back to article Superfish: Lenovo ditches adware, but that doesn't fix SSL megavuln – researcher

Lenovo is attempting to defuse controversy over its pre-installed Superfish crapware – which appears to have run man-in-the-middle attacks against consumers in order to sling ads – by saying it has discontinued use of the visual-recognition technology on new laptops and promising to review outstanding concerns. Superfish …

  1. Britt
    Facepalm

    @Halverflake

    So, making the laptops vulnerable and undesirable is a valid way to move the negative margins into the positive? That is, of course, until it all goes boom and the backlash hits.

    That has to be up their with other historic pathetic excuse making.

    And now for the tin foil hat moment:

    Is it the Ads that are making them the money that takes the margins into the black, or is it the back pocket NSA (or disliked agency/country of choice) funding to gimp the machines security that lines the pockets.

    Still, bad form. I've never trusted pre-installed bloatware (and thusly removed it) and now I'm vindicated more than ever.

    Probably a fair number of commenters here feeling the same.

    1. Will Godfrey Silver badge
      Unhappy

      Re: @Halverflake

      Indeed so, but unfortunately Joe Public probably has no understanding of what the problem is... even if (s)he's been made aware of it.

      1. Doctor Evil

        Re: @Halverflake

        Joe Public is buying tablets these days. Laptops are still being bought by a more knowledgeable crowd with long memories for misdeeds like this.

        No Lenovo for me.

    2. Notas Badoff

      Re: @Halverflake

      Halverflake's statement didn't advocate foisting adware on users, but reiterated a reason 'why' it happens. So +1 for your being suspicious but -1 for reading comprehension.

      And, you know, it is getting ridiculous the way everyone reflexively adds '!\!SA!!' to every discussion of malfeasance. Hey, remember Hanlon's Razor? Or like, you know, crop circles, aliens, poisoned wells, etc. etc. etc.

      1. Britt

        Re: @Halverflake

        Fair Comment. I can see that he played devils advocate but, to me at least, came across as smarmy.

        And +1 for you on the everything has NSA in it, hence why I caved and did my tin foil hat moment. It seemed fashionable.

      2. Bob Dole (tm)

        Re: @Halverflake

        >>Hey, remember Hanlon's Razor? Or like, you know, crop circles, aliens, poisoned wells, etc. etc. etc.

        All NSA.

        What's your point again?

      3. BillG Silver badge
        Holmes

        Re: @Halverflake

        This validates all the paranoia some people felt when IBM sold ThinkPad to a company in communist China.

      4. P. Lee Silver badge
        Facepalm

        Re: @Halverflake

        The application is called "SuperFish" and and nobody thought, "Hold on a minute, this might be a problem"?

        With this level of incompetence, who needs the NSA with their HDD firmware mad skillz?

        I'm afraid MS has some share in the blame. Not providing clean OS images is precisely to allow this sort of revenue stream and it targets those least able to fix the problem.

        But don't worry Nadella, I'm sure people consumers will still want a Windows tablet and phone!

        Hello, I'm a Mac and I'm not delivered with software that snoops on your bank account. etc.

        1. mrjohn

          Re: @Halverflake

          You sure about that?

          http://www.theguardian.com/us-news/2015/feb/19/nsa-gchq-sim-card-billions-cellphones-hacking

        2. Dan Paul

          Re: @Halverflake @P.Lee

          Lenovo produced the hard drive image, not Microsoft.

          Lenovo is fully reponsible for including the bloatware, not Microsoft.

          Microsoft makes operating systems and office software for many laptop/PC manufacturers, not just Lenovo.

          Is "SuperPhish" present on those units too? Not that anyone has heard.

          1. regadpellagru

            Re: @Halverflake @P.Lee

            "Lenovo produced the hard drive image, not Microsoft.

            Lenovo is fully reponsible for including the bloatware, not Microsoft.

            Microsoft makes operating systems and office software for many laptop/PC manufacturers, not just Lenovo.

            Is "SuperPhish" present on those units too? Not that anyone has heard."

            The problem, here, is MS has let OEMs, like muppets-Lenovo and many others, package their OS, to their will, including the possibility to add any full-scale spy/mal/bloat-wares, if it brought revenue. And this is gonna hurt them, even if they've only been naive.

            MS really need to regain control of Windows from the OEMs and provide certified (whatever that means) install media that can bring a secure baseline to any HW. It is abolutely pointless to have invested in things like secure boot and have let OEM act as Lenovo had.

            MS is not the culprit, here, but they've let things go titsup.

            1. Anonymous Coward
              Anonymous Coward

              Re: @Halverflake @P.Lee

              They can't. The OEMs can dictate terms because, otherwise, they won't buy. What can Microsoft do when the OEMs basically make it "Deal or No Deal"?

        3. David Bell 6

          Re: @Halverflake

          "I'm afraid MS has some share in the blame. Not providing clean OS images is precisely to allow this sort of revenue stream and it targets those least able to fix the problem."

          Erm... http://windows.microsoft.com/en-us/windows-8/create-reset-refresh-media

    3. roadrunner

      Re: @Halverflake

      If you issue a false certificate to intercept secure communications, don't you open yourself up to criminal charges?

      Or does the law only apply to nerdy 17 year olds?

      1. regadpellagru

        Re: @Halverflake

        "If you issue a false certificate to intercept secure communications, don't you open yourself up to criminal charges?"

        Who cares, when

        1- it happens to a chinese vendor (law ? What's that ?)

        2- you have 0 judge or lawyer on earth who can understand this SSL stuff

        3- you can easily spin it to the "usefull app that gives nice ads to the user"

        1. Solmyr ibn Wali Barad

          Re: @Halverflake

          "2- you have 0 judge or lawyer on earth who can understand this SSL stuff"

          Heck, even a good half of the IT crowd doesn't. Myself included. Maybe there's enough understanding to cope with the daily tasks, but not enough to make truly important policy decisions, or to serve as an expert in legal proceedings.

          Which may be a serious problem in the legal matters. If someone's machine is hijacked for a criminal activity, then a false impression of security may become a deciding factor in a verdict. Encrypted drive? Check. Password-protected? Check. SSL? Check. That's a proof beyond reasonable doubt, m'lud. Nobody but the defendant could have gained access to this machine. Throw in an "expert" or two, and it's pretty much a done deal.

          If that previous part sounds as a hyperbole - not necessarily so. Germany has a precedent on this. If any cybercrimes are performed from a "secure" WEP-protected WiFi network, then the owner is liable. Not to mention that possession of any "hack-tools" is an offence by itself, and a solid proof of guilt.

          Honest mistakes undoubtedly happen. But there shall be no mercy for vendors that are knowingly exposing their customers.

          1. Tom 13

            Re: or to serve as an expert in legal proceedings.

            In the US, if you could serve as an expert on the subject, you will be excluded from the jury pool.

            1. Solmyr ibn Wali Barad

              Re: or to serve as an expert in legal proceedings.

              Probably so. Jury trial is supposed to be a 'common sense' test, so selection process should filter out anyone who's not so common. And remove people with a clear bias or prejudice. How's that working in practice, I wouldn't know, haven't seen it close up. Probably less than perfectly, as jury foreman in Apple vs Samsung so aptly demonstrated. He got away with playing an "expert" during a jury session.

              Yes, some experts can be outright scary. Highly educated (which is kind of a requirement), highly decorated, and able to talk utter bollocks with a confidence.

    4. nigel 15

      Re: @Halverflake

      @Halvarflake can go **** himself.

      He's providing mitigation if not full excusing. Together with being incredibly patronising to those of us that are surprised by this.

      Margins are thin in many industries. Oil prices are suppressed at the moment, margins are thin. I'd still be surprised if next time i go to fill up the car with petrol i got a 50/50 mixture of that and bath water. Presumably @Halverflake does expect this, or else he doesn't understand the economics of the oil industry.

      what an arse.

  2. Terje

    It does seem like the recommendation I have made lately to friends and family asking my advice on new computers to format and do a clean install does carry some additional merit apart from getting rid of crudrefuses to uninstall properly.

    1. elDog Silver badge

      @Terje - and how are they supposed to do a clean install?

      Consumer laptops don't get any media any more to rebuild the user partition.

      There may be a vendor-supplied partition that contains the means to rebuild the original user partition, but why would I trust it?

      Why would I trust some DVDs that were distributed by Lenovo (or any other vendor) since they can have the same malware.

      Why would I trust a download from a web site linked to the vendor? Or to M$, or <younameit>?

      In the end, it doesn't make any difference. The <conspiracy_agencies> has already modified your BIOS and your HDD firmware to do their bidding. I can imagine that these lower-level techniques are now promulgating outside of our <trusted_agencies>.

      If anything, all these new stories about rootkits, zero-days, firmware diddling - all they do is open up channels for spying and PROVE that we are being spied upon - by whom? Probably by Many Eyes (Five + Israeli + Russian + ...)

      1. danR2

        Re: @Terje - and how are they supposed to do a clean install?

        Because, although the lesser of two evils is still evil, it is still lesser. Why should someone buy cut-rate Prozac from alibaba?

  3. Comedy of Errors

    Removing it

    Lots of articles say the only way to be sure you have got rid of everything is to reinstall Windows and avoid using the Windows image supplied with the machine.

    The problem is that won't work. The version of windows on it is the cut price "Windows 8.1 with Bing" for which Microsoft has never issued a public ISO. Standard version of Windows will not work.

    So without buying a whole new version of Windows we are left just trying to fix the obvious stuff and hope we didn't miss anything.

    1. Anonymous Coward
      Anonymous Coward

      Re: Removing it

      Does anybody know a free program that will identify and/or kill any instance of Superfish? I think I caught it due to a browser extension. It injected ad sidebars into certain web pages and I can't tell if it's gone.

      1. This post has been deleted by its author

      2. Richard Taylor 2 Silver badge
        Pirate

        Re: Removing it

        Not too difficult to remove - and yes, I found it on my son's otherwise excellent Lenovo laptop) you might try http://www.pcworld.com/article/2886278/how-to-remove-the-dangerous-superfish-adware-presintalled-on-lenovo-pcs.html - appears to have been written by someone who has thought about it.

      3. Tom 13

        Re: Does anybody know a free program

        I've generally had good luck with Malware Bytes Anti-Malware.

        Just this week I had to clean up a Lenovo consumer laptop that was malware infested and used it. I think the source was Tovi (Trovi?) Toolbar*, but hadn't seen the news about SuperFish at the time. So I don't know if the bad cert was on it. Unfortunately I already returned it to the owner so I can't check the cert list. I did notify the user when I saw the Reg article about the problematic cert.

        *Nasty little bugger. Kept popping up ads no matter which installed browser I used. Couldn't get to the malware byte site. Downloaded on a different computer, copied to USB, infected PC wouldn't read the drive. Finally burned it to a CD and installed it that way. The scan found 400+ instances of questionable stuff. Deleted it all. System was returned fully patched, malware bytes installed, Secunia PSI installed to make sure her other software is updated. And I suggested she stop by at least once a quarter to make sure the patches have been installed. She uses her cell for internet connectivity while I have broadband.

      4. Panum

        Re: Removing it

        I had to take my business laptop to a security expert. He told me it was a rather difficult task to remove all the convoluted crap Lenovo thoughtfully installed on my machine. (He likes this kind of stuff)

        I am fortunate he is a friend and it didn't cost me much. There was re-spawning code hidden in innocuous looking sections of the root directory.

        I will NEVER buy a Lenovo again.

    2. Stoneshop Silver badge
      Linux

      Re: Removing it

      Standard version of Windows will not work.

      Because it usually lacks specific drivers for the network and video cards used in the machine; I've seen that with just about any Windows version I've had to deal with. Which is solvable without having to buy another version: just add the network driver from an USB stick, tell Windows to update itself and some eleventeen billion reboots later you're left with just a few question marks in the device mangler, the drivers for which you have to scrounge from elsewhere. And anyway, you have a COA already, no need to buy a new install kit.

      Or install Linux. I've had way less hassle there, if at all, over the past ten years or so compared to Windows.

  4. Alan J. Wylie

    SSL Certificate now public

    Robert Graham has gone further and decrypted the private key for the certificate, which is installed as trusted on who-knows-how-many systems.

    http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html

    1. Destroy All Monsters Silver badge

      Re: SSL Certificate now public

      IT IS THE SAME ONE IN ALL CASES??

      1. Daniel B.
        Mushroom

        Re: SSL Certificate now public

        IT IS THE SAME ONE IN ALL CASES??

        It seems to indeed be the case. The password protecting the PKCS8 Private Key package is the name for another product that does MITM stuff "to protect your children", the Private Key is part of the actual .exe and is extracted from the program's memory, its in PEM format, so I'm pretty sure it is the same one for everyone.

        Hell, you don't even need to extract the key, there's a screenshot showing modulus, publicExponent, privateExponent, prime1 and prime2 out there. The horse has bolted. Someone will get burned.

        Bad Lenovo! Bad Boy!

      2. david 12 Bronze badge

        Re: IT IS THE SAME ONE IN ALL CASES??

        Yes, I thought the article was particularly unclear about that. Perhaps instead of writing

        >Obtaining a private key from one Lenovo laptop would

        ...the author could have written...

        "Obtaining the private key from any Lenovo laptop would "

        1. Daniel B.
          Boffin

          Re: IT IS THE SAME ONE IN ALL CASES??

          Its actually an ongoing thing. Like an STD, it's the gift that keeps on giving.

          The news broke up early this day about the SuperFish thing, to someone ripping up the malware and finding that the fake CA was embedded within the installed program, to the discovery that the password was easily guessable (and related to another product that does a similar thing), to confirmation that all SuperFish installs use the same public/private key combinations.

          Someone at Lenovo is definitely having a very bad day.

  5. jason 7

    They can charge more for the laptops. After all a lot of my customers are happy to pay me £50 to remove the crapware and set the laptop up like a Mac would come out of the box.

    Improves the user experience no end.

  6. thomas k.

    Superfish comes with Lenovo consumer products only

    Because, of course, we wouldn't jeopardize our lucrative SMB and Enterprise business by pulling this shit on them.

    1. Christian Berger Silver badge

      Re: Superfish comes with Lenovo consumer products only

      And even if it was on their business products, 99% of those get re-installed with Linux anyhow before they see a day of productive use.

    2. Solmyr ibn Wali Barad

      Re: Superfish comes with Lenovo consumer products only

      True that. Business laptops are a different kettle of fish (pardon the pun). It's the consumer that gets shafted at every turn. But therein lies the danger - if such a behaviour remains unchallenged, then it's just a matter of time when some bright spark will try similar tricks in the business segment.

    3. Jamie Jones Silver badge

      Re: Superfish comes with Lenovo consumer products only

      "Because, of course, we wouldn't jeopardize our lucrative SMB and Enterprise business by pulling this shit on them."

      Oh, I get it now.

      I originally read "Superfish comes with Lenovo consumer products only" to mean that only Lenovo used their software.

  7. This post has been deleted by its author

  8. Anonymous Coward
    Anonymous Coward

    having worked at a UK OEM developing preloads, I (and others) campaigned wthin the company to keep things as vanilla as possible. Our users loved our installs, no adware, no trials.

    We went bust.

    The majority had spoken, they wanted the cheapest junk around, and now they have it. It speaks wonders for the concept of Democracy...those who may know better get to sit and watch the bulk destroy everything. I would chime in something about flies buying ipads and this site ending up being redesigned but that would be a total cheap shot.

    1. Destroy All Monsters Silver badge
      Windows

      Sadly, it has come to the point where no shot is too cheap and no hyperbole is left unrealized anymore.

      "Ah, Mr Creosote. Can I offer you a large, wide-screen image in the middle of your preferred website, sir?"

      1. moiety

        No. Fuck off; I'm full.

        1. Charles 9 Silver badge
          Devil

          Well, screw back. You're getting it whether you like it or not, even if we have to clamp you head to the chair.

  9. Destroy All Monsters Silver badge
    Windows

    Well....

    > Prospecting for a new laptop

    > Dell has only no-longer-composable "take it or leave it and better lube up" crud on display

    > Visit Lenovo's website instead

    > Need to tell NoScript to "enable temporarily" websites I have never heard of

    > Ghostery pops a vein growing a World Trade Center in the corner

    > Nope.jpg

    Still have no new laptop. Am I a failure?

    1. Solmyr ibn Wali Barad

      Re: Well....

      "Still have no new laptop. Am I a failure?"

      Maybe. But you are certainly not alone - my trusty T40 says hello. It has survived quite a lot of newer doodads, so it remains to be seen who has the last laugh on this.

  10. danR2

    Simpler: Don't buy Chinese computers/mobes. Stick with Chinese furniture, etc.

    I make it easi(er) on myself. I don't buy Chinese computer/mobe products. The government there whines about how messed up the place is with rampant, non-state, hacking, and if the Red Army or the politburo isn't quietly mandating backdoors in firmware, they will get them in anyway (why should the NSA have all the fun?), and in this case Lenovo is showing a pretty clear evidence of security ignorance in getting non-domestic crapware—Israeli is this instance—on your machine in the first place, and dishonesty in lying about how long ago it was getting installed.

    This doesn't guarantee security on a Mac, or even on a Blackphone. It gets me a bit closer.

  11. Proud Father

    "discover products visually"

    Don't you just love PR twonks?

    Reality check : it displays adverts so we can get some money

  12. GregC

    MS removal instructions don't work

    I've got one of the afinfected laptops - first thing I did with it was remove all the crud, of course, however this article got me double checking, and while Superfish itself is nowhere to be seen sure enough the root cert was there.

    The MS instructions don't work on 8.1, at least not on my machine - the Remove option is greyed out. I had to go into certmgr.msc to delete it.

    Needless to say, it will be the last Lenovo machine I ever buy...

    1. Roland6 Silver badge

      Re: MS removal instructions don't work

      > I had to go into certmgr.msc to delete it.

      Yes, and yet another example of the p*ss poor UI work MS have done on both Win7 and Win8!

      Use the 'search' box that the Win8 fans go on and on about and enter the word 'certificate', guess what certmgr.msc is nowhere to be seen...

  13. Mark 85 Silver badge

    Are there others?

    Is Superfish the only one? I do wonder about the other vendors....

  14. Anonymous Coward
    Anonymous Coward

    Sue them!

    I want California Attorney General Kamala Harris to file suit against any US-based arm of this bunch of crooks for criminal conspiracy to violate any number of privacy laws. I want Superfish indicted as co-conspirators.

    I want them both to bleed money over this.

    I want them both out of business.

    I want any other batch of idiots who think spoofing root certificates is OK to realize that is corporate suicide.

    And I think Kamala is the one to do this, because she's running for US Senator and likely is looking for a nice shouty platform to get some attention.

    You go girl!

    1. Anonymous Coward
      Anonymous Coward

      Re: Sue them!

      and I want the ICO in the U.K, and the E.U. equivalents to do the same.

  15. John Tserkezis

    If we self-ban any vendors who do this shit...

    We'll run out of vendors to buy from.

    And when you decide to go "old school" again, the paper you write on will have a watermarked ad on it, and the pens will reveal a bikini shop website, rather than an actual bikini-clad girl.

    When you're tired of that, the knife you use to slash your wrists will be engraved with the phone number of a very privately run hosptial. And since insurance won't cover you, bring you credit card, you know, the one with more ads on it. Hold onto it, you're going to need some reading material while you're waiting in the emergency room alongside everyone who had the same idea.

    Since this isn't a suitable outcome, we should loudly and publically make fun of them at every opportunity. Yes, that's you, Lenovo, Sony, LG, Samsung and all the other f**kers who are going try it in future.

    1. Solmyr ibn Wali Barad

      Re: If we self-ban any vendors who do this shit...

      "We'll run out of vendors to buy from."

      Agreed. Knee-jerk reactions are often unjust, and rarely adequate.

      Main thing to understand would be that corporations and their brands are not monolithic entities. There are several divisions, essentially different companies, whose goals are often in conflict. For example, Sony Music (aka former Columbia) is a very different beast than Sony Electronics or Sony Mobile. Punishing other divisions for that bloody rootkit is an overreach.

      On the other hand, misbehaving division is not good for the company, nor anybody else. So there is a reason to make noise about it, in a hope that the corporate overlords can be persuaded to take actions. Hasn't happened with Sony conglomerate though. They're still stubbornly subsidizing their failing entertainment arms. Maybe they do deserve the ridicule afterall.

      Speaking of Lenovo - they're not a single brand either. Consumer division seems to live on a different planet. Probably have green skin and tentacles too. Business side seems to have its own share of morons - somebody thought it's a good idea to introduce "affordable Thinkpads" like S, L and Edge series. Which are nothing like Thinkpads if you'll have a look under covers. Cheap noname stuff with a Thinkpad logo. Classic example of brand dilution. And even IT guys often fall for this scam.

      Fortunately, T, X and W lines are still worthy.

      1. Solmyr ibn Wali Barad

        Re: If we self-ban any vendors who do this shit...

        Oh, that's just bloody great. In the meantime, Lenovo's corporate CTO has come out with a claim that security risks are only hypothetical. It's time for torches and pitchforks then.

  16. Anonymous Coward
    Anonymous Coward

    I can just about understand the marketing team at Lenovo being hoodwinked into buying this 'service' (I've worked in organisations where this kind of "value add" is sold to "partners" as a way to make money on a low margin product/service (Phorm, ISP NXDOMAIN hijacking 'search', etc)), but how Superfish can get away with this is beyond me. How can it even be legal?

    The average Lenovo consumer laptop buyer (or anyone for that matter) should never have to check their root certificates; years of implicit trust in the address-bar-padlock have just been wiped out by these people.

  17. FrankAlphaXII

    I wonder if this was why the Lenovo I bought last year had two extra partitions pre-installed that only DISKPART saw. I blew them straight to data hell, along with Windows 8, when I was upgrading it to Windows 7 but I've always wondered what the hell they existed for. I doubt the certificate survived the formatting but now I have to check.

    Last time I buy a product from them though, I'll tell you that. I knew I should have just plunked down the extra 200 bucks for the MacBook Air and Windows 7 license.

  18. Jamie Jones Silver badge

    About that root certificate...

    This whole thing is disgusting, so please don't think I'm sticking up for Lenovo here, but (not having the equipment to test) I'm puzzled about the issues involving their local root certificate.

    Surely it is only accepted by the local browsers when they talk to the superfish program, and NOT the Superfish program as it talks to the outside world, therefore making concerns over thr cerificate key strength/password etc. moot?

    Extending on this, interestingly it would become a problem only when the software is removed if the client-installed root certificate is left behind!

    1. david 12 Bronze badge

      Re: About that root certificate...

      I think, and other readers are invited to correct me, that the problem is that all clients have a known, installed, self-signed root CA certificate. If you have an identical copy of the root certificate (something that is normally kept secure, and probably off-line), then you can generate SSL certificates for anything, knowing that they will by accepted by any Lenova client.

      So now you can do your own Man-in-the-middle attack on Lenova clients. And this problem is not corrected by removing Superfish, only by removing the well-known root CA certificate.

      Question: if this is correct, does Superfish reject (on the internet side) it's own well-known root CA certificate? If so, web browsers on Lenova clients only become insecure when Superfish is deactivatated?

      1. Jamie Jones Silver badge

        Re: About that root certificate...

        "I think, and other readers are invited to correct me, that the problem is that all clients have a known, installed, self-signed root CA certificate. If you have an identical copy of the root certificate (something that is normally kept secure, and probably off-line), then you can generate SSL certificates for anything, knowing that they will by accepted by any Lenova client."

        My point was that this depends on whether the *superfish* proxy accepts such a certificate as valid - the web clients on the machine are irrelevent if they go through the superfish proxy.

        "I think, and other readers are invited to correct me, that the problem is that all clients have a known, installed, self-signed root CA certificate. If you have an identical copy of the root certificate (something that is normally kept secure, and probably off-line), then you can generate SSL certificates for anything, knowing that they will by accepted by any Lenova client."

        ummm, well yeah, that's exactly what I wrote (though whilst you got an upvote, 2 moronic plebs downvoted me with no explanation, or mitigation for their lack of brain cells)

  19. mrjohn

    "To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine."

    Because the only reason to own a computer is to go shopping?

  20. phil dude
    WTF?

    liability...

    How is this not a slam dunk law suit?

    The company deliberately compromised customer security with crapware.

    Perhaps we need laws that attach liability to software, you know, if you PAY for it.

    P.

    1. My Coat

      Re: liability...

      I'll wager that customers agreed to it in the EULA that absolutely no one reads.

      1. Richard Taylor 2 Silver badge
        FAIL

        Re: liability...

        Whether or not they clicked the box that does not absolve Lenovo from criminal liability

        1. Charles 9 Silver badge

          Re: liability...

          Assuming it's a crime to begin with. I'd love to hear the relevant section of state or federal law that makes it illegal.

  21. This post has been deleted by its author

  22. I. Aproveofitspendingonspecificprojects
    Headmaster

    I'd fill in the form if I wanted to fill in another form first but...

    Are you sure you meant to say this:

    > The controversy has served to generate a debate about the economics of the PC manufacturing business, which suffers from notoriously low margins, among security experts.

    AMTFTFY:

    The controversy has served to generate a debate among security experts, about the economics of the PC manufacturing business -which suffers from notoriously low margins.

    Or better still:

    The PC manufacturing business suffers from notoriously low margins and the controversy served to generate debate among security experts.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019