unmoddable hardware locked proprietary baseband operating system, and advanced persistent spyware and adware in every BIOS and firmware will be the norm, and not some glaring exception.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2015 @ 9:44am

    I don't think it'd be much of a stretch to use something like this to prevent installation of a non-MS OS. Give it a few years.

    And considering how small memory chips are in things like flash drives, perhaps in the future, the OS would be preinstalled directly on the motherboard and cannot be overwritten. That'd spell the end of Linux (competition to M$ and a possible hindrance to Big Brother) in several years, after the gurus' old hardware becomes too old or breaks.

    Just something I've been thinking about lately.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Aug 2015 @ 10:18am

      Re:

      This trick couldn't be used to do that -- but the ability to prevent non-MS OS installs already exists in many modern machines: UEFI. Now that Microsoft no longer requires OEMs to provide a way to disable UEFI, look for an increasing number of systems that do this.

      link to this | view in chronology ]

    • identicon
      Pissedof Vet, 10 Sep 2016 @ 6:32pm

      Re:

      Think UEFI. You cannot replace the OS. Before I was UEFI aware I bought a great little lap top. Came with Google, Chrome OS. It is UEFI locked and I'm stuck with it. So it gathers dust. I would love to unlock UEFI so I an install a real OS on it. Chrome OS sucks big time. The device has a hard drive that is adequate to work but due to Chrome OS the whole thing is useless unless it is connected to the Internet.

      link to this | view in chronology ]

  • identicon
    Joel Coehoorn, 13 Aug 2015 @ 9:47am

    China

    Lenovo is a Chinese company. Given all of the recent government and corporate security breaches tied to the Chinese government over the last few years, how long until they get Lenovo to use a feature like this that acts as their espionage arm? They did it once; they can do it again. Even if (when) they caught again, by then it might not matter.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2015 @ 10:17am

    lenovo caught useing the NSA's toys.

    These capabilities exist on nearly all modern systems- they just aren't usually used in mass, or in ways that are otherwise easily detected.

    You've missed the story here Karl. There's an iceburg below the tip you just pointed out, one that TDs articals seam to obliviously run into again and again... All modern hardware is backdoored like this. Intel ME, Secureboot, TPM, UEFI...etc...

    Also- this type of attack absolutely works against linux, the injected software just has to be tailored to the target software environment; harder then windows, sure, but far from impossible.

    Ironically- gluglug's (old/reflashed) lenovo thinkpads are some of the only machines you can buy today that are imune to these types of subverstion/attack. So boycott new lenovo's, by all means, but if you want to support a solution to this catastrophic mess- buy a gluglug and support the libreboot team.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Aug 2015 @ 10:21am

      Re: lenovo caught useing the NSA's toys.

      "this type of attack absolutely works against linux"

      You've mixed together a bunch of technically very different attack vectors, so I'm not sure which one(s) you're talking about with this assertion.

      Assuming you're talking about the one the article is discussing, then no, this attack does not work against Linux. It requires the active support and cooperation of the operating system, and Linux does not provide the necessary support.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 13 Aug 2015 @ 1:15pm

        Re: Re: lenovo caught useing the NSA's toys.

        Seems like if you can get the right code into the bios/firmware, and know the target os, this should not be a problem.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 14 Aug 2015 @ 9:05am

          Re: Re: Re: lenovo caught useing the NSA's toys.

          The way this worked is that Windows actively looks for the code embedded in the BIOS, loads it, and executes it. This is a "feature" of Windows.

          Simply having the code in the BIOS (even if that code can execute under any OS) doesn't do anything at all. Something on the OS side of things must load and execute that code. Linux does not look for, load, or execute any such code and so is immune from this attack vector.

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Aug 2015 @ 10:42am

      Re: lenovo caught useing the NSA's toys.

      Linux and the similar BSDs, vary in all sorts of details, mainly under the users control, which includes variations in boot loaders, and init systems. Also, there are various file systems in use, all of which makes this sort of attack more difficult, and liable to failure on some installations of nominally the same operating system.

      link to this | view in chronology ]

  • identicon
    Matthew A. Sawtell, 13 Aug 2015 @ 10:56am

    So... how many folks here are not firm believers of following "the Bleeding Edge"?

    Show of hands without Band-Aids?

    link to this | view in chronology ]

    • identicon
      Anonymous Howard, 14 Aug 2015 @ 6:27am

      Re: So... how many folks here are not firm believers of following "the Bleeding Edge"?

      Hi!

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Sep 2016 @ 6:43pm

        Re: Re: So... how many folks here are not firm believers of following "the Bleeding Edge"?

        Here is my hand held up high. Band aids on all fingers.
        My most modern device is the old very first Panasonic Toughbook. It has a phone home security system in the BIOS. I have turned it off but all I can find about it says it works for them anyway. So I have every thing here goes through three routers with iptables on them as well as a Masqurade on each one. I am now the paranoid kid. I am not prejudiced at all. I trust no one.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2015 @ 10:57am

    Once a corporate develops this sort of mentality, it is best to stay away from them. The one thing they will understand is loss of profit. It's a long hard hoe back to trusting such a maker. They've shown their colors and I refuse to show them the color of my money because of it. They can promise the world but the damage is already done.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2015 @ 11:14am

    cant understand why the Lenovo bosses would want to do this sort of thing. i have an old Lenovo laptop running XP and it has to be the best laptop i've had. why they would want to piss customers off by doing or allowing to be done this crap doesn't make sense. i thought it had more respect for customers, unlike Sony, Microsoft and Apple, for example, who want to know the length of my foreskin and how many times i screwed the missus this week! looks like they've joined the class of 'Dont Trust The Bastards' now!

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Aug 2015 @ 11:38am

      Re:

      Lenovo thought its customers were so stupid that they'd never notice. They weren't far wrong -- look how long it took to get noticed.

      link to this | view in chronology ]

  • icon
    quadeddie (profile), 13 Aug 2015 @ 11:43am

    Run Fdisk.exe /MBR to clear everything.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Aug 2015 @ 11:47am

      Re:

      But that won't clear the firmware. As soon as you install Windows again, the malware will be back.

      link to this | view in chronology ]

  • icon
    383bigblock (profile), 13 Aug 2015 @ 11:46am

    Already flushed the toilet

    I've run into too much of this with Lenovo. We pulled the plug on all Lenovo's last year. We liked their M93P boxes for out on the manufacturing floor because of small footprint and wifi capable. Unfortunately, they have a bad habit of generating IPv6 broadcast storms basically shutting down the network. We traced the storms to several machines that didn't even have IPv6 enabled.

    Good Bye...so long. We only have about 350 users but that's 350 less Lenovo's. Someone needs to pull their head out of their asses otherwise they will lose all of their business customers.

    link to this | view in chronology ]

  • identicon
    Colin Bragg, 13 Aug 2015 @ 12:04pm

    Bad Press

    With bad press like this, it can only affect their sales. People will vote with their feet. Especially businesses

    link to this | view in chronology ]

    • icon
      crade (profile), 13 Aug 2015 @ 12:16pm

      Re: Bad Press

      Yep, but only because they got caught this time.

      link to this | view in chronology ]

    • icon
      Groaker (profile), 13 Aug 2015 @ 8:10pm

      Re: Bad Press

      I would be happy if they voted with their feet and wallets, but that is disticntly not within the human paradigm. Look at all the crap that companies have pulled that the user population just ignores.

      Sony is a great exemplar. Rootkits in audio material that take over a computer if you list to a legally purchased CD on your PC. Taking out capabilities that were touted as a reason for purchase (removal of Linux from a game console.)

      Companies that produce absolute garbage (MPAA and the RIAA) abuse the user and the law. And users are so hungry for crap they don't need, that they put up with it. Perhaps they all need to go to submissive school, and learn that it is the bottom who really holds the power.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2015 @ 8:30pm

    Why should they?

    It looks like Lenovo may not have learned much from February's Superfish shenanigans.

    Were the company's managers prosecuted? If not, then what they learned is that laws don't apply to them, so why should they care?

    link to this | view in chronology ]

    • identicon
      GEMont, 18 Aug 2015 @ 3:14pm

      Re: Why should they?

      Truth is, they may have been under contract to do exactly what they did, for law enforcement and the security state.

      Could have just been "shock testing" too.
      To see how the public would react.

      ---

      link to this | view in chronology ]

  • identicon
    cena energii, 23 Nov 2015 @ 5:43am

    Legend, of course, benefited from the low production costs that had foreign electronics manufacturers outsourcing their own production to China.

    Read more: http://www.referenceforbusiness.com/history2/52/Lenovo-Group-Ltd.html#ixzz3sK1cQ66i

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.