back to article C’mon Lenovo. Superfish hooked, but Pokki Start Menu still roaming free

As Lenovo struggles to extricate itself from the controversy surrounding pre-installed Superfish scumware on its machines, a blast of cruft from the past may give the PC slinger's critics extra ammo this week. A Reg reader, who wishes to remain anonymous, reminds us that Lenovo is still shipping laptops with a potentially …

Anonymous Coward

Why are you even diagnosing this lappy?

The only question I have to raise is why this laptop even got to this stage, where's the custom build on these laptops? At my shop we have a locked-down company Win7 build. Any machine desktop/server/laptop is immediately wiped clean the second it comes in the door, the stripped and locked down company approved build is put on user machines and then apps are loaded under control from a central source that tracks application license usage.

I appreciate this is going off topic a little but we wouldn't even be diagnosing laptop problems like this with scumware as we build to an approved and tested spec and never allow users to install their own software.

28
5
Silver badge

Re: Why are you even diagnosing this lappy?

Sure - you can.

The vile thing here is that as a result of the vagaries of Windows OEM licensing Joe Average Luser CANNOT do that. Microsoft (and the OEMs) have removed this option from him (unless he pays for Windows twice). This is the bane of the Windows malwaresystem (or as they called it OEM ecosystem) and it is a pity none of the muppets in FTC and EC can be made to get of their arse and enforce some consumer rights here.

IMHO, as far as Windows monopoly goes, there should be no need for remedies, no need for anything except one thing - I as an end-luser must be able to get a FULL, CLEAN, NO 3rd-party MALWARE build directly from Microsoft when I show my OEM license number. It can even be locked down to my pre-registered hardware identity or have a requirement for "boot once to register" with the manufacturer's build. Presently - I cannot.

16
18

Re: Why are you even diagnosing this lappy?

what are you talking about ?

I have installed an official windows iso from digitalriver and registered it with the serial number printed on that microsoft sticker couple of times already.

Anybody with OEM licensed windows can do the same.

18
0
Gold badge
Facepalm

Re: Why are you even diagnosing this lappy?

Yup, that was my immediate reaction.

I always wipe and do a clean install for home machines. Not doing it as a matter of course for anything to be connected to a corporate network......well......words fail me.

10
0

Re: Why are you even diagnosing this lappy?

Depends on the size of the shop.

Enterprise will obviously do this (Or should do)

SMB don't always have competent IT staff on the payroll, so doing a clean build costs them Time and Money.

Assuming that Pokki, like Superfish, was only shipped on Home use Lenovo's (IE: Not the business ThinkPads), then that adds weight to this being a smaller, ad-hoc shop - I Wouldn't be surprised if El Reg's source was a jack-of-all-trades office manager, who happens to know enough about IT to handle the client side, with contractors doing the server side.

And again, if they are a big shop, why are they buying Yoga/Inspiron/Pavillion laptops instead of ThinkPad/Latitude/Probook systems?

4
0

Re: Why are you even diagnosing this lappy?

David Austin is correct.

I've been that guy, and I can assure you not having a sysprepped image wasn't due to lack of comptetence - I've got thousands of machines rolled out under my belt, including WDS network builds with automatic application installs before the first login etc, IE The Way It's Meant To Be Done, but most SMBs want some control over what hardware they have - so unless you want to have one guy making images for every single Lenovo, Acer, Fujitsu etc that their customer is likely to buy - normally in quantities of less than half a dozen at a time, normally several years apart, then you just aren't going to be able to justify the time in image building.

And if you, as a supplier, only stock one kind of laptop/desktop to facilitate image building and make the economics work, then

A: You're going to need to buy 100+ at a time - something beyond the reach of most small IT shops

B: If you screw up the spec even slightly - wrong chassis size, no serial ports, needs four RAM slots not two, needs chassis expansion, must be ultrabook class, needs to be 15", not 13" etc - the one time someone comes who needs that bit of spec or form factor you missed, you lose a sale. Screw up the provisioning badly (for any reason - wrong spec, or local economy changes - IE you buy lots of laptops and suddently everyone wants tablets/ultrabooks/whatever) you might not be able to shift them at all and they end up as dead stock...company goes under due to £15-20k of unsellable kit.

There's more to this than competence - at the non-enterprise scale, things become....more fluid.

As a rule, if you have less than 20 systems going in at a time, justifying the expense of building an image (properly) to a customer can be hard - especially when they can just order 20 machines off Amazon and only ask you to install them, etc.

Steven R

8
0
Silver badge
Thumb Up

Re: Why are you even diagnosing this lappy?

For anyone who, like me, is thinking, "Wait, what, really?" here is How to get Win ISO files for OEM installs with links to Digital River:

http://www.howtogeek.com/186775/how-to-download-windows-7-8-and-8.1-installation-media-legally/

2
1

Re: Why are you even diagnosing this lappy?

All the links here point to http://microsofthup.com which reckons that my OEM disks are pre-installed by a 3rd party.

Marvellous!

0
0
Silver badge

Re: Why are you even diagnosing this lappy?

"I have installed an official windows iso from digitalriver and registered it with the serial number printed on that microsoft sticker couple of times already. Anybody with OEM licensed windows can do the same."

Not anybody. Only those who have a sticker. Windows 8 OEM versions mostly don't. And for greater amusement, Win8 SLIC code is not usable for vanilla 8.1 media, you have to install 8.0 first and then upgrade. Again, mostly. It's complicated like hell. Sometimes you'll have to sacrifice a goat to get W8 activated.

10
1

Re: Why are you even diagnosing this lappy?

PhillipJ, Wait a minute! Brand-name Windows 7 systems ship with a genuine Microsoft sticker that has a product key on it. Yes, you can reinstall a clean version of Windows 7 from scratch and activate it with said product key.

I have yet to see a brand-name system with a Windows 8(!) sticker (and product key) affixed to it, so how on earth can your average person reinstall a CLEAN OEM version of Windows 8 on such a system? All you normally get with a brand-name Win 8 system is a system recovery partition, which reinstalls the software back to original factory condition including all the SuperFish or Pokki or whatever other bloatware was installed at the factory.

4
0

Re: Why are you even diagnosing this lappy?

Not only would I be getting these two apps off of any new system, I would be more concerned about the firmware (spyware) that does all sort of nasty things.

0
0

Re: Why are you even diagnosing this lappy?

maybe your a big outfit with such resources and the original complainant is a mom and pop shop operator.....

either way horses for courses

2
0

Re: Why are you even diagnosing this lappy?

And to compliment Solmyr ibn Wali Barads point, getting a hold of a Windows 8 ISO of the correct variant (And even knowing which one to get) is a massive pain in the arse - Microsoft appear to have deliberately made it so.

In all honesty, this was one of many reasons why I got out of teching on Windows; At the end of the day, I enjoy working on computers, but I don't enjoy working on broken Windows 8 machines in the slightest.

Doing Linux Sysadmin is complex as hell for someone who has been a Windows chap most of his professionial career (although I've been using Linux at home for some eight years now) but it's still not as blindly frustrating as trying to rebuild a Win 8.1 laptop with no recovery media, which is an exercise in futility and frustration, and I don't see it getting any better any time soon.

Steven R

3
0
Anonymous Coward

Re: Why are you even diagnosing this lappy?

Doing Linux Sysadmin is complex as hell for someone who has been a Windows chap most of his professionial career (although I've been using Linux at home for some eight years now) but it's still not as blindly frustrating as trying to rebuild a Win 8.1 laptop with no recovery media, which is an exercise in futility and frustration, and I don't see it getting any better any time soon.

I think the point is: Microsoft + OEMs don't want you to rebuild, they just want you to use then throw away.

This might be made easier if the pre-shipped image was fit for purpose in the first place, but even then, I do not consider a >AU$500 laptop "disposable" and thus have a reasonable expectation to be able to re-load it as I see fit.

1
0
Anonymous Coward

"Installing from scratch now"

You mean you don't do this already, for my home computers/servers I start from scratch!

3
0
Silver badge
Linux

""Installing from scratch now"" I do so too.

4
0
Anonymous Coward

Installing from scratch now

... I've just had this idea for the name of a new linux distribution ... "FromScratch" :-)

6
0
Silver badge

Re: Installing from scratch now

That distro has been around since 1999.

3
2

Not just laptops.

I've seen it on Lenovo desktops too. I thought it was weird when a brand new desktop straight out of the box came with malware on it since I've been spotting Pokki in the wild on badly infected machines for a few years now.

1
0

Re: Not just laptops.

It's a symptom of people hating the Win8 start screen, not of malware. It makes sense that people who'll download and install anything would download it, but a lot of people get it because it's one of the most complete (and heavily advertised) free alternatives. I'm not a fan of it, but at least it's mostly just a mild adware that pushes its own app store ecosystem when you use it, it's not full of popups and trojans.

2
2

Pokki.

Found its way on to a machine I was looking at a few weeks ago. It was a new machine out of the box, so I was wondering where it came from. Looks like HP have it as part of their default build/install.

0
0
Bronze badge

Blank box

Shame we can't buy laptops that have no OS at all installed on them...

7
0
Silver badge

Re: Blank box

I too wish we could but then how would microsoft guarantee that its software gets installed and where do you get the necessary drivers for any other operating system from?

1
4
Silver badge

Re: Blank box

If you search hard enough, you can find computers with no OS installed. They usually cost more than the same hardware with Windows. Years ago, that was because you were still paying the Microsoft tax even though the software was not installed. These days, crapware can more than pay for the minimum Windows license.

I used to be annoyed by the lack of crapware available for Linux. Now all the crapware in the world cannot bring the price of a new Intel box down to the price of an ARM sufficient to replace a dead desktop.

Superfish's biggest achievement is to educate some noobies about the value of a clean install.

6
0
Silver badge
Linux

Re: Blank box

"...where do you get the necessary drivers for any other operating system from?"

I can't speak about your first point regarding whether or not MS can guarantee its software, but you can get OSs with drivers built in. Linux for one. I can say that as I use it exclusively but AFAIK the BSDs also have drivers built-in.

So, with Linux and the BSDs you have pretty much covered all areas of computing from HPC right through to embedded systems, desktops, servers and stuff like the Raspberry Pi.

Having to scratch around for drivers for your OS can be avoided if you are open to alternatives to Windows..

7
4

Re: Blank box

Shame we can't buy laptops that have no OS at all installed on them...

Except we can. Shop around.

2
1

Re: Blank box

You'll generally find manufacturers won't do it because - for all intents and purposes - it's not a complete product. It's not worth the hassle when average Joe (or the average 'genius' that works in purchasing) buys it because it's £50 cheaper than one that's the same and it doesn't work.

You can get machines shipped with things like FreeDOS but they'll often be custom built jobbies.

2
1

Re: Blank box

"These days, crapware can more than pay for the minimum Windows license."

Hold it right there.

There is a fundamentally unethical problem right here. Microsoft has created a system whereby they are allowing crapware to essentially pay them. Cost neutral to the manufacturer to install Windows - so long as MS continues to allow them to install the crud. Thus the windows tax is now being paid, not in dollars, but in punters being sold systems riddled with bloatware and potentially worse. And no-one sees a problem here?

Seems there is a market for a simple cheap product that any punter can use to wipe and reinstall. Perhaps a read only USB stick that you insert, boot from, all it does is ask you to type in your code, and away it goes. Or perhaps all the local friendly corner computer shops should start promoting reinstall as as it as a service as well as a really good idea.

2
6
Silver badge
Terminator

Re: Blank box

@Francis Vaughan - "Or perhaps all the local friendly corner computer shops should start promoting reinstall as as it as a service as well as a really good idea."

But then it begins to depend on how much you trust the local shop doesn't it?

This could easily extend the adware market. All adware makers have to do is to pay the local shop to include the adware software (or worse) in the 'clean reinstall'.

1
0

Re: Blank box

Would you please try to understand this once and for all, that Microsoft DOES NOT provide this 3rd party crap like POKKI or Superfish and that it does not take money from 3rd party crapware companies nor does it install anything, only your laptop vendor does this.

MS has no power legally to prevent the Laptop/Destop vendor from doing what it wants with their computer.

THE CRAPWARE IS COMING FROM THE LAPTOP VENDOR! BLAME THEM!

7
8
Silver badge

Re: Blank box

Microsoft is more than capable of mandating exactly what is allowed to be shipped on a new PC, look at Windows 8.1 for Bing. If they wanted to stop this, they could, but they don't.

5
4

Re: Blank box

It's called PC Decrapifier. Get it at http://www.pcdecrapifier.com/ -- there's a free version, and a Pro version you have to pay for.

0
1
Anonymous Coward

@GregC - Re: Blank box

You mean a Dell or HP with decent specs ? Where did you spot it ?

1
0
Anonymous Coward

@Archaon - Re: Blank box

And it surely has nothing to do with Microsoft revoking generous discounts for Windows licenses if they happen to know about it. Even those with FreeDOS count as a Windows license. Let's not be silly, shall we?

1
0

Re: @GregC - Blank box

No, not a Dell or HP (that wasn't specified in original comment, btw) - the company I was thinking of is PC Specialist, who on most of their products offer a No OS option. As that's the second time I've mentioned them on here in a few days I'll leave it at that lest I get accused of being a shill for them...

0
0
Silver badge

The problem starts with punters and prices

As the article points out, margins in this game are very low, and anything that can add a few quid profit to the manufacturers is being embraced like a saviour.

But this is the fault of the market, punters look at the spec and say "model X from company A is the same as, but a bit cheaper than, model Y from company B"; nowhere in the list of features does model X say "Includes crap adware that fucks up security" so buyers just pay their money and take their (uninformed) choice.

It's very hard to charge more for something that appears to have "less" in it; so the market needs to be fixed to give hardware manufacturers the chance to make some money on hardware rather than having to pimp their customers' data for a few shekels; how to fix it will be very controversial: do you ban certain types of software, can you force a "data security" warning on certain software like the warnings on cigarettes?

Lots of posts have mentioned being able to do a "clean" install, but this requires skills or money, so buyers may as well opt for a more expensive "business" PC that comes without any adware.

Maybe the answer is to lose a few players in the PC hardware game, or at least the market for personal rather than business machines, so margins aren't so tight.

In the end, it's all about what people are prepared to pay for a PC and the battle for the cheap end of the market.

7
0

This post has been deleted by its author

Silver badge

Re: The problem starts with punters and prices

"how to fix it will be very controversial: do you ban certain types of software, can you force a "data security" warning on certain software like the warnings on cigarettes?" -- Anonymous Blowhard

Not sure it will be that controversial; as I'm pretty sure that *certain* types of software are already doing something that is pretty much illegal. This is *exactly* what consumer protection legislation is for: you are assured a minimum standard of electrical safety when you buy your laptop and you should similarly be assured of a minimum standard of cybersecurity.

I wonder if you could actually use the UK Sale of Goods Act to claim that such a computer was not 'fit for purpose' given that the purposes the customer reasonably expected included being able to make secure online transactions?

8
0

You can always try YumCha

I recently roughed out the spec of a workstation - cabinet (it had to fit in a particular location), mother board, cpu (fast i7), memory (32GB) , 3 NICs, ssds and spinning rust, O/S - priced the parts through retail channels and sent out requests for quotes for the built box based on the partial parts list. I ended up with a built and tested box that met my requirements for a price that matched my estimates for the parts alone and it came with a warranty.

The result was cheaper than something equivalent from the major vendors and had no unwanted additions.

This was not cheap end of the market specifications so may not be something tat can be replicated in that space but it is working really well and I'm left wondering why I hadn't tried this before.

0
0

Re: You can always try YumCha

what does chinese tea have to do with this?

If we're talking about a supplier/builder, please advise who (TF) YumCha are because Google doesn't know, beyond some silk importers and tea shops.

0
0
Silver badge

Re: You can always try YumCha

I think he's getting his Dimms and Simms confused with his Dims and Sims.

3
0
Anonymous Coward

Re: You can always try YumCha

This is relevant to my interests. Do you have a link? A bit of googling yielded mostly tea and dim sum.

0
0

Re: You can always try YumCha

Try checking out DansData. YumCha is his word for no-name Chinese knockoffs and generics, in fact apparently a common phrase down under, and there's lots of great info on computers and electronics to be found (particularly if you find yourself anywhere near Australia).

http://www.dansdata.com/danletters040.htm

0
0

Re: You can always try YumCha

"Try checking out DansData. YumCha is his word for no-name Chinese knockoffs and generics, in fact apparently a common phrase down under"

I haven't heard the term Yum Cha in years and even then only in Melbourne. The correct Ozism for "I can't remember the brand, you've never heard of them and they'll be long gone in six months anyway" is Kung Pow. While its definitely a derogatory term, it in no way dismisses the item. It may be cheap, it may be nasty and it may work very, very well.

And thanks for the link to Dans Data.

1
0
Silver badge

Re: You can always try YumCha

"The correct Ozism for "I can't remember the brand, you've never heard of them and they'll be long gone in six months anyway" is Kung Pow."

There's another - We Con. Reserved for a very nasty stuff. Dodgy powercords that are labeled as 10 A, but their wires can barely manage 1-2 A. Power supplies that have dozens of components optimised out. Heck, who needs all those capacitors and filters and thermal resistors there.

0
1

Re: You can always try YumCha

"This is relevant to my interests. Do you have a link? A bit of googling yielded mostly tea and dim sum."

My local Thai serves dim scum or at least they serve me.

2
0

Pokki is fine

I've been running a Lenovo laptop with Pokki for 8 months and I can't say it's ever bothered me. I'm just grateful to have a Start menu instead of the abomination formerly known as Metro.

Yes I could probably find a better Start menu if I could be bothered.

2
6

Re: Pokki is fine

you'd rather have a malware vector than Windows 8.

Jesus, the lengths some people will go to in order to avoid learning something.

13
8
Thumb Down

Re: Pokki is fine

you'd rather have a malware vector than Windows 8.

Jesus, the lengths some people will go to in order to avoid learning something.

I agree with the general thrust of the first part of your comment.

However the second part is something that really fucking winds me up. I've got a machine with Windows 8.1, and I hate it. It's not about "learning" anything. I know how to do whatever I need to on it. I hate it because it's ugly, inconsistent, and schizophrenic. Oh, and the ribbon.

10
5
Silver badge

Re: Pokki is fine

you'd rather have a malware vector than Windowsthe primary malware vector (version 8).

FTFY.

5
9

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017