FTC settles with Lenovo over selling laptops deliberately infected with Superfish spyware

Originally published at: https://boingboing.net/2017/09/07/depraved-indifference-or-malic.html


$3.5MM?! Lenovo is a $6.9BB company - basically a speeding ticket.


As part of the settlement, Lenovo was required to hand over control of the malware to the DHS.


Sounds reasonable. It seems to me that Lenovo wasn’t so much malicious as it was stupid here.

Settling with a large name brand that sells to businesses in bulk a thing that comes pre-bundled with horrifyingly bad spyware.

There is no settling or compromise. That is ‘we sold things that could cripple businesses that didn’t realize the problem existed and making people miserable.’ Then again this hits a huge button for me since i"ve been personally blamed every time the home computer or even the internet hiccuped so seeing a manufacturer that pre-bundled shit in the product getting a slap on the wrist just makes me go to not happy places where I wish to do violent things.

1 Like

$4.67 per infected laptop is not enough for being that stupid.

And I’m not sure three times is just stupid.


I’m not so skeptical. I’ve worked with marketing directors and if they see a way to get their low end laptops in the market at a competitive price point just by installing some software, get a free trip to some place nice, wined and dined, then you can bet they will jump at the chance to be pumped by a vendor and the chance to be seen as a hero for getting the device price point lowered. Unless there is someone who is security savvy who can put the breaks on the deal, it’s probably going to market.

This is also a terrible precedent to set when other manufacturers engage in similar practices.

1 Like

Meanwhile, Microsoft still hasn’t been penalized for making Windows 10 report everything back to the mothership.


When the stakes involve “bake an SSL MiTM rootkit into the firmware so that even a clean OS install won’t save you”(if memory serves they had something that silently overwrote the MS autochk.exe to bootstrap the reinstall on Win7; and moved to using a Platform Binary Table(incidentally an atrocious idea on Microsoft’s part for which they have never been adequately castigated) payload on Win8 and later) you are, at best, entering the zone where sufficiently advanced stupidity is indistinguishable from malice(along with a stiff helping of negligence); at worst the amount of effort involved fairly clearly precludes the merely stupid; and the implications of malice are catastrophic.

This was markedly worse than your garden variety vendor shitware in a number of respects.


Agreed. I’d say the Sony CD rootkit fiasco was very similar in many ways, as well.

“Accident,” my ass.

1 Like

So not stupid, just venal.

Fair enough. :slight_smile:

Maybe you’ve had the misfortune of having dealt with bloatware vendors add to their machines. They often do so to make supporting their product easier and cheaper on them or to “add value” which is code for reducing cost by being paid to install third party software. If it’s been a while, let me refresh your memory about the quality of the hardware suppliers software. It sucks. All of it. PC manufacturers are not software developers and it’s painfully obvious to anyone who has ever tried to use the crapp they vomit on to their systems. Third party applications on the other hand are usually the same product you might choose to download yourself.
Your position makes the assumption that Lenovo had even the slightest clue how this third party app actually functioned. Based on the level of software expertise displayed by Lenovo and pretty much every systems manufacturer out there, I’d say that’s giving them entirely too much credit.

That’s a good on Fuzzyfungus. I’m going to use it!

Not to mention that malice and stupidity aren’t mutually exclusive - and these days, malicious stupidity is all too common.

Better not say that too loud or the extremely pro business and anti consumer White House may take notice and deliver some unexpected budget cuts.

This topic was automatically closed after 5 days. New replies are no longer allowed.