back to article C’mon Lenovo. Superfish hooked, but Pokki Start Menu still roaming free

As Lenovo struggles to extricate itself from the controversy surrounding pre-installed Superfish scumware on its machines, a blast of cruft from the past may give the PC slinger's critics extra ammo this week. A Reg reader, who wishes to remain anonymous, reminds us that Lenovo is still shipping laptops with a potentially …

  1. Anonymous Coward
    Anonymous Coward

    Why are you even diagnosing this lappy?

    The only question I have to raise is why this laptop even got to this stage, where's the custom build on these laptops? At my shop we have a locked-down company Win7 build. Any machine desktop/server/laptop is immediately wiped clean the second it comes in the door, the stripped and locked down company approved build is put on user machines and then apps are loaded under control from a central source that tracks application license usage.

    I appreciate this is going off topic a little but we wouldn't even be diagnosing laptop problems like this with scumware as we build to an approved and tested spec and never allow users to install their own software.

    1. Voland's right hand Silver badge

      Re: Why are you even diagnosing this lappy?

      Sure - you can.

      The vile thing here is that as a result of the vagaries of Windows OEM licensing Joe Average Luser CANNOT do that. Microsoft (and the OEMs) have removed this option from him (unless he pays for Windows twice). This is the bane of the Windows malwaresystem (or as they called it OEM ecosystem) and it is a pity none of the muppets in FTC and EC can be made to get of their arse and enforce some consumer rights here.

      IMHO, as far as Windows monopoly goes, there should be no need for remedies, no need for anything except one thing - I as an end-luser must be able to get a FULL, CLEAN, NO 3rd-party MALWARE build directly from Microsoft when I show my OEM license number. It can even be locked down to my pre-registered hardware identity or have a requirement for "boot once to register" with the manufacturer's build. Presently - I cannot.

      1. PhilipJ

        Re: Why are you even diagnosing this lappy?

        what are you talking about ?

        I have installed an official windows iso from digitalriver and registered it with the serial number printed on that microsoft sticker couple of times already.

        Anybody with OEM licensed windows can do the same.

        1. paulf Silver badge
          Thumb Up

          Re: Why are you even diagnosing this lappy?

          For anyone who, like me, is thinking, "Wait, what, really?" here is How to get Win ISO files for OEM installs with links to Digital River:

          http://www.howtogeek.com/186775/how-to-download-windows-7-8-and-8.1-installation-media-legally/

          1. mamsey

            Re: Why are you even diagnosing this lappy?

            All the links here point to http://microsofthup.com which reckons that my OEM disks are pre-installed by a 3rd party.

            Marvellous!

        2. Solmyr ibn Wali Barad

          Re: Why are you even diagnosing this lappy?

          "I have installed an official windows iso from digitalriver and registered it with the serial number printed on that microsoft sticker couple of times already. Anybody with OEM licensed windows can do the same."

          Not anybody. Only those who have a sticker. Windows 8 OEM versions mostly don't. And for greater amusement, Win8 SLIC code is not usable for vanilla 8.1 media, you have to install 8.0 first and then upgrade. Again, mostly. It's complicated like hell. Sometimes you'll have to sacrifice a goat to get W8 activated.

          1. Steven Raith

            Re: Why are you even diagnosing this lappy?

            And to compliment Solmyr ibn Wali Barads point, getting a hold of a Windows 8 ISO of the correct variant (And even knowing which one to get) is a massive pain in the arse - Microsoft appear to have deliberately made it so.

            In all honesty, this was one of many reasons why I got out of teching on Windows; At the end of the day, I enjoy working on computers, but I don't enjoy working on broken Windows 8 machines in the slightest.

            Doing Linux Sysadmin is complex as hell for someone who has been a Windows chap most of his professionial career (although I've been using Linux at home for some eight years now) but it's still not as blindly frustrating as trying to rebuild a Win 8.1 laptop with no recovery media, which is an exercise in futility and frustration, and I don't see it getting any better any time soon.

            Steven R

            1. Anonymous Coward
              Anonymous Coward

              Re: Why are you even diagnosing this lappy?

              Doing Linux Sysadmin is complex as hell for someone who has been a Windows chap most of his professionial career (although I've been using Linux at home for some eight years now) but it's still not as blindly frustrating as trying to rebuild a Win 8.1 laptop with no recovery media, which is an exercise in futility and frustration, and I don't see it getting any better any time soon.

              I think the point is: Microsoft + OEMs don't want you to rebuild, they just want you to use then throw away.

              This might be made easier if the pre-shipped image was fit for purpose in the first place, but even then, I do not consider a >AU$500 laptop "disposable" and thus have a reasonable expectation to be able to re-load it as I see fit.

        3. ben_myers

          Re: Why are you even diagnosing this lappy?

          PhillipJ, Wait a minute! Brand-name Windows 7 systems ship with a genuine Microsoft sticker that has a product key on it. Yes, you can reinstall a clean version of Windows 7 from scratch and activate it with said product key.

          I have yet to see a brand-name system with a Windows 8(!) sticker (and product key) affixed to it, so how on earth can your average person reinstall a CLEAN OEM version of Windows 8 on such a system? All you normally get with a brand-name Win 8 system is a system recovery partition, which reinstalls the software back to original factory condition including all the SuperFish or Pokki or whatever other bloatware was installed at the factory.

    2. TeeCee Gold badge
      Facepalm

      Re: Why are you even diagnosing this lappy?

      Yup, that was my immediate reaction.

      I always wipe and do a clean install for home machines. Not doing it as a matter of course for anything to be connected to a corporate network......well......words fail me.

    3. David Austin

      Re: Why are you even diagnosing this lappy?

      Depends on the size of the shop.

      Enterprise will obviously do this (Or should do)

      SMB don't always have competent IT staff on the payroll, so doing a clean build costs them Time and Money.

      Assuming that Pokki, like Superfish, was only shipped on Home use Lenovo's (IE: Not the business ThinkPads), then that adds weight to this being a smaller, ad-hoc shop - I Wouldn't be surprised if El Reg's source was a jack-of-all-trades office manager, who happens to know enough about IT to handle the client side, with contractors doing the server side.

      And again, if they are a big shop, why are they buying Yoga/Inspiron/Pavillion laptops instead of ThinkPad/Latitude/Probook systems?

      1. Steven Raith

        Re: Why are you even diagnosing this lappy?

        David Austin is correct.

        I've been that guy, and I can assure you not having a sysprepped image wasn't due to lack of comptetence - I've got thousands of machines rolled out under my belt, including WDS network builds with automatic application installs before the first login etc, IE The Way It's Meant To Be Done, but most SMBs want some control over what hardware they have - so unless you want to have one guy making images for every single Lenovo, Acer, Fujitsu etc that their customer is likely to buy - normally in quantities of less than half a dozen at a time, normally several years apart, then you just aren't going to be able to justify the time in image building.

        And if you, as a supplier, only stock one kind of laptop/desktop to facilitate image building and make the economics work, then

        A: You're going to need to buy 100+ at a time - something beyond the reach of most small IT shops

        B: If you screw up the spec even slightly - wrong chassis size, no serial ports, needs four RAM slots not two, needs chassis expansion, must be ultrabook class, needs to be 15", not 13" etc - the one time someone comes who needs that bit of spec or form factor you missed, you lose a sale. Screw up the provisioning badly (for any reason - wrong spec, or local economy changes - IE you buy lots of laptops and suddently everyone wants tablets/ultrabooks/whatever) you might not be able to shift them at all and they end up as dead stock...company goes under due to £15-20k of unsellable kit.

        There's more to this than competence - at the non-enterprise scale, things become....more fluid.

        As a rule, if you have less than 20 systems going in at a time, justifying the expense of building an image (properly) to a customer can be hard - especially when they can just order 20 machines off Amazon and only ask you to install them, etc.

        Steven R

    4. ps2os2

      Re: Why are you even diagnosing this lappy?

      Not only would I be getting these two apps off of any new system, I would be more concerned about the firmware (spyware) that does all sort of nasty things.

    5. NeilMc

      Re: Why are you even diagnosing this lappy?

      maybe your a big outfit with such resources and the original complainant is a mom and pop shop operator.....

      either way horses for courses

  2. Anonymous Coward
    Anonymous Coward

    "Installing from scratch now"

    You mean you don't do this already, for my home computers/servers I start from scratch!

    1. Lars Silver badge
      Linux

      ""Installing from scratch now"" I do so too.

      1. Anonymous Coward
        Anonymous Coward

        Installing from scratch now

        ... I've just had this idea for the name of a new linux distribution ... "FromScratch" :-)

        1. Flocke Kroes Silver badge

          Re: Installing from scratch now

          That distro has been around since 1999.

  3. Flatpackhamster

    Not just laptops.

    I've seen it on Lenovo desktops too. I thought it was weird when a brand new desktop straight out of the box came with malware on it since I've been spotting Pokki in the wild on badly infected machines for a few years now.

    1. foxyshadis

      Re: Not just laptops.

      It's a symptom of people hating the Win8 start screen, not of malware. It makes sense that people who'll download and install anything would download it, but a lot of people get it because it's one of the most complete (and heavily advertised) free alternatives. I'm not a fan of it, but at least it's mostly just a mild adware that pushes its own app store ecosystem when you use it, it's not full of popups and trojans.

  4. Lord Lien

    Pokki.

    Found its way on to a machine I was looking at a few weeks ago. It was a new machine out of the box, so I was wondering where it came from. Looks like HP have it as part of their default build/install.

  5. ForthIsNotDead

    Blank box

    Shame we can't buy laptops that have no OS at all installed on them...

    1. Anonymous Coward
      Anonymous Coward

      Re: Blank box

      I too wish we could but then how would microsoft guarantee that its software gets installed and where do you get the necessary drivers for any other operating system from?

      1. nematoad Silver badge
        Linux

        Re: Blank box

        "...where do you get the necessary drivers for any other operating system from?"

        I can't speak about your first point regarding whether or not MS can guarantee its software, but you can get OSs with drivers built in. Linux for one. I can say that as I use it exclusively but AFAIK the BSDs also have drivers built-in.

        So, with Linux and the BSDs you have pretty much covered all areas of computing from HPC right through to embedded systems, desktops, servers and stuff like the Raspberry Pi.

        Having to scratch around for drivers for your OS can be avoided if you are open to alternatives to Windows..

    2. Flocke Kroes Silver badge

      Re: Blank box

      If you search hard enough, you can find computers with no OS installed. They usually cost more than the same hardware with Windows. Years ago, that was because you were still paying the Microsoft tax even though the software was not installed. These days, crapware can more than pay for the minimum Windows license.

      I used to be annoyed by the lack of crapware available for Linux. Now all the crapware in the world cannot bring the price of a new Intel box down to the price of an ARM sufficient to replace a dead desktop.

      Superfish's biggest achievement is to educate some noobies about the value of a clean install.

      1. Francis Vaughan

        Re: Blank box

        "These days, crapware can more than pay for the minimum Windows license."

        Hold it right there.

        There is a fundamentally unethical problem right here. Microsoft has created a system whereby they are allowing crapware to essentially pay them. Cost neutral to the manufacturer to install Windows - so long as MS continues to allow them to install the crud. Thus the windows tax is now being paid, not in dollars, but in punters being sold systems riddled with bloatware and potentially worse. And no-one sees a problem here?

        Seems there is a market for a simple cheap product that any punter can use to wipe and reinstall. Perhaps a read only USB stick that you insert, boot from, all it does is ask you to type in your code, and away it goes. Or perhaps all the local friendly corner computer shops should start promoting reinstall as as it as a service as well as a really good idea.

        1. Don Dumb
          Terminator

          Re: Blank box

          @Francis Vaughan - "Or perhaps all the local friendly corner computer shops should start promoting reinstall as as it as a service as well as a really good idea."

          But then it begins to depend on how much you trust the local shop doesn't it?

          This could easily extend the adware market. All adware makers have to do is to pay the local shop to include the adware software (or worse) in the 'clean reinstall'.

        2. Dan Paul

          Re: Blank box

          Would you please try to understand this once and for all, that Microsoft DOES NOT provide this 3rd party crap like POKKI or Superfish and that it does not take money from 3rd party crapware companies nor does it install anything, only your laptop vendor does this.

          MS has no power legally to prevent the Laptop/Destop vendor from doing what it wants with their computer.

          THE CRAPWARE IS COMING FROM THE LAPTOP VENDOR! BLAME THEM!

          1. druck Silver badge

            Re: Blank box

            Microsoft is more than capable of mandating exactly what is allowed to be shipped on a new PC, look at Windows 8.1 for Bing. If they wanted to stop this, they could, but they don't.

        3. Dr. Ellen

          Re: Blank box

          It's called PC Decrapifier. Get it at http://www.pcdecrapifier.com/ -- there's a free version, and a Pro version you have to pay for.

    3. GregC

      Re: Blank box

      Shame we can't buy laptops that have no OS at all installed on them...

      Except we can. Shop around.

      1. Anonymous Coward
        Anonymous Coward

        @GregC - Re: Blank box

        You mean a Dell or HP with decent specs ? Where did you spot it ?

        1. GregC

          Re: @GregC - Blank box

          No, not a Dell or HP (that wasn't specified in original comment, btw) - the company I was thinking of is PC Specialist, who on most of their products offer a No OS option. As that's the second time I've mentioned them on here in a few days I'll leave it at that lest I get accused of being a shill for them...

    4. Archaon

      Re: Blank box

      You'll generally find manufacturers won't do it because - for all intents and purposes - it's not a complete product. It's not worth the hassle when average Joe (or the average 'genius' that works in purchasing) buys it because it's £50 cheaper than one that's the same and it doesn't work.

      You can get machines shipped with things like FreeDOS but they'll often be custom built jobbies.

      1. Anonymous Coward
        Anonymous Coward

        @Archaon - Re: Blank box

        And it surely has nothing to do with Microsoft revoking generous discounts for Windows licenses if they happen to know about it. Even those with FreeDOS count as a Windows license. Let's not be silly, shall we?

  6. Anonymous Blowhard

    The problem starts with punters and prices

    As the article points out, margins in this game are very low, and anything that can add a few quid profit to the manufacturers is being embraced like a saviour.

    But this is the fault of the market, punters look at the spec and say "model X from company A is the same as, but a bit cheaper than, model Y from company B"; nowhere in the list of features does model X say "Includes crap adware that fucks up security" so buyers just pay their money and take their (uninformed) choice.

    It's very hard to charge more for something that appears to have "less" in it; so the market needs to be fixed to give hardware manufacturers the chance to make some money on hardware rather than having to pimp their customers' data for a few shekels; how to fix it will be very controversial: do you ban certain types of software, can you force a "data security" warning on certain software like the warnings on cigarettes?

    Lots of posts have mentioned being able to do a "clean" install, but this requires skills or money, so buyers may as well opt for a more expensive "business" PC that comes without any adware.

    Maybe the answer is to lose a few players in the PC hardware game, or at least the market for personal rather than business machines, so margins aren't so tight.

    In the end, it's all about what people are prepared to pay for a PC and the battle for the cheap end of the market.

    1. This post has been deleted by its author

    2. John H Woods

      Re: The problem starts with punters and prices

      "how to fix it will be very controversial: do you ban certain types of software, can you force a "data security" warning on certain software like the warnings on cigarettes?" -- Anonymous Blowhard

      Not sure it will be that controversial; as I'm pretty sure that *certain* types of software are already doing something that is pretty much illegal. This is *exactly* what consumer protection legislation is for: you are assured a minimum standard of electrical safety when you buy your laptop and you should similarly be assured of a minimum standard of cybersecurity.

      I wonder if you could actually use the UK Sale of Goods Act to claim that such a computer was not 'fit for purpose' given that the purposes the customer reasonably expected included being able to make secure online transactions?

    3. Andrew Commons

      You can always try YumCha

      I recently roughed out the spec of a workstation - cabinet (it had to fit in a particular location), mother board, cpu (fast i7), memory (32GB) , 3 NICs, ssds and spinning rust, O/S - priced the parts through retail channels and sent out requests for quotes for the built box based on the partial parts list. I ended up with a built and tested box that met my requirements for a price that matched my estimates for the parts alone and it came with a warranty.

      The result was cheaper than something equivalent from the major vendors and had no unwanted additions.

      This was not cheap end of the market specifications so may not be something tat can be replicated in that space but it is working really well and I'm left wondering why I hadn't tried this before.

      1. dogged

        Re: You can always try YumCha

        what does chinese tea have to do with this?

        If we're talking about a supplier/builder, please advise who (TF) YumCha are because Google doesn't know, beyond some silk importers and tea shops.

        1. John H Woods

          Re: You can always try YumCha

          I think he's getting his Dimms and Simms confused with his Dims and Sims.

        2. foxyshadis

          Re: You can always try YumCha

          Try checking out DansData. YumCha is his word for no-name Chinese knockoffs and generics, in fact apparently a common phrase down under, and there's lots of great info on computers and electronics to be found (particularly if you find yourself anywhere near Australia).

          http://www.dansdata.com/danletters040.htm

          1. Cpt Blue Bear

            Re: You can always try YumCha

            "Try checking out DansData. YumCha is his word for no-name Chinese knockoffs and generics, in fact apparently a common phrase down under"

            I haven't heard the term Yum Cha in years and even then only in Melbourne. The correct Ozism for "I can't remember the brand, you've never heard of them and they'll be long gone in six months anyway" is Kung Pow. While its definitely a derogatory term, it in no way dismisses the item. It may be cheap, it may be nasty and it may work very, very well.

            And thanks for the link to Dans Data.

            1. Solmyr ibn Wali Barad

              Re: You can always try YumCha

              "The correct Ozism for "I can't remember the brand, you've never heard of them and they'll be long gone in six months anyway" is Kung Pow."

              There's another - We Con. Reserved for a very nasty stuff. Dodgy powercords that are labeled as 10 A, but their wires can barely manage 1-2 A. Power supplies that have dozens of components optimised out. Heck, who needs all those capacitors and filters and thermal resistors there.

      2. Anonymous Coward
        Anonymous Coward

        Re: You can always try YumCha

        This is relevant to my interests. Do you have a link? A bit of googling yielded mostly tea and dim sum.

        1. Bloakey1

          Re: You can always try YumCha

          "This is relevant to my interests. Do you have a link? A bit of googling yielded mostly tea and dim sum."

          My local Thai serves dim scum or at least they serve me.

  7. calumg

    Pokki is fine

    I've been running a Lenovo laptop with Pokki for 8 months and I can't say it's ever bothered me. I'm just grateful to have a Start menu instead of the abomination formerly known as Metro.

    Yes I could probably find a better Start menu if I could be bothered.

    1. dogged

      Re: Pokki is fine

      you'd rather have a malware vector than Windows 8.

      Jesus, the lengths some people will go to in order to avoid learning something.

      1. GregC
        Thumb Down

        Re: Pokki is fine

        you'd rather have a malware vector than Windows 8.

        Jesus, the lengths some people will go to in order to avoid learning something.

        I agree with the general thrust of the first part of your comment.

        However the second part is something that really fucking winds me up. I've got a machine with Windows 8.1, and I hate it. It's not about "learning" anything. I know how to do whatever I need to on it. I hate it because it's ugly, inconsistent, and schizophrenic. Oh, and the ribbon.

        1. Flatpackhamster

          Re: Pokki is fine

          A 30 second Google should have brought you (assuming Pokki doesn't redirect your browser searches) to the Classic Shell website. Much nicer than Pokki.

          I still don't like 8.1 on a desktop computer. Small touch screen it's great, but classic shell is (for me) essential on an 8.1 with a big screen or a non-touch one.

      2. Steve Knox

        Re: Pokki is fine

        you'd rather have a malware vector than Windowsthe primary malware vector (version 8).

        FTFY.

      3. shovelDriver

        Re: Pokki is fine

        Classic Shell

        FREEware

        Requirements: Classic Shell works on Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Both 32 and 64-bit versions are supported (the same installer works for both).

        http://www.classicshell.net/

        Classic Start Menu is a clone of the original start menu, which you can find in all versions of Windows from 95 to Vista. It has a variety of advanced features:

        •Drag and drop to let you organize your applications

        •Options to show Favorites, expand Control Panel, etc

        •Shows recently used documents. The number of documents to display is customizable

        •Translated in 35 languages, including Right-to-left support for Arabic and Hebrew

        •Does not disable the original start menu in Windows. You can access it by Shift+Click on the start button

        •Right-click on an item in the menu to delete, rename, sort, or perform other tasks

        •The search box helps you find your programs without getting in the way of your keyboard shortcuts

        •Supports jumplists for easy access to recent documents and common tasks

        •Available for 32 and 64-bit operating systems

        •Has support for skins, including additional 3rd party skins

        •Fully customizable in both looks and functionality

        •Support for Microsoft’s Active Accessibility

        •Converts the “All Programs” button in the Windows menu into a cascading menu (Vista and Windows 7)

        •Implements a customizable Start button (Windows 7 and 8)

        •Can show, search and launch Windows Store apps (Windows 8)

        •And last but not least – it's FREE!

        Pick from 8 default skins, download more from the Internet, or make your own! Check out the Skinning Tutorial

  8. billium

    I've just helped someone with an Acer Win8 laptop, he got at Christmas, it had pokki on it. Malwarebytes removed alot of spyware. He didn't know what pokki was and said he didn't click on it. The desktop was full of pups like Wild Tangent. He has just emailed back saying he is getting ads from Strong Signal ... anybody know that? This was an i3 with 3GB ram and it was slow. I don't know how people have the patience for the monopolist's OS.

    1. dogged

      > I don't know how people have the patience for the monopolist's OS.

      you mean Android?

      Here's a hint, billium. Either they are all monopolists or they all want to be. And here's another hint - there's nothing illegal about a monopoly.

      1. Kubla Cant Silver badge

        there's nothing illegal about a monopoly

        Eh? I don't know where you're posting from @dogged, but most countries have anti-monopoly laws. It may not be the case that all monopolies are illegal, but the majority are.

        1. Solmyr ibn Wali Barad

          "It may not be the case that all monopolies are illegal, but the majority are."

          He was technically correct - having a monopoly is not illegal. Company may end up being a monopoly simply because others decide to leave the market.

          But abusing a monopoly position is illegal. Usually it's a temptation too great to resist, so we don't get to see benign monopolies too often.

        2. dogged

          @Kubla Cant

          I'm in the UK but EU law and US law are fairly agreed on the concept. A "natural" monopoly arises from the market. Everyone got MS DOS and then Windows, nobody got OS/2 because bleh, OEMs bundled Windows because of consumer demand* short of ordering MS to make their product worse or withdraw it from sale, that's how it was.

          The obligatory flawed car analogy is that if everyone buys Hondas and all the other manufacturers go bust or become tiny minority players, hey, good for Honda.

          What is illegal is attempting to leverage an existing monopoly into a horizontal or vertical market. This is what MS was accused of doing with Internet Explorer (the merits of the case remain debatable - Netscape Navigator cost money and was notably inferior and there was never any effort made by MS to monetize their new leading browser market share or prevent users from choosing Navigator or Opera). This is also what Google have been accused of doing with selling subsidiary services by inflating their Search rankings and what Apple somehow failed to be accused of in leveraging their iPod/iTunes monopoly (by market share) into phone handsets and then tablets.

          Leveraging an existing monopoly horizontally is illegal. It's also what's now become known as "ecosystem".

          * wah, wah windows tax wah don't wanna wah linux wah wah wah monopolist wah - there, that saved you some time. Yes OEMs bundled Windows by consumer demand starting with IBM themselves. You might not want it but generally businesses on that scale don't go around doing stuff that pushes their cost per unit price up just to annoy nerds.

          1. Anonymous Coward
            Anonymous Coward

            @dogged - One small detail with your post

            If I ask an OEM to sell me a PC without OS, what are they scared of ? First it is a legitimate consumer demand and second, it's even less trouble for them to pack the PC just before imaging the hard disk. Please don't bother telling that computer is not fully functional, support and other crap like that.

            Take servers for instance, they are almost all being shipped with hard disks purchased separately with no OS and it is the customer who is in charge of that. This is why I have a good laugh everytime I hear about shipments of Windows servers vs Linux. I've never been asked by IBM, HP or Dell about the OS I'm going to install on their hardware, but hey, maybe you know something we don't.

          2. Kubla Cant Silver badge

            Monopolies

            @Dogged: I see your point. The distinction between a monopoly and exploitation of a monopoly didn't occur to me, but your explanation makes it clear.

      2. billium

        Thank you dogged.

        I take your points, just as you would respect Eden's view. Are you trying to re-write history?

    2. Bloakey1

      <snip>

      " he is getting ads from Strong Signal ... anybody know that?"

      <snip>

      It is often bundled with free stuff and is definitely adware / malware.

  9. Busby

    Well I'm pleased the only Lenovo machine I own is an Android tablet which didn't seem to have too much bloat pre installed. Off to research what was bundled though on the off chance that something similar was included.

    Up to now have been singing their praises to all but after recent revelations doubt many people would still be doing the same.

  10. Anonymous Coward
    Anonymous Coward

    Any software that has been made deliberately "tricky to remove" is Malware. Plain and Simple.

    There is NO EXCUSE for foisting malware on your customers.

    1. Rogue Jedi

      Like antiviruses?

      Many of them fit your defination, oftern preinstalled, hard to remove, and some even break stuff when you do uninstall them.

      I am frequently told not to image new laptops destined for Teacher use, despite the facts that I have the image ready, it would be much easier and quicker to image than install the 20 odd pieces of software and remove the bloatware usualy including 30 day trials of Norton, Mcafee or Kaspersky,

      Then of course a few days later most of the Teachers bring them back asking if they could have Windows 7 on the Laptop instead of the preinstalled 8.

  11. auburnman

    I hope this keeps kicking off...

    Let's pray that this issue continues blowing up to the point that the corporates see bundling shiteware as a realistic threat to their market share. Ideally someone with deep pockets would sue Lenovo for aiding interception of communications or somesuch.

    1. Just Enough

      Re: I hope this keeps kicking off...

      Yes. Let's keep this issue rolling. It may seem retroactive, but I want a return to the days where the bloatware/adware/crapware was supplied on separate CD/DVDs with the computer, and you could install them if you were so minded, or more likely sling them in the bin and be done with them.

    2. Doctor Syntax Silver badge

      Re: I hope this keeps kicking off...

      "Let's pray that this issue continues blowing up to the point that the corporates see bundling shiteware as a realistic threat to their market share."

      And also strengthens their backbones when it comes it pressure to install spooks' backdoors.

  12. Lee D Silver badge

    Corporate places; You should have an authorised, clean, verified, image. No excuses. Deploying any kind of machine without the corporate image is a nonsense.

    Technical users: You should know to do a clean install. Your licence is always valid for that. Hell, it's valid to be a VM too, if you read the blurb. And if you can't do a clean install on day one, how do you expect to fix the machine a year down the line when it's out of warranty? Make sure you have the disks, licences, and drivers enough from day one to do a reinstall, while you can still send it back as "faulty" or "not fit for purpose".

    Home users: You get what you're given. If you're given tons of junk, give it to a techy to clean up and cost that into your purchase price. Even your restore disks will be worthless and still have this junk on.

    As someone who's just cleaned a Vista-era Fujitsu of adware etc. that was put on it on day one, and shocked the user by how much faster it now is than it's ever been, I know this stuff has been rife for years and it's only making the news now because of reasons unknown.

    Lenovo are by no means the worst offender (I sit here with a network full of Lenovo machines, but they were all installed by clean image and I didn't do more than boot the first of them offline to see what they'd come with in terms of drivers, etc. - P.S. Lenovo's have a stupid keyboard driver for their stupid Fn-Key keyboards).

    Nowadays, one Windows 7/8 image can be rolled out to a dozen different types of machine and "just work", with the free tools built into Windows Server (no, you don't need SCCM to do PXE boot and WDS) - in a rare instance you might need to build a driver package for its network card to allow it to boot or similar, but I've never needed to do that yet.

    The problem hasn't caused a fuss because it only targets the weak - those who don't know how to clean-install, probably don't know how to check their computer for rogue root certificates, or think the adverts are just part of the machine. That's been the same for years.

    While we're at it, can we stop such places ever bundling any kind of antivirus except as a separate installable package (the Windows one is perfectly adequate until we can get a "real" one on there, i.e. anything that doesn't bring your machine to a grinding halt like McAffee/Norton), all the photo-management junk, the user surveys, the "I'll help you update" wizards, the sidebars and toolbars, the print wizards and all the other tosh that's bundled in.

    My rule to my dad: Give me any new computer first, before you use it. Then whenever something says it needs a driver disk, like a digital camera, plug it in first and see what happens. If you think you need to install ANYTHING to get it working, give me a shout first.

  13. AJ MacLeod

    Sweetlabs?!

    They actually hired Sweetlabs? Bizarre. Who next, BackUpMyPC?

  14. Tezfair

    None of this is a significant issue

    I have been selling Lenovos for years, and I often wondered what the superfish was, and why the cert went to BoA, but I just killed it. I too have seen pokki on W8 machines, and again just uninstalled it. Also removed all of the prebundled stuff that arrives ready to install in peoples homes.

    I WILL continue to use Lenovo as I think its good kit and a good price - even better now as there's plenty of deals on.

    I would rather have a Lenovo than a Dell and whilst superfish is the current topic, bloatware has been on computers for years, christ, even a fresh install of Windows 98 would set malware scanners chiming.

    1. Anonymous Coward
      Anonymous Coward

      Re: None of this is a significant issue

      I wouldn't!

      I think it depends on what channel the PC is purchased through. We're a DELL shop and lease OptiPlex and Latitudes via Premier pages, all installed with Win7 no malware or any other nonsense. We don't deploy boxes in one hit and we're a little bit small to keep a image up to date (we used to but didn't really get too much of a benefit) So we don't reimage we just configure when we deploy which probably takes maybe 30mins per PC to partition the disk add to our domain, applications and updates are then deployed automatically via SCE. But if you buy anything aimed at the home user a inspiron laptop or a dimension PC's you'll see various bits of rubbish that you probably don't want!

  15. auburnman

    Has El Reg tried to get the ICO or the Computer Crime Squad to weigh in with an opinion on this?

  16. Steve Knox
    Holmes

    Difficult to remove?

    C:\Program Files (x86)\Pokki\uninstall.exe

    Wow, that was tough.

    1. Lee D Silver badge

      Re: Difficult to remove?

      Question:

      Do you really trust the "uninstaller" third-party closed-source binary component of a piece of adware to uninstall itself?

      Because if you did with Superfish, you'll realise it left a root-CA in your certificate store. And I've seen lots of malware where the uninstaller either goes out of its way to make things difficult and/or will actively reinfect the machine with the same (or sometimes partnered) malware instead!

      Sorry, but being required to run a program supplied by the same people who wrote the unwanted program to GET RID of the malicious/unwanted program is... to put it bluntly... stupid.

      Even when they are honest and uninstall themselves, they will still mess up. I've had browser toolbars on people's machines that, when uninstalled, will break Chrome or even IE because they don't remove the configuration properly. Because, well, who cares about the uninstall program? As soon as they run it, they are no longer a customer anyway.

  17. Speeednet

    Crapware or bloatware, you say tomato

    PCdecrapifier is a useful piece of kit to get rid of the rubbish pre loaded on computers. I am positive people would rather pay the extra £50 to get a clean machine than have to go through the aggravation of having to spend an hour or more cleaning rubbish from the kit before they can use it. Let's face it, nobody would ever buy or use Norton or McAfee if it wasn't foisted on people in this way.

    1. Hans 1 Silver badge

      Re: Crapware or bloatware, you say tomato

      PCdecrapifier removes crap to put its own on there ... ;-)

  18. awood-something_or_another

    Lenovo = China, you decide.

    Not so hard, huh?

  19. Anonymous Coward
    Anonymous Coward

    not the only lenovo crapware installed

    Lenovo also package a piece of sh*tware called EMC storage manager which (as installed on a new laptop in Jan this year) automatically performs port scanning on everything connected on the same network (wireless or wifi). Not content with just that they also made it so that it hammers devices with enough scans that it is effectively performs a DOS attack

    Got my laptop banned from my uni network, caused factory resets (or at least a reset that meant a loss of settings) on a BT home hub 4 and 5. Spent about a day trying to work out why as i couldn't connect to the internet regardless of whether i was connected by wifi or wired.

    Muppets

  20. Hans 1 Silver badge
    Windows

    The other day I was handed a malware infested windows box, I cleaned it, sent it back ... I was invited over because not 10 days later the machine was in the same state ... in fact, they installed an "app store" ala pokki which installs known safe apps such as vlc, openoffice, patched with malware/adware etc ... when they got their pc back, they installed the crap app store again ... I think I will give them ubuntu next or linux mint.

    The other thing is, even if you google for say winrar or vlc, you never see rarlab.com or videolan.org in the top 5 results, it is always softonic or some other bullsh*t website such as zdnet/downloads.com ... these also "bundle goodies" with their downloads ... even sourceforge does it now ... Windows ? WTF, no thanks!

    You really deserve the tramp icon, now.

  21. Flatpackhamster

    Just had another one.

    Acer desktop from John Lewis came with Pokki preinstalled. Quality nice!

  22. conscience
    FAIL

    I was just looking to buy a laptop...

    ... so it's a good job I know how to wipe a hard drive by the sounds of it!

    In any case I have gone right off the idea of a Lenovo laptop due to all this malware. Trouble is, I had my heart set on an Kaveri laptop so the choice of vendors is a bit limited if we're ruling them out for cr*pware as from what I read HP and Dell are no different.

  23. Deadly Headshot

    Microsoft don't like Pokki

    Microsoft don't seem to like Pokki. This morning, Windows Defender took hold of my PC and deleted it. Windows is refusing to allow me to reinstall it. I liked Pokki as it made using my computer much simpler, but even more so I despise Microsoft trying to force me to only use their products. They're trying to win back the crown of "Most Evil Corporation" from Apple and I don't appreciate it. I'd use Linux, but everything I need is on Windows and DOS...

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft don't like Pokki

      What do you have that's on DOS which is capable of running on a modern Windows NT DOS box?

      One of our people here uses an application called Persona for recruitment purposes. Being a DOS application, we found running it in a VM was the best strategy, and at the moment, the Win32 port of QEMU is doing a fine job.

      Only fly in the ointment is the need to direct LPT1 to a file, since it seems none of the VM solutions (VMWare Player, VirtualBox or QEMU) are capable of emulating a virtual printer, but the user in question is used to this, and knows how to get the print-out up in Notepad to actually get printed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019