back to article CAUGHT: Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS

Lenovo has sold laptops bundled with unremovable software that features a bonus exploitable security vulnerability. If the crapware is deleted, or the hard drive wiped and Windows reinstalled from scratch, the laptop's firmware will quietly and automatically reinstall Lenovo's software on the next boot-up. Built into the …

  1. Paul Crawford Silver badge

    When is a BIOS not a BIOS?

    When if it root-kitting you machine obviously.

    But the more serious question is why are open/replicable BIOS not more widely demanded? Are our gov departments happy to buy mass-market PCs with such crap-ware (or even foreign spyware) pre-installed? If not, what are they doing about it? When do we start to see contracts for gov PCs that demand open source BIOS without any shit-ware installed? Only then will there be enough of a commercial pressure for suppliers to make enough details available for reliable 3rd party BIOS to be used.

    1. thames

      Re: When is a BIOS not a BIOS?

      What you're looking for is called "coreboot". It is open source, it's GPL so vendors can't add some proprietary "extra sauce" without releasing the source (and therefore letting us know what they did), and it does the minimum necessary to boot the OS and then gets out of the way. If you just want to run Linux, then it can boot GRUB 2 directly without any BIOS or EFI, which will then boot your Linux distro. If you want to run an "other OS", then you can use a BIOS (Seabios) or EFI (TianoCore) equivalent, and then boot the OS via that mechanism.

      Ironically, the Coreboot web site says that it works on at least 10 models of Lenovo laptop and it ships as the standard firmware on a Lenovo Chromebook.

      I'm not a big fan of large complex firmware systems in PCs. Large complex software systems will inevitably have bugs and security holes, and PC hardware vendors are poorly placed to deal with them. I would rather they just booted the OS with a minimum of fuss and let it get on with things. The OS vendors at least are used to dealing with security problems and have established procedures and update channels.

      1. frank ly

        @thames Re: When is a BIOS not a BIOS?

        "It is open source, it's GPL so vendors can't add some proprietary "extra sauce" without releasing the source ..."

        In an ideal world, that is true. We live in a less than ideal one though. Nowadays I'd only feel 'safe' if I could strip and analyse it myself or rely on a trusted review by an independent organisation.

    2. TheVogon

      Re: When is a BIOS not a BIOS?

      Presumably GCHQ already have a custom version of this...

      We need a WPBT table viewer - anyone?

      1. psychonaut

        Re: When is a BIOS not a BIOS?

        "We need a WPBT table viewer - anyone?"

        http://rweverything.com/download/

        i use the above to get the win 8 key from the bios, but it has lots of other features. i dont know if it does what you want, but try it and see....i dont have a win 8 laptop at the mo to check...

        1. Anonymous Coward
          Anonymous Coward

          http://rweverything.com/download/

          Ahh.

          True this is about as safe a fully loaded MAC 10 in the hands of a school kid, or a C++ compiler in the hands of CS undergrad, but I quite like the option to cause unlimited mayhem.

          Thumbs up.

          1. psychonaut

            Re: http://rweverything.com/download/

            enjoy! i only use it in read mode....

        2. Anonymous Coward
          Anonymous Coward

          Re: When is a BIOS not a BIOS?

          "http://rweverything.com/download/

          i use the above to get the win 8 key from the bios, but it has lots of other features. i dont know if it does what you want, but try it and see....i dont have a win 8 laptop at the mo to check..."

          Arrgghhh!!!

          Friggin Bit9... I'm in IT. It's like they don't trust us...

          Bastards.

          1. psychonaut

            Re: When is a BIOS not a BIOS?

            you could put a new hard disk in it and build win 8, then use it...

            all the data you are after is in the bios after all....

    3. Anonymous Coward
      Anonymous Coward

      Re: When is a BIOS not a BIOS?

      That would require someone in Government who even understands what the problem is... no hope in UK then.... they are just a bunch of ignorant oldies who's kids use the internet... and who themselves think that IT is something to do with Candy Crush (played on ipads during work time).

      1. Ben Tasker

        Re: When is a BIOS not a BIOS?

        That would require someone in Government who even understands what the problem is... no hope in UK then.... they are just a bunch of ignorant oldies who's kids use the internet... and who themselves think that IT is something to do with Candy Crush (played on ipads during work time).

        And the Police are all stupid.....

        Generalising like that is incredibly dangerous, as it leads to deliberately underestimating a potential enemy/adversary. Yes, there are a lot of people in Politics and the Civil service that don't understand computers, just as the private sector is full of the same types of people, but working on the assumption that there's noone who understands is a bad idea.

        You can be reasonably sure that the types employed by GCHQ do understand this, and the potential risks/benefits it presents (depending on what your aim is...), and if CESG or similar make a recommendation against using such kit, most departments will likely (at least half) bear that in mind.

      2. F0rdPrefect

        "they are just a bunch of ignorant oldies"

        My experience is that it is the oldies in government IT who understand the problems, or at least are suspicious of the possible problems, while the youngsters are too gung ho and enthusiastic about new stuff to even think of the risks.

    4. Bob Vistakin
      Devil

      Googles "Don't be evil" motto

      Who did they have in mind when they coined this, again?

    5. Anonymous Coward
      Anonymous Coward

      Re: When is a BIOS not a BIOS?

      Thank god for "secure[sic] boot"

    6. JeffyPoooh
      Pint

      "Is it safe? Is it safe? Is it safe?"

      "Security (theater) Software" is dead.

      The game has moved into the 'hardware', which is chock-a-block full of other software. Layers and layers and yet more hidden layers.

      There is no solution.

  2. BillG
    Facepalm

    It's in China

    Lenovo's software also phones home to the Taiwanese giant details of the running system.

    Lenovo's commie headquarters is in Beijing. That's mainland Communist China, not the Constitutional Republic of Taiwan.

    1. diodesign (Written by Reg staff) Silver badge

      Re: It's in China

      "Lenovo's commie headquarters is in Beijing"

      Whoops – ok, fixed.

      C.

      1. BillG
        Thumb Up

        Re: It's in China

        Whoops – ok, fixed.

        Thumbs up for fixing it so fast!

  3. LaeMing
    Facepalm

    It's almost like...

    ...they /want/ to go out of business!

    The Lenovo brand is, with me at least, now synonymous with dodgyness and anyone willing using it will be treated with great suspicion (of at least their IT credentials).

    1. PleebSmash
      Joke

      Re: It's almost like...

      Yup, it's on to the next rootkitted adware-laden cheap laptop maker for me.

  4. Richard Wharram

    Windows only though

    No effect if blatted with Linux?

    1. Dr Paul Taylor

      Re: Windows only though

      This is a question. It would be useful to have a definite answer. Does disabling "secure boot", installing Linux from a USB stick and scrubbing M$ remove the Lenovo rootkit?

      1. admiraljkb

        Re: Windows only though

        @Dr Paul Taylor The rookit code would still be in the BIOS, but without the corresponding rootkit calling code in Microsoft Windows to execute it, it would lay dormant there.

    2. Dan 55 Silver badge

      Re: Windows only though

      Well it'll understand it's not NTFS and not do anything or it'll corrupt the drive. Same for BitLocker partitions too I would have thought.

      1. Dan 55 Silver badge

        Re: Windows only though

        Replying to my reply, that seems to be true for the Windows 7 autochk.exe method where the file is overwritten by the BIOS.

        The Windows 8 and 10 wpbbin.exe method can't be disabled and gets past BitLocker but as it's Windows 8/10 itself which gets the file from the BIOS and runs it. So it seems if you must use Windows 8/10 there's nothing you can do to stop it.

        The article seems to say the autochk.exe method and the wpbbin.exe method are part of one rootkit, but the autochk.exe method would be used by the BIOS if Windows 7 is detected and the wpbbin.exe method would be used by Windows 8/10 it checks the BIOS to see if this file is stored in it and if so writes it to the filesystem itself and runs it.

      2. Anonymous Coward
        Linux

        Re: Windows only though

        "Well it'll understand it's not NTFS and not do anything or it'll corrupt the drive. Same for BitLocker partitions too I would have thought."

        Are you sure? Anyway I get enough weird shit happening on my Gentoo powered lappy without holes being punched in /usr/bin by the BIOS.

        Funnily enough Lenovo laptops used to the darling of the Linux dev brigade due to the way they had a habit of just working. No more and I'm sure Lenovo's S&M dept are crying into their <whatever_they_drink_there>

        1. LaeMing
          Happy

          50 shades of fail.

          "I'm sure Lenovo's S&M dept are crying into their <whatever_they_drink_there>"

          Possibly they have become confused as to what the "S&M" in their dept. name stands for.

          1. Antonymous Coward
            Gimp

            Re: 50 shades of fail.

            >Possibly they have become confused as to what the "S&M" in their dept. name stands for.

            Empirical evidence would suggest they have a pretty firm grip on it

            1. Mpeler
              Paris Hilton

              Re: 50 shades of fail.

              Ahhh, so THAT's what Vendor Tie-In means.....

        2. James Pickett

          Re: Windows only though

          "Lenovo's S&M dept"

          They have one of those, too? Wow.

          (Having read down, I see I'm not the first to spot this. Must stay in more..)

        3. Fungus Bob
          Windows

          Re: Windows only though

          "Lenovo's S&M dept are crying into their <whatever_they_drink_there>"

          I'm sure they drink the same poo water Bill Gates does.

          https://twitter.com/BillGates/status/631602128574881792/photo/1

      3. Teiwaz

        Re: Windows only though

        Well it'll understand be confused it's not NTFS and not do anything or it'll corrupt the drive. Same for BitLocker partitions too I would have thought.

        This is more likely.

    3. bjr

      Re: Windows only though

      It can't effect Linux for several reasons, first it's looking for a Windows installation and it won't find one, second it's looking for an NTFS file system, it won't know what to do with EXT4, and finally windows binaries won't run on Linux except under WINE which they won't be using.

      1. Dan 55 Silver badge

        Re: Windows only though

        It could misunderstand ext4 as it tries to read it as NTFS and corrupt the filesystem if it's badly written.

        1. Nigel 11

          Re: Windows only though

          t could misunderstand ext4 as it tries to read it as NTFS and corrupt the filesystem if it's badly written.

          It could. Then your system would fail fsck after every boot (if it managed to boot at all). Then you'd send it back as having a defective hard disk. Then the replacement wouldn't work either. Then you'd demand a refund from your supplier as "goods not fit for purpose".

          They *might* try labelling it very clearly as usable with Windows only. At least then you'd know what not to buy. This is assuming that MS would allow use of their trademark in this way. Given their previous history with the EU authorities, I'd advise them against it.

          The greater risk would be if it shipped with a BIOS that understood Linux filesystems, and rootkitted them as well. Are we sure that they don't? Maybe it's time to start putting / on an encrypted FS even if you don't want /home to be on one!

          1. Dan 55 Silver badge

            Re: Windows only though

            I've been taught not to trust the filesystem detecting corruption but then again I use a Mac which has HFS+ which is a heap of crap... Only btrfs and zfs checksum files.

      2. saif

        Re: Windows only though

        I guess the probability s that most people who will buy a windows PC for a Linux install, will probably want to try and dual boot. Certainly this was what i had in mind when I tried to install Linux variants (e.g. Ubuntu) on a some budget Lenovo E50 desktops. No amount of tweak and configuration/boot repair would allow Linux to boot....the UEFI boot order would always revert to Windows boot first, unless I crippled the windows boot altogether.

      3. BlartVersenwaldIII

        Re: Windows only though

        Of course, there'd be nothing to stop lenovo or whoever adding an ext4 driver and a linux executable to their UEFI image so that they could compromise more than just windows. Just because it can't affect linux right now doesn't mean it won't eventually be co-opted by your friendly local UEFI supplier...

        Be interesting if anyone out there knows how easy it is to modify a UEFI image to shoehorn this stuff in. Are all UEFI images typically cryptographically signed?

    4. thames

      Re: Windows only though

      It's a standard MS Windows feature (Microsoft Windows Platform Binary Table) which Lenovo is making use of. The Lenovo software isn't loading itself. It simply sits in flash and lists itself as being available. MS Windows looks to see if it's there, and if so copies it onto the hard drive and executes it. It's an alternative to injecting the software directly into the install image. The documentation isn't clear, but I imagine that it was meant to allow enterprise IT staff to use their own generic Windows install images but still automatically provision the vendor specific stuff.

      If you installed Linux (e.g. Ubuntu) then the bits would simply sit there as there is no equivalent feature in Linux. The same obviously applies to BSD. It requires an active effort by the OS to load. The "rootkit" stories are a bit off target, in that it isn't something which is hidden from the OS. Rather it's a standard Windows feature which not many people were aware of.

      I would not be surprised if many other PC makers were doing the same thing, especially for their business oriented models. The only thing Lenovo may be doing is using it for more things than Microsoft had originally planned.

      Generally though, I think the feature was a bit of a bad idea by Microsoft to begin with. There's no guarantee that the software being loaded from the flash chips will be compatible with future versions of Windows, and there's no obvious provision for updating it when installing the new version of Windows. More than a few people would toss out the PC after scratching their heads for a while and then assuming there was some mysterious hardware incompatibility with Windows.

      1. J.Goodwin

        Re: Windows only though

        It's complimentary to the process that allows you to install windows onto major vendor laptops without a key (the vendor authorization keys are stored in the bios in a similar manner).

        Sounds like a well-intentioned feature that wasn't quite thought through properly. Another possible attack vector if you have physical access to the machine, and a really poor use of it by Lenovo.

      2. Joe Zeff
        Stop

        Re: Windows only though

        You do understand, don't you, that Ubuntu != Linux? In fact, if I were responsible for setting up a corporate system and was told to use Linux, Ubuntu would be one of my last choices, because of the need for regular updates. (Fedora, which I use at home, would be the very last choice because of its rapid-release cycle.) No, I'd take something like CentOS, so that I wouldn't have to worry about updates breaking things. Businesses need stability much, much more than they need to be running bleeding edge software.

        1. Teiwaz

          Re: Windows only though

          Re: Windows Ubuntu CentOS (apparently) only though

          @ Joe Zeff

          "Linux (e.g. Ubuntu)".

          'e.g' = abbreviation for exempli gratia: a Latin phrase that means "for example".

          I doubt you'll find a 'Reg' commentard that doesn't know Linux doesn't necessarily mean Ubuntu.

          And as for the O/T rant about updates...?

      3. Anonymous Coward
        Anonymous Coward

        @thames - Re: Windows only though

        Nothing is hidden from the OS, with a rootkit stuff is hidden from the end-user.

        1. Nigel 11

          Re: @thames - Windows only though

          Nothing is hidden from the OS, with a rootkit stuff is hidden from the end-user.

          Not true, if something has write access to the OS kernel copied into RAM before it is invoked. Which is exactly what a BIOS does have. It's even able to subvert the bootloader, which comes before the OS and which is equally capable of subverting any OS it loads.

          A simple example with non-malicious intent, would be to intercept disk IO operations and to cause any access above a nice round number to return an error as if the disk were that nice round number in size. This was actually used back in the days when disk manufacturers were playing sillybuggers shipping a 1002Mb drive that was bigger than a 1000Mb drive so if you bought a manufacturer X disk and used all its available capacity, you couldn't later replace it with a manufacturer Y "1Gb" disk. Of course, then manufacturer Y shipped a 1002.25Mb disk ....

          There's also Ring -1, the hypervisor, to consider in the case of Intel CPUs, though I'll accept that in this context you may use OS to refer to the hypervisor itself, not the OSes that it supervises.

          1. Mpeler
            Pint

            Re: @thames - Windows only though

            Hmmm.... couple this with the ring -2 issue from Intel and it sounds like a wild party for all.....

            Of course we mortal users are fscked......

            OK, I'll just go cry in my beer.... here, have one too.....

          2. Szifu

            Re: @thames - Windows only though

            There will be a tool in the most linux distributions that may in future act as the pendant to WPBT

            The from RedHat developed systemd has all needed functionality to hide everythink from user. When BIOS inject a function to load something from net, and this is function as a module of systemd....

            I think that 99.5% of users or admins will never find this.

            I don't trust systemd of its capability to hide or manipulate anythink between user, kernel, ipstack or drivers. It acts as a kraken. I will back to init.d to protect my systems from this crap.

      4. launcap Silver badge

        Re: Windows only though

        > I think the feature was a bit of a bad idea by Microsoft to begin with.

        I suspect it's also the first step in Microsoft trying to provide the facility that Mac machines have - the ability for a bare-metal machine to do a full install from Apple via the Internet.

        Of course, Apple has much tighter control over the hardware and firmware - Microsoft would have to trust that the OEM does a good job of making sure that all the relevent h/w drivers are also present to allow the machine to connect. And we all know how fully trustable the OEMs are eh?

        1. Dan 55 Silver badge

          Re: Windows only though

          It's not for online Windows installation, if your Windows installation is hosed it's never going to get to the stage of executing the file held in the BIOS.

      5. Woodnag

        Re: Windows only though

        So is there a patch for WinX to stop the BIOS being tested and executed?

        Then could install Win with the machine internet-free, patch it, then connect and do the post-install upgrades.

      6. x 7

        Re: Windows only though

        The interesting question is.....how were Lenovo going to install any future driver or software updates? Presumably any subsequent updates would be overwritten and rolled back by the BIOS injection

      7. Anonymous Coward
        Anonymous Coward

        Re: Windows only though

        > More than a few people would toss out the PC after scratching their heads for a while and then assuming there was some mysterious hardware incompatibility with Windows.

        Which would be just awful for Microsoft. They would have to be bothered to sell more licenses to the OEMs for all those replacement machines, which would certainly seem to be a bit of a hassle. I'm certain that if Microsoft was made aware that some OS (mis)feature could possibly result in early obsolescence they would be quite careful in considering its inclusion.

    5. Anonymous Coward
      Anonymous Coward

      Re: Windows only though

      No effect if blatted with Linux?

      Possibly not, I wonder if said LSE could be hijacked to prevent a future installation of Windows, i.e. like what some crim might do if they stole said laptop.

      They steal machine, try to install Windows, Windows grabs tainted blob, blob executes and then wipes the Windows installation and puts Linux back on.

  5. Destroy All Monsters Silver badge
    Mushroom

    This is the year of the crapocalypse

    LENOVO.... OUT!

    Built into the firmware on the laptops' motherboard is a piece of code called the Lenovo Service Engine (LSE). If Windows 7 or 8 is installed, LSE is executed before Windows is launched.

    Presumably, if Windows 10 is installed, YOU are executed before Windows is launched.

  6. x 7

    " If Windows 7 or 8 is installed, LSE is executed before Windows is launched."

    Strange then that the removal tool you linked to is for Win8.1 and Win10

    1. diodesign (Written by Reg staff) Silver badge

      Re: x 7

      "Strange then that the removal tool you linked to is for Win8.1 and Win10"

      Ah yeah, if it's Windows 7+ installed then yadda-yadda. I've tweaked the article.

      C.

      1. Fred Flintstone Gold badge
        Joke

        Re: x 7

        Ah yeah, if it's Windows 7+ installed then yadda-yadda. I've tweaked the article.

        Any more tweaking of that article and we'll have to call it Windows 10 compatible on account of all the patching :)

        1. Mpeler
          Windows

          Re: x 7

          And it's not even Tuesday....they'll be back in a, erm, flash.....

  7. Nathan 13

    Avoid

    They are an evil company!

    1. Anonymous Coward
      Anonymous Coward

      Re: Avoid

      No, its worse than that, they're incompetent!

      1. Anonymous Coward
        Anonymous Coward

        @AC - Re: Avoid

        Worse, they're incompetent AND evil.

        1. Ashton Black

          Re: @AC - Avoid

          To be fair, I'd rather have incompetent and evil, rather then competent and evil. The latter guys run the world, the former tend to suffer from the Dunning–Kruger effect.

      2. Steve Davies 3 Silver badge

        Re: Avoid

        Are you talking about Microsoft for having this facility in the first place

        or

        Lenovo for using it?

        Both?

        Then yes, one is stupid and one is Evil. you choose which label applies to which company....

  8. Mark 85

    I would hope that this will finally kill off Lenovo in the corporate environment.. but it probably won't. Too many old school types still think of their equipment as being IBM. And then there's price and the bottom line thinking.

  9. TrevorH

    Lenovo are not the only ones apparently

    http://www.securityfocus.com/archive/1/536181/30/0/threaded mentions HP and if two of the major vendors are at it then I'd not be that surprised to find more of them at it too.

    1. Mpeler
      Pirate

      Re: Lenovo are not the only ones apparently

      Anyone remember TopTools? PC-COE?

      All your BIOS are belong to us.....

  10. Dan 55 Silver badge
    Devil

    But, but, they promised to make an new old-style Thinkpad that was really cool...

    That'll learn you to drool after shiny things. If it's Lenovo, it's evil.

    1. x 7

      Re: But, but, they promised to make an new old-style Thinkpad that was really cool...

      "If it's Lenovo, it's evil."

      "If it's Lenovo, it's Chinese" is more accurate. Same thing, better way of saying it

      1. Mpeler
        Paris Hilton

        Re: But, but, they promised to make an new old-style Thinkpad that was really cool...

        Have to change the name from Lenovo to Le No-No ...

        Paris, well, because...

  11. Anonymous Coward
    Anonymous Coward

    Was going to buy a new one...

    now i'm off to CEX to get a 2012 Fujitsu.

  12. Chronos

    The elephant in the room

    As if MS need any more bad publicity, they actually have a "standard" mechanism for doing this. Lenovo are the ones who got caught using it. I'll be very surprised if others aren't being a bit more sneaky rather than being more ethical.

  13. Mage Silver badge
    Devil

    BIOS

    Should be Open Source, and replaceable.

    Also write protected with a physical jumper link.

    1. Anonymous Coward
      Anonymous Coward

      Re: BIOS

      Also write protected with a physical jumper link.

      Amen, but that should IMHO be a basic option for *anything* with firmware. I agree that that is not always workable in an Enterprise environment, but if *you* can remotely change something it takes a lot of security to prevent someone else from doing the same.

  14. sad_loser
    Black Helicopters

    Belkin

    I never buy Belkin products because they did something relatively benign (router inserted ads over your html pages) a long time ago.

    It is the Pinto Memo problem.

    https://en.wikipedia.org/wiki/Ford_Pinto

    It is not just that someone has done something bad to their customers, but they have calculated the risk of being found out / it going wrong and they have still done it !

    Commercial suicide in the internet age

    1. DanielN

      Re: Belkin

      Speaking of commercial suicide in the Internet age, has FTDI been prosecuted yet for rigging their USB driver to destroy competitor's equipment?

      1. Mpeler
        Unhappy

        Re: Belkin

        That would be bricking counterfeit products, i.e. responding to IP theft.

        Not an elegant solution, however. Again, the end user ends up getting it in the end, so to speak.

        Apparently they now have a "kinder, gentler" way of notifying users that they've got dodgy kit.

        Another case of the law of unintended consequences.

    2. James Pickett

      Re: Belkin/Pinto

      Never bought a Ford since. Not that that was a particular hardship.. :-)

      1. Nigel 11

        Re: Belkin/Pinto

        Never bought a Ford since. Not that that was a particular hardship

        Actually they're making pretty good cars these days. Next car I might consider letting them off my don't-buy list. Though probably only to end up with something made by VAG on its perceived merits.

        1. Alan Brown Silver badge
          FAIL

          Re: Belkin/Pinto

          "end up with something made by VAG on its perceived merits."

          Like the engine control computer in the bottom of the passenger footwell - where it's particularly susceptable to water pooling for any reason (leaky windscreen, heater matrix leak, or something as simple as leaving the windows open and getting rained on.)

          Yes really.

  15. Anonymous Coward
    Anonymous Coward

    Prosecute 'em now

    Severely, and with extreme prejudice.

  16. Anonymous Coward
    Facepalm

    And another name to add to the 'Sony' list..

    1. Nigel 11

      And another name to add to the 'Sony' list..

      Lenovo, or Microsoft? It appears from the above discussion, that Microsoft provided the enabling technology, and Lenovo merely used it. I know which I think is the greater evil incompetence.

  17. Anonymous Coward
    Linux

    Fanbois can stop smirking

    ... and the same for anyone with a smartphone, although you'll need to wipe the stock ROM and put in something else.

    One day I'll see a directory called /usr/System32 on my fs and think "well they could at least follow the LSB and put it in /opt (or /var/opt or /usr/local/opt or something), and what's with the 32 anyway - this is a fully 64 bit system, including me wine prefix"

  18. Graham Cobb Silver badge

    Microsoft are the real problem here

    Why on earth didn't Microsoft require the "platform" vendors to incorporate a BIOS switch to control use of this feature? Of course, that removes the "anti-theft" justification but it allows any other legitimate use to still work. Users who want/need the Lenovo stuff will leave the feature enabled, people who want all trace of Lenovo software removed will turn it off.

    The question in my mind is how many other similar features are lurking, undocumented for use by spy agencies. It seems quite likely to me that there is a duplicate capability to this one for loading another boot-time program, which even the manufacturers don't know about!

  19. thomas k

    Co-incidience?

    We just got our triennial hardware upgrades at work and, instead of Lenovos like last refresh, we got HPs.

    1. tacitust

      Re: Co-incidience?

      Almost certainly your company got a better deal from HP, nothing else.

    2. Anonymous Coward
      Unhappy

      Re: Co-incidience?

      "... we got HPs."

      I'm afraid your journey from frying pan to fire will be as miserable as the destination.

  20. Charles Manning

    If enough care...

    Stallman is wrong. They don't take our computers away from us, we hand the computers over to them.

    It's no different to saying McDonalds force you to eat rubbish food. Don't like it? Don't buy it!

    Don't like what Microsoft or Lenovo sell you? Stop buying their crap!

    Microsoft are getting desperate to cling to their customers. They still see the customers as their property though. When people stop buying their software they will have to eventually sit up and notice.

    This abusive co-dependent relationship between MS and the customers is painful to watch. There are very, very few people in most organisations that require Windows for their work. Sure, there are some special packages that need Windows, but they're less and less.

    Most people in most organisations just need basic word processing and a web browser. How about migrating them to Linux? Sure, there will be a few that need Windows too, but if 50% or an organisation can shift off Windows, MS will start getting the message Loud And Clear.

    1. Iain Cognito

      Re: If enough care...

      Unfortunately many, many organizations are addicted to MS Exchange and Outlook. There are some brave ones that try to go the FOSS route. Notably some local authorities. But you can bet their users gripe continuously about not being able to use "that e-mail program".

    2. Alan Brown Silver badge

      Re: If enough care...

      It used to be that 95% of our support effort went towards the 30% of users with windows systems.

      Now it's 80%, with 15% going towards the 5% with Macs.

      Users on desktop linux systems don't require much support and when they do, the fixes are usually easy (filling /home and losing desktop settings is the most common complaint)

  21. Doctor Syntax Silver badge

    It's going to get worse

    Look at what this numpty is advocating: http://arstechnica.com/information-technology/2015/08/its-time-for-pc-companies-to-copy-one-of-apples-best-features/ and the first company he lists as this being a good idea for is Lenovo!

  22. Franklin

    "We've asked Microsoft to explain the thinking behind its WPBT feature."

    Objection, Your Honor. Assumes facts not in evidence. Are you sure "thinking" was what the people who came up with this 'feature' were doing?

  23. Anonymous Coward
    Big Brother

    The PLA powns you!

  24. Tannin

    Bit of a shame most of you can't read

    Bit of a shame most of you can't read. As with (almost) all of the recent Lenovo fails, it does not apply to Thinkpads, only the el-cheapo "Lenovo" branded kit.

    There was one batch of cheap(ish) consumer-grade Thinkpads that had a completely different embuggerance a year or so ago, but that was the only one and it's long gone.

    Lenovo bought the entire IBM PC company, remember, including the R&D people, the management, everything, and although that was quite a while ago now, the Thinkpad operation still runs much the same way that it always has. (I.e., with that same extraordinary mix of brilliant engineering and stupid bureaucratic bungles which has made us laugh and made us cry for decades.) Presumably the business-oriented Think-branded desktop line also, though nobody much outside certain enterprises would care about that too much 'coz not many people buy them, or indeed any other name-brand desktop. Why would you?

    1. This post has been deleted by its author

      1. Tannin

        Re: Bit of a shame most of you can't read

        Quite so, 1980s coder. Just in case you missed it (from your reply I'm unsure) my "nobody cares much outside the enterprise" remark was directed at the Think-branded desktop products, not the much-loved Thinkpad laptops.

    2. OliverJ

      Re: Bit of a shame most of you can't read

      So, your logic is that it is okay to buy a Thinkpad - thereby supporting Lenovo, of which Thinkpad is now, sadly, a kind of product line for people who have fond memories of the good old time - because the specific piece of hardware they have given *you* isn't FUBAR like the majority of stuff they sold?

    3. Anonymous Coward
      Anonymous Coward

      Re: Bit of a shame most of you can't read

      "As with (almost) all of the recent Lenovo fails, it does not apply to Thinkpads, only the el-cheapo "Lenovo" branded kit."

      I almost agree with you but who has verified it really is so?

      It's obvious that Lenovo will lie about it anyway so their statements aren't worth anything at all.

  25. Jamie Jones Silver badge
    Thumb Down

    Anorher Chinese firm...

    I've been evaluating the budget Q8H_HD Android tablet, and it's actually a lovely piece of kit for under 30 quid.

    However, it comes preinstalled with a hobbled browser that hard codes their search engine referral-url (to ask.com .... no surprises there) and home page, and also a utility that regularly phones home with a bunch of details, hardware id, google account details, and receives instructions for new apps to update/install, and those to delete (trend micro anti-virus) is on the list.

    Worse, it's been flashed into the firmware to reinstall itself if deleted, requiring a complete reflash to remove (fortunately there are ways to disable it without reflashing)

    Relatively benign at the moment, but basically a root-kit, especially as the Linode-hosted C&C servers are accesed over unencrypted http using non-DNSSEC dns entries...

    I'm still not sure whether it's the shop, the distributer, or the manufacturer who is responsible for this, but like Sony, and now Lenovo (for the second time) it's yet another company doing stuff that would get an individual doing the same a custodial sentence

  26. Chairo
    Big Brother

    You thought it is yours

    just because you paid for it and carried it out of the shop?

    Silly you!

  27. ps2os2

    Lenovo and IBM split

    When Lenovo left the IBM "umbrella" I was afraid something like this would happen. I have warned clients to stay away from Lenovo and now I can gloat.

    Suckers!

  28. Damon Hastings

    Did I hear someone say...

    LINUX!!! :-)

    1. Ken Hagan Gold badge

      Re: Did I hear someone say...

      I don't think you did, so I'll say it for you.

      For many users, the smart way to use a computer now is to install Linux on the bare metal and run Windows in a VM. Modern CPUs make virtualisation quite efficient, so you won't notice the performance hit. All your USB devices will continue to work, because virtualising USB is pretty easy. The more paranoid viruses will detect the VM and try a different victim. (You have the option of doing your browsing and email on Linux anyway.) Backing up your entire Windows configuration is as simple as copying the system drive image. Windows will sit upon a limited and old-fashioned (virtual) BIOS rather than this modern compromised rubbish.

      I accept that this won't appeal to gamers or to the average user who would struggle to set up such a system. However, it makes a lot of sense for corporate systems, where neither objection is valid.

      1. fajensen

        Re: Did I hear someone say...

        For many users, the smart way to use a computer now is to install Linux on the bare metal and run Windows in a VM.

        Shhhhh!

        The Very Next Thing that the Bright Young Things(tm) at Lenovo and HP will do is to place a hypervisor in the BIOS itself, so, we boot up directly into the matrix. Their crap/spy -ware of course runs inside the hypervisor in "Ring < 0" so the OS and any bootable ROM image can totally forget about doing anything around the tentacles fondling the data!

  29. Medixstiff

    So I guess we better check thier mobile phones too

    To see if they have a similar rootkit that records everything and sends it back to HQ too

    1. Nigel 11

      Re: So I guess we better check thier mobile phones too

      To see if they have a similar rootkit that records everything and sends it back to HQ too

      Would I care (just as long as they hid the cost of the bandwidth on someone else's budget). I mean, GCHQ is almost certainly recording everything we say into our phones already. I worry rather more about what our government does with those recordings, than anything that China's governmernt might.

      (Might be different in wartime, but what are the chances such a war wouldn't be over in days and end with MAD? )

  30. MacroRodent

    Been looking for a replacement laptop for the living room...

    but after this and the earlier security fiasco, it will not be a Lenovo, even if I got one for free. (I will probably get another HP).

    What on Earth were they thinking?

  31. oneeye

    Chinese backdoors keep appearing!

    Amazing! These persistent attempts to backdoor Chinese hardware/software are NO accident. But no one seems to want to listen or act on this news. My belief is these companies are doing,or attempting to do things at the behest if their government. Thank God there are people catching them in the act. I wonder what kind of funny business is going on in other Chinese manufacturing plants,and if they are tinkering with the firmware and or software of even Apple's phones?

  32. TonyJ

    I said this!

    This is exactly what I said, when their abhorrent fake certificates and data trawling was made public...just what were they baking into their hardware. Guess we have at least part of an answer.

  33. OliverJ
    Black Helicopters

    The Redmond giant was not available for immediate comment.

    "We forwarded your request to our superiors in Fort Meade. We will return to your question as soon as we've been told what to say."

    1. Ken Hagan Gold badge

      Re: The Redmond giant was not available for immediate comment.

      Well that's fine but Fort Meade's mission statement is supposed to include protecting US citizens from external threats. Providing the Chinese with a digitally signed rootkit installer would appear to be difficult to reconcile with that objective.

      1. Anonymous Coward
        Anonymous Coward

        Re: The Redmond giant was not available for immediate comment.

        Stop being so cynical, they do want to answer but their PC is stuck in some boot loop since upgrading to 10.

  34. Joey M0usepad Silver badge

    If you encrypt the drive then surely the bios cant fuck with it before system boot?

    1. This post has been deleted by its author

      1. Joey M0usepad Silver badge

        ah , gotcha.

        maybe someway of removing / disabling that Wxxx acryonm thingy them

        1. Solmyr ibn Wali Barad

          There is no known way to disable WPBT. Except for avoiding W8, W10, and post-2011 UEFI versions. Which is not always easy.

          seclists.org/bugtraq/2015/Aug/55

          http://go.microsoft.com/fwlink/p/?LinkId=234840

          As for Lenovo's ill-conceived LSE (basically an extension on top of WPBT),there are UEFI updates available to disable it.

          support.lenovo.com/gb/en/product_security/lse_bios_notebook

          Note: no Thinkpads on the list. Only consumer-oriented shinies. Newer Thinkpads may also stink, but for entirely different reasons.

  35. OliverJ

    Document history

    The document history of the linked webpage describing WPBT is also very instructive ...

    November 29, 2011

    First publication

    July 8, 2015, 2015

    Revision to include security guidance and requirements

  36. Hans 1

    From http://seclists.org/bugtraq/2015/Aug/44

    It is not possible to disable this functionality. If you can gain access to the BIOS, you can inject code into the Windows boot sequence using the documentation linked above. The BIOS delivered PE code is not countersigned by Microsoft.

    Microsoft say: "If partners intentionally or unintentionally introduce malware or unwanted software though the WPBT, Microsoft may remove such software through the use of antimalware software. Software that is determined to be malicious may be subject to immediate removal without notice."

    However, you are relying on Microsoft being aware of attacks. Since the code is executed in memory and not written to disk prior to activation, Windows Defender does not even scan the executed code.

    1. Ken Hagan Gold badge

      "The BIOS delivered PE code is not countersigned by Microsoft."

      That would appear to imply that MS have not implemented the boot-time kernel signing requirement properly.

      1. Anonymous Coward
        Holmes

        Surprise fucking surprise...

  37. Unicornpiss
    Thumb Down

    For Shame.

    They should have known better than this. How could they think they could do something like this and not be lambasted? Or that it somehow wouldn't be discovered? Delusional management I guess.

    It will take a long time for their reputation to recover from this.

  38. Anonymous Coward
    Anonymous Coward

    Microsoft say: "If partners intentionally or unintentionally introduce malware or unwanted software though the WPBT, Microsoft may remove such software through the use of antimalware software. Software that is determined to be malicious may be subject to immediate removal without notice."

    So that's why you have to download MS anti-malware every single week. I wonder what they have already disabled?

  39. jason 7

    One day they 'may' learn...

    ...that old phrase - Less is more.

    The less you have on your computer the more secure it could be.

    I'd also love to see the return of the 'custom install' feature too. It's so nice to be able to go through and untick 75% of the added junk I don't need.

  40. Loyal Commenter Silver badge

    Well it's perfectly clear to me

    The Chinese Ministry of State Security would never use this as a targeted backdoor to exploit specific machines by, for instance, injecting alternative versions of driver code onto specific machines when they 'phone home'. Never.

  41. John Munyard

    You know occasionally you read an article in the press that really makes you question the intelligence of people who really should know better.

    This is one of those events. Reading other articles in ElReg regarding Lenovo's current financial worries in what is clearly a very difficult financial climate for PC and Laptop sales, you would think that ruining the trust of your brand by going to such lengths to install covert and un-removable adware as this would be inconceivable and yet here we are.

    Any self respecting intelligent person reading this is just never ever going to buy Lenovo product again(if they ever did!). The company has put a gun to it's temple and pulled the trigger. Goodbye Lenovo.

  42. Amorous Cowherder
    Facepalm

    FFS!

    If Windows is dragging this sort of shit out of the firmware, it's going to make Windows more unstable as time goes on. Software on any platform needs patching every so often, this cackware sitting in the bios is never going to get patched and as Windows gets patched and upgraded over time the WPBT will constantly keep dragging out this old cackware and running it every time at startup!

    1. Mpeler
      Pint

      Re: FFS!

      Yep, time to flush flash - there must be a way to get that M$ routine to just disappear (as opposed to looking off into nowhere, or somewhere "special" - I'm sure HSA, GCHQ, and the rest of the TLA's have that sorted already).....

      Another case of "eversomuchmoreso" - isn't (cf Homer Price).

    2. d3vy

      Re: FFS!

      One of us may have misunderstood (I accept it may be me) but I was under the impression that its not windows doing it.

      The lenovo software hidden in the BIOS is scanning the drive when the machine boots and replacing a core windows file with its own version of the file *BEFORE BOOT* the pc then boots up and executes the replaced exe as it is part of the normal start up process...

      MS could do something about this, checking the file before execution and replacing it with a known good copy etc but realistically lenovo just shouldn't have done it in the first place..

  43. d3vy

    Having just bought a Yoga2 Pro (Its half the price of the 3 and not much slower!) I was really pissed off to find that I cant upgrade the wifi card because there is a list of "Approved" cards in the BIOS.

    Even getting an approved one does not guarantee it will work, from what I can tell they have locked it down to a specific batch of a specific model of card. For no reason that I can think of.. unless they have a deal with Intel.

    It wouldnt be an issue but the card that comes in the latpop is a bit pants (12mb/s on speedtest.net on new laptop 60mb/s on old one)

    1. Salts

      d3vy,

      HP used to do the same, not sure they still do, at least with my older HP elitebook and old lenovo I can and have removed the whitelist. But really the thinking behind this is bad for consumer stuff, I can see how in an enterprise you want the stuff locked down to just a few FRU's for support reasons but being able to disable a whitelist as a bios option should exist, thus giving the user a choice, just put a note in saying no support exists if this is used.

    2. Anonymous Coward
      Anonymous Coward

      Re. dodgy wifi

      @ d3vy

      I had the same problem on my HP 1100 netbook, no other card works.

      Take out the card, put it in other machine and all fine BUT it won't even work with a card from another HP of similar age.

      Someone should complain to the EU about this, surely we have grounds for a reverse class action suit.

  44. Rick Giles
    Linux

    And Microsoft had such (naively) high hopes...

    ...for Secure Boot.

    They need to quit fucking around and just make their own GUI for Linux.

  45. Captain Badmouth

    Linux v Windows

    The reason the average user won't swap to Linux is the difficulty of finding drivers for their peripherals. Printers for example - most printers currently available for the home market are winprinters and finding a linux driver that works is very difficult. As for virtual enviroments, did I mention average user?

    1. Peter Gathercole Silver badge

      Re: Linux v Windows @Badmouth

      I think that you need to look at more hardware, and maybe more recent Linux distros. The days of having to compile everything up from source are long gone.

      I run everything from GDI printers, through HP, Epson and Brother, and although there are some problems, if you're using a fairly mainstream distro, many, many printers have local page-imaging support in CUPS and Gutenprint for many so-called winprinters, and even the most obnoxious printers often have some support from the manufacturers for Linux.

      The worst I've come across recently was the GDI HP LaserJet 1000 (ancient, purchased from a car-boot for a very specific job), which eventually worked when I used an installation script from the HP support site that adds a special USB driver to the kernel, and then configures CUPS to raterise the pages in the correct format.

      Thankfully, the worst offender (Lexmark) have left SOHO market, and their business oriented printers understand PostScript and PCL5e and later, so work pretty much out of the box with generic drivers that ship with all Linuxes.

      Other than bleeding-edge devices, most hardware things work without installing drivers (or even putting a driver disk in). There is niche hardware, of course, but I would say that more and more, hardware vendors are learning that they cannot ignore Linux, and often the support that they write for OSX can be adapted relatively easily for Linux.

      For run-of-the-mill hardware that you find in most consumer computers nowadays, it is much easier to do a vanilla installation of Linux than it is to do the same with generic Windows installation media. Windows users rely very heavily on the vendor tweaked installation media. If they actually had to do it from Microsoft supplied generic media, they would discover a new world of pain, especially if the network hardware in their machine is not recognised by the standard Windows drivers (as was the case on the last two PC's I most recently built).

    2. James O'Shea

      Re: Linux v Windows

      "most printers currently available for the home market are winprinters"

      Errm.... you sure about that? [looks at assorted Brother, Epson, and HP printers, inkjets, lasers, even a dot-matrix, and not a one of them is a 'winprinter', if only 'cause every one works with Macs.]

      "finding a linux driver that works is very difficult"

      That depends on the driver and the distro. In many (not all) cases, if the printer has a properly done Mac driver which is compatible with CUPS you can get it to work with some (not all) Linux distros. http://www.linuxfoundation.org/collaborate/workgroups/openprinting/database/cupsdocumentation The boys at Gutenprint http://gimp-print.sourceforge.net/ cover a lot of printers, and their drivers are sometimes better than the official drivers. HP also has fairly good Linux support. http://hplipopensource.com/hplip-web/index.html

      In times past I used to use Gutenprint (then Gimp-print) drivers for several of my personal printers in preference to the official drivers. I could get PostScript-like output from cheap inkjets, which was a good thing.

      Properly done Linux distros should ship with CUPS already installed and set up, all that's necessary is to get hold of the CUPS (that is, Mac) drivers from the vendor and install. As the vendor's installer will be aimed at Macs, that can be interesting, but there are sites which have Linux installers available.

      Now, if the printer you want to use doesn't have Mac drivers, you might have a problem. But that printer really will be a winprinter.

      1. Captain Badmouth

        Re: Linux v Windows

        C'mon, I did say average user, gentlemen.

        1. Peter Gathercole Silver badge

          Re: Linux v Windows @Badmouth

          Even average users. Most printers just plug in, get recognised and work. Really.

          In the worst case I commented on above, the HP LaserJet 1000 (which, to be fair, was marketed as a Windows only printer, with no official support for anything later than Windows XP), I followed a Google link to the HP website, clicked on download the script, and ran it in a terminal window according to the instructions on the Web page. 20 minutes later (it was an EeePC 701, not the fastest machine on the planet), after answering some very simple questions, I had a working printer.

          The HP LasetJet 1000 is an abomination! To save a few cents, it does not even have a large enough bootstrap ROM to hold the operating firmware, let alone Flash memory. Every time it's powered on, it has to have downloaded it's operating firmware from the connected computer. And there's no power switch, or in fact any switches or buttons. The two indicators are a green power LED and an amber error LED.

          Of course, I triggered that 20 minute job after insisting that I, as an 'experienced' Linux user of 17 years 'who could work it out by myself' spent a fruitless couple of hours hacking around in Synaptic, 'Add a printer' dialogues and the CUPS configuration!

          Chances are that an average user, doing the sensible thing (if it could ever be considered sensible to actually try to use this crippled printer) documented on the HP support website, would have had it working much quicker. Ho hum. So much for 'experience'.

    3. Destroy All Monsters Silver badge
      Trollface

      Re: Linux v Windows

      The reason the average user won't swap to Linux is the difficulty of finding drivers for their peripherals.

      As opposed to here where you get drivers you didn't want for peripherals you didn't know you had delivered DIRECTLY FROM THE BIOS.

    4. Unicornpiss

      Re: Linux v Windows

      So not true... my old HP inkjet's duplex printing feature would sometimes be available, sometimes not in Windows, worked flawlessly in Linux. (the printer has since been trashed)

      My current color laser works very well in Linux and without the pain of waiting for Windows Update to fail to find a driver for it and then having to download the driver anyway.

      To sum up, both printers I've owned in the last 5 years have worked better in Linux.

    5. Alan Brown Silver badge

      Re: Linux v Windows

      "most printers currently available for the home market are winprinters"

      People only buy them because they're slightly cheaper. Once they start returning 'em in droves because they won't work on Linux then shops won't stock 'em.

      Not to mention that there are many more printers supported by Linux than by Windows, particularly older models.

      Windows supports directly printing to a IPP printer (if manually configured to do so), but why can't it see IPP broadcasts and handle things automatically? Why hasn't someone ported CUPS to windows?

      1. Peter Gathercole Silver badge
        Boffin

        Re: Linux v Windows

        Sorry, this is going to be a long, historical post, explaining why there is actually no such thing as a 'winprinter', although possibly a more accurate description of GDI printer may be more appropriate.

        Back in the day, printers used to have Page Description Languages, such as ESC/P for Epson printers, and PCL for HP printers (and many others. Each manufacturer defined their own). These were often supersets of plain ol' ASCII in most cases, with some escape sequences to allow things like switching to different fonts, superscript, subscript, bold and italics etc.

        In fact, many printers still do. Last time I looked, Epson still included ESC/P in their printers.

        The problem with this type of support was that you were limited by what the printer could do, and how well the text formatters knew about them. Anybody remembering Epson FX80 printers used from Wordstar or any similar software would be quite familiar with this, especially loading a printer description into the word processor during the setup.

        Some printers, however, were quite 'clever' and included very high level PDLs, examples being PostScript and the later versions of PCL, and these tended to the be printers that would be used on UNIX systems. This was through the very hard to configure successfully System V LP system. Most of the time, this required the formatting program to be aware of the printer type, and LP used to just shunt the bytes to the printer. Some support for slightly more intelligent printers crept in, but generally all they really handled was pagination rather than formatting.

        Adobe and/or Microsoft (and possibly others) had a bright idea. Most dot matrix printers had a graphics mode, and they decided to take the responsibility for formatting the page away from the printer, do the formatting to a bitmap in memory, and then send the page out to the printer as a graphics image. What this allowed them to do was to ignore the limitations of the printers built-in capabilities, and use any font, size or any other graphics construct that they cared to code into their software.

        When ink-jet printers came along, even if they did have a high level PDL built in, it tended to be ignored, and rendering the page still happened in the computer, sending it out as a graphics image. This became the standard way of handling printers in Windows and MacOS, and eventually became abstracted in the OS, so that the software would use an OS defined printer format that would be rendered by OS components before sending to the printer.

        Eventually, some printer manufacturers decided that it was pointless putting significant processing power in the printer, and thus were true 'winprinters' born, especially those using the Graphics Device Interface (GDI) that is a part of Windows. Basically these printers were so dumb that they could do nothing themselves other than take a bitmap of the page, normally in an unpublished proprietary format. But that did not alter the fact that other more capable printers were effectively being treated the same!

        The problem, as far as UNIX and Linux was concerned, was that for may years after rendering was being done in other OSs, they still used the old PDL model to drive printers. So printers that did not have any PDL at all could not be used. This seriously limited what could be done without some serious knowledge of the printer and the way it was attached.

        Step up Ghostscript, which was originally a way of displaying Postscript on screen. Some clever bod realised that you could use PostScript as a generic PDL, and then use Ghostscript in the computer to render the page into a bitmap, and then send this out to the printer with a suitable graphics converter. Suddenly, it became possible to use very basic printers on UNIX/Linux, and get reasonable results, as almost all programs knew how to write PostScript. Eventually, this become Ghostprint, which became common in most Linuxes.

        Later, a similar project started using the GIMP (GNU Image Manipulation Program) backend print drivers for a similar print method, and this became Gutenprint, which largely replaced Ghostprint by default in most of the major distros.

        When Apple decided to switch MacOS to a BSD UNIX platform (OSX), they decided that the previous print backends were clumsy, and needed improvement. In one of the most useful things that Apple have ever done, they wrote a common backend for all UNIX-like OSs, which is where the Common UNIX Printing System (CUPS) came from. Because CUPS was written as an Open Source project, it has been wildly successful, and has almost completely replaced the older print systems in Linux and UNIX.

        So nowadays, even UNIX and Linux effectively drive almost all printers in the same way as Windows, and can often be configured to use so-called winprinters, including some that have required reverse-engineering the unpublished GDI-printer formats.

  46. Anonymous Coward
    Mushroom

    FUCK CHINA!!!!

    FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! FUCK CHINA!!!! Nuke 'em!!!!

    1. Destroy All Monsters Silver badge

      Re: FUCK CHINA!!!!

      > Nuke 'em!!!!

      Very inwise, grasshopper.

  47. Lamb0
    Mushroom

    Of course you know...

    https://www.youtube.com/watch?v=BjIZwv5aENQ

    https://www.youtube.com/watch?v=zoWUos53sg0

    https://www.youtube.com/watch?v=P9jHa-y24hM

    1. Joey M0usepad Silver badge

      Re: Of course you know...

      ooh some unexplained links to click on! lemme at em!

  48. Howard Hanek
    Pirate

    The Party MADE Me Do It!

    Honest. We had no choice. The Chairman is watching us.

  49. Anonymous Coward
    Anonymous Coward

    Lenovo is a scummy company

    I think we have already clearly established this fact since the Superfish spying scandal, have we not?

    Have some dignity, vote with your wallet, boycott Lenovo and tell others to do likewise.

    Do not reward bad behaviour, because you'll only encourage more bad behaviour.

  50. DerekCurrie
    FAIL

    Not Acceptable

    Lenovo is already on the skids. What a great way to hammer home the idea of ignoring them next time buying a new PC is under consideration.

    Way To Go LenovO! Just dive on into that grave.

  51. Anonymous Coward
    Anonymous Coward

    it isn't only lenovo

    Fujitsu Siemens laptops with secure boot also have this feature, that this feature was accidentally used to compromise users is belied by those in the loop protecting themselves

    See intelligence services banning lenovo when IBM laptop sold to China

  52. john devoy

    Microsoft....working hard to screw up your system, when a BSOD just isn't good enough.

  53. Anonymous Coward
    Anonymous Coward

    Re. BSoD

    0x0000007B can be triggered by leaving an external HDD or certain pendrives connected during bootup even if boot from external is NOT at the top of the list.

    Come to think of it, I wonder if Windows Update being broken on my machine (Acer 5730, 7Pro SP1 x64) could be some sort of malware embedded in the BIOS? It was updating a while back, then one day it just stopped.

    Did a clean reinstall on a fresh zeroed 250G HDD and it still won't update past the first stage.

    Recent additions that were suspect: flashed FW on the SG MMT 750GB HDD and flashed the BIOS hoping to enable the use of a faster C2D chip (didn't help).

    Other symptoms include the Arduino environment randomly glitching and video playback stalling despite all the drivers being up to date.

    Bandwidth usage seems to have gone up significantly as well but can't find the culprit.

    1. Anonymous Coward
      Anonymous Coward

      Re: Re. BSoD

      Even more puzzling.

      A little while back I had to replace 2*2GB DDR3 memory on a Samsung X520 (aka dinosaur) because it was hosing Itunes and FF in a very specific way and also both were running literally red hot yet voltage was stable and glitch free. Of course Memtest86 claimed they were fine.

      I tested RAM on another machine and.. no problem, no overheating RAM sticks either.

      Memory changed with 2*2GB 6400 stick pulls from an old Lenovo and it ran fine <35C.

      Put a 4GB stick which tested fine in the recovered HP and .. no workie!

      Would it be possible for someone to take a look at these zombie sticks for me if I can find them, as I suspect the internal 24C0x memory chip has been "nobbled" by malware that managed to write malicious code to the normally write protected area, then reconstructing bad code a la "BadBIOS" somehow during successive updates causing system instability and overheating via either rowhammer or some similar effect thanks to being run at an excessive clock rate.

      The other factor is that the drive was thoroughly checked with every malware scanner, AVG Boot, paid for Avast! and still couldn't locate a problem.

      This machine previously labeled a 500GB drive as bad "Disk Read Error" despite multiple zerofillings and testing it on an Acer (coincidentally the same one) which showed no signs of a problem.

      Imaged it to a 1TB and all seemed fine, even did a test restore from the image.

      1. Solmyr ibn Wali Barad

        Re: Re. BSoD

        Sounds like Samsung BIOS applied too much frequency on those RAM sticks. Thus unintentionally overclocking them. May be a BIOS bug, may be wrong JEDEC information in the DIMM.

        Memtest shows actual RAM frequency - did you pay attention to that?

        1. Conundrum1885

          Re: Re. BSoD

          Thanks, I will check this.

          Also might explain why a 4GB DDR3 12800 stick didn't work (no bootup) despite being tested on another machine and found to be in perfect condition.

          Also see re. comments about defective webcams on this and many other laptops, could be responsible for quite a few BSOD/spontaneous reboot failures.

          I've also seen a form of tin whiskering before caused by humidity, some of the early HP laptops had this happen between closely spaced pins on the underside of the large ceramic capacitors for CPU Vcore power which was also responsible for at least some of the fail blamed on the Nvidia chipset.

          The fix was just to replace the motherboard :-)

          1. Conundrum1885

            RE. Re: Re. BSoD

            Yup, problem is corrupted SPD data in the memory possibly by X-ray exposure from a very close (180 feet) lightning strike to a nearby lamp post that also took out the network card and scrambled the router to the point the thing was locking up within 3 minutes of power-up.

            I took a picture, compared it with a known good stick and one of the two 2GBs had clear differences despite being made at the same time in the same week.

            The offending bytes control the timing for refresh among other things so with this problem a single bit change ie from a bad power down can corrupt the 34C02/etc and if this happens to be an important setting the effects can be bizarre to say the least or it can do nothing.

            You'd think that they would have included error checking and plugging this same module into another machine did show *something* was amiss but it was more instability than outright failure to boot.

            In other news Project AIHammer is getting somewhere, this effect can be duplicated on any system using an affected chipset and if the CPU cache is used to run the AI then all the available memory can be used overclocked for maximum connectivity between the cells.

            Tested on Extensa 5220, 5230, 5630EZ (DDR2), and about to try it on an HP with 4GB DDR3 10600.

            1. Solmyr ibn Wali Barad

              Re: RE. Re. BSoD

              Yes, plausible. It very much depends on the implementation. How scrupulous SPD parsing is, and what decisions are taken in case of inconsistencies - do we fall back to failsafe values or trust some of the data? Alas, such subtleties are rarely documented.

              /beer.jpg/

  54. Anonymous Coward
    Anonymous Coward

    I had a problem like this once...

    ...so I took an valid windows 32 executable that loaded into memory (like the task scheduler in windows 98), and renamed it with all the offending software names that were being loaded.

    The task scheduler is a very special executable, because it has a mutex that prevents it to load several times in memory, it doesn't pop any errors when you try to load it dozens of times in a row, and has a small memory footprint. It is like doing that Unix thing with redirecting to > null.

    Good'ol times, where you could can any crapware that didn't checksum its own executables.

  55. Anonymous Coward
    Anonymous Coward

    "we're losing control of our computers."

    We have already.

    Being moderately knowledgeable about computers (and a regular El Reg reader), I find myself facing two alternatives:

    A. spend the whole day patching the new security holes du jour (on just 1 Win7 desktop and 1 Android mobile phone).

    XOR

    B. get Stuff done.

  56. BobW

    Which laptop models have these files? I checked three of mine (all Thinkpads) and couldn't find the mentioned programs in the specified directory. Is it only some models?

    1. diodesign (Written by Reg staff) Silver badge

      Re: BobW

      The full list is linked in the story – and no, Thinkpads aren't affected,

      C.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like