Lenovo pre-installed advertising malware on laptops

Microsoft has been doing a fairly decent job recently with IE10/11/…, I’m not sure it’s that evil anymore. (And I’m saying this as a web developer. Nowadays I’ve been building things, open them up in IE, and several times am surprised to find nothing I have to fix)

1 Like

[quote=“Red, post:19, topic:52183, full:true”]
When folks buy a ThinkPad are any of them aware of how much of their life they’re handing over to these folks?[/quote]
I thought that Superfish only came preinstalled on non-Thinkpad Lenovos - no?

You can try FreeCAD also. It can be kind of buggy in some corners, but the basic modeller works OK. I’m using it personally for quite a few smaller things…

1 Like

Exercise caution: reports vary as to whether removing the ‘superfish’(should really be ‘superphish’) component removes the malicious CA cert from the OS certificate store. That’s where the really ugly options come up.

1 Like

It doesn’t AFAIK. We had people at work running it through its paces.

1 Like

You know you can slipstream those required drivers (and Windows updates) onto a thumb drive or new DVD.

Yep but you have to track each of them down first. Lenovo has little interest in helping you do so.

1 Like

Hmm I might consider them for my next Linux system.

1 Like

What else to say, the singer himself notices significant audience identification with the issue.

3 Likes

See this thread on trying to install a Vanilla Windows:

https://news.ycombinator.com/item?id=9079575

Looks like some vendors are being a pain.

When I have done it in the past, though only VISTA/Win7 and limited to Dell machines I have not had an issue at all. The inbox drivers got everything working well enough to get the OS on and download specific drivers either from Dell or the specific hardware vendor. An old coworker who plays a bit more with the new OS thing had no issues with a vanilla USB stick win8 image. USB would probably be better as you can use it like a live Linux image and grab extra drivers there.

Looking at the Windows signature series ones they run from no cheaper than me going to say PugetSystems to some nice deals. I will keep them in mind when my current beast is ready for replacement.

I have not had that problem, but if that is the case, no, the system would not be clean. But, I was not intending to say there can be any level of real security assurance any system you buy is clean, and if I did imply that a little… I should not.

Because - Snowden, again - we know that at least the US Government has corrupted the supply chain of mainstream systems. We can pretty well extrapolate from that… this is likely common at the very least for larger nations which are known to be aggressive in intelligence. China would be right there with the US on that.

Only caveat might be is probably no one cares about you – not a “personal” “you”, but to anyone who can take that statement with some level of agreement.

I have access to every security bug for Firefox before we ship it during our six week update cycle. I don’t think I can adhere to that statement.

(That statement being one as a target…)

No, you most assuredly can not. (Though maybe that does feel good for someone else to say to you…lol… that is how I often feel, so I know the feeling. But maybe different there. And these days.)

I made my teeth in the industry finding browser bugs years ago. Back when writing papers about how intelligence agencies invariably would use browser based bugs and zero day bugs at that was something which people reacted to with extreme skepticism.

One reason I love working at such a normal, ‘not likely to be targeted thusly’ company these days. Same pay, far less stress.

Though always have been surprised at how I have evaded attacks, or not found myself much targeted.

[quote=“gurglegurglebangbang, post:54, topic:52183”]
I made my teeth in the industry finding browser bugs years ago. Back when writing papers about how intelligence agencies invariably would use browser based bugs and zero day bugs at that was something which people reacted to with extreme skepticism. [/quote]

Not anymore!

I had Windows 8 on my workstation not long after it was released, and soon after, installed Classic Shell. This got me in some trouble. I was having trouble accessing the printer on my floor of the building; after some investigation, I figured out it was because I was on the wrong subnet. So, I called our internal IT department, and they insisted on having a desktop support tech come look at my workstation, which he did on my day off. He then filed a complaint that he couldn’t find Control Panel because I’d installed some exotic software – i.e., Classic Shell, which pops up with a prominently featured button for Control Panel.

3 Likes

:smile:

That boat has long since sailed.

There is, of course, a lot which happens in the “app security” quarters which do remain quiet. One remains, when a nation is under attack, their counterintelligence who is in charge of such matters tends to be quiet on it. This, of course, is bad for corporations, because they may not be aware of what their government is. Though, when they report such intrusions, the investigative agency will knock it up to those groups.

A “for instance”, I have finally seen the “US Manhattan” project reported on in a mainstream news source, I think it was Wired. They date that to 1997. That mention, though, had been in the Google news archive since 1997. And the reality is they used to have a mention from even earlier, I think it was 1994 or so. Not sure if that mention remains in Lexis-Nexus or not.

I just mention because that boat sailed way before it was printed in the press.

1 Like

Not even Back Then, if you’d ask me. But then I was considered to be paranoid wide and far. Thanks to Snowden, I am not anymore; I even think I was not paranoid enough.

Oh the joys of dumb sysadmins.
Guess I am lucky enough to never have worked for a company too big to not make me a sysadmin in effect. Though that has its drawbacks too - the joys of users…
You cannot win.

It’s not a bad option, if you can find a machine with the specs you want. I should note that my experience on pricing is strictly in the Canadian store.

This topic was automatically closed after 5 days. New replies are no longer allowed.