back to article Lenov-lol, a load of Tosh, and what the Dell? More bad holes found in PC makers' bloatware

Lenovo laptops and PCs can be hijacked by visiting a malicious website – and Dell and Toshiba machines suffer vulnerabilities, too, we're told. If you're running the Lenovo Solution Center bundled with Lenovo gear, and you browse by an evil webpage, scripts on that page can run code with full system privileges on your computer …

  1. Florida1920 Silver badge
    Big Brother

    Zheng Xiaoyu

    Was executed in 2007 for corruption and "possibly tainted products." A jackable laptop is a "tainted product" IMO. If I were a Lenovo exec I'd be working on an escape plan. Maybe go to work for Adobe?

    1. macjules Silver badge

      Re: Zheng Xiaoyu

      Yeah, all that experience of bungled software updates - just cries out for someone to be assigned to the Flashplayer team.

  2. Androgynous Cowherd

    New machine?

    First job, wipe and rebuild, always.

    1. Voyna i Mor Silver badge

      New machine?

      Wipe and rebuild may mean that some of the things you paid for don't work any more. And most ordinary users won't have the (extra, paid for) copy of the OS just hanging about.

      The EU needs to get onto this. To me it seems it ought to fall under product liability. If this sort of thing worked like cars and necessitated a recall at manufacturer expense, I wonder how long it would last?

      1. Pompous Git Silver badge

        Re: New machine?

        Wipe and rebuild may mean that some of the things you paid for don't work any more. And most ordinary users won't have the (extra, paid for) copy of the OS just hanging about.

        While what you write is true, if you don't need any of those "things you paid for" then you can always install an alternative OS. My ASUS Zenbook does everything I need with Linux Mint. Including, much to my delight during a hospital stay last week, running Civ V. Civ V on the same machine running Win7 was unacceptably slow.

        Don't tell MS, but I used DAZ Windows installer to use the PK for the Zenbook Win7 to create a Win7 VM on my desktop machine. I didn't need to since I now have other redundant Win7 licences, but I was curious as to whether this would work.

        1. DainB Bronze badge

          Re: New machine?

          Some people (wast majority actually) prefer to use OS that can be used out of box without any crutches or reading gazillion pages of forums with pointless suggestions to install some other software, edit some obscure option in configuration file and install some other software or install different OS when they simply want play their DVD.

          1. Stoneshop Silver badge
            Linux

            Re: New machine?

            Some people (wast majority actually) prefer to use OS that can be used out of box without any crutches

            At first I thought you were a Windoze fanboi, but clearly I was mistaken as you're actually endorsing Linux.

          2. 080

            Re: New machine?

            "Some people (wast majority actually) prefer to use OS that can be used out of box without any crutches or reading gazillion pages of forums"

            Yep that's why you should install Mint 17.2 with built in VLC

          3. DanceMan

            Re: @ DainB New machine?

            More like spend half a day doing Win Updates with multiple downloads, intalls, and restarts. Then more time spent going through updates to locate and remove the spyware.

        2. captain veg

          Re: New machine? - install an alternative OS

          This is precisely what I do without fail. It has always worked brilliantly, even on an unbranded Chinese supermarket-special laptop, until last month when I picked up a new-but-ex-display HP Envy 15 for a good price. The bluddy thing refuses to play with any distribution that I've tried so far. Some freeze during installation (various 'buntus), some apparently install OK but then won't boot from the hard drive (Mint), some appear to install and boot OK, but updating the system and/or installing packages borks them (oenSUSE, Debian).

          On the off chance that someone out there might have some clue to share with me, it is the ah000na model. I have updated the BIOS, disabled secureboot and enabled legacy booting.

          -A.

      2. Palpy

        Re: New machine? -- because untrust.

        "Some of the things you paid for won't work" is one way to look at it. Another way is, "Some of the things the vendor snuck in to take advantage of you won't work for them" is another way to look at it.

        Actually, like many on the board, I'm pretty out of touch. I haven't used a stock Windows install since about 2007.

      3. Androgynous Cowherd

        Re: New machine?

        The bloat I've 'paid' for I can quite happily live without.

      4. Mark Allen

        Re: New machine?

        Wipe and rebuild may mean that some of the things you paid for don't work any more. And most ordinary users won't have the (extra, paid for) copy of the OS just hanging about.

        What is going to be missing? Some cruddy half working bloatware. It is this kind of cr*p that is making a mess of the Windows OS experience.

        Clean install, add a few bits of decent freeware from Ninite and you're up and running.

        What annoys me the most is how badly written the Manufacturer tools are. These security issues don't surprise me. Too many of these computer makers pile heaps of dubious software onto all their computers. This then makes their lower end laptops run like sludge and drains all the life out of the better machines.

        1. x 7

          Re: New machine?

          "What is going to be missing?"

          well, on a laptop....depending on the machine, power settings, screen brightness settings, on/off controls for wifi/bluetooth, volume settings, display output options................

          1. LDS Silver badge

            Re: New machine?

            Actually, you can usually download all that stuff from the support sites (at least from Dell, never owned a Lenovo PC) - just you need to know what you need, download and install.

            As usual, "computer skilled" people may have no issues, but many people would have - especially when you need to know what's the right driver/utility to download. Some models may have different chipsets for networking, different cams, different touchpads, and even different disks - depending on what configuration you choose. While Windows itself can probably found some drivers (as long as you at least installed drivers for one network card...), some utilities may be only available from the OEM.

            1. Stoneshop Silver badge

              Re: New machine?

              especially when you need to know what's the right driver/utility to download.

              IBM used to have a very detailed breakdown of what drivers you needed for what Thinkpad model (the NNNN-XXX designation, not just the series designation) for every model roughly from the mid-Pleistocene onwards. It did carry over to Lenovo, but the last time I looked the site had been redesigned, and simply searching for the model number didn't work like it used to. As I had the relevant drivers on a stick already I didn't bother to rummage through the Lenovo site, just trying the bunch on the stick one by one.

          2. Stoneshop Silver badge
            Linux

            Re: New machine?

            Okay, this is not a brand new machine (Thinkpad X201), but under OpenSuSE 13.2: power settings [x], screen brightness settings [x], on/off controls for wifi/bluetooth [x], volume settings [x], display output options [x] all work. Same with Mint 17.2

            And on my previous machine, an X61, with OpenSuSE (I think it was 11.3 back then) everything worked right away, including the shedload of devices that XP needed to have drivers loaded for separately. Rather annoying because both wired and wireless networking were among them, but an aging PCMCIA card took care of that hurdle.

            1. DainB Bronze badge

              Re: New machine?

              In 2015 someone actually thinks it is worth to mention that screen brightness and wifi working fine on their laptop. Wow. Somehow you don't hear that from anyone using windows for last...well, ever.

              Says enough about quality of Linux desktop, isn't it ?

              1. Stoneshop Silver badge
                FAIL

                Re: New machine?

                In 2015 someone actually thinks it is worth to mention that screen brightness and wifi working fine on their laptop.

                It was actually the person I replied who suggested those things might not work after installation of another OS. But you clearly need Clippy to help you with your reading comprehension, and you're out of your depth now he's gone.

              2. Fihart

                Re: New machine?

                Linux is almost there. Using Peppermint (Ubuntu derivative) popped in a Netgear USB wireless dongle and it just worked. Windows usually needs a driver from CD or website.

                Not always this smooth, but a contrast with earlier Linux experiences where usually sound or video issues -- solvable only by donning that propeller cap.

                Remaining problems -- Linux applications not as user friendly as popular Windows equivalents.

                1. Pompous Git Silver badge

                  Re: New machine?

                  Remaining problems -- Linux applications not as user friendly as popular Windows equivalents.

                  So carry on using the applications you are used to. If they don't work under Wine (and most do) then run them in a VM, or dual boot.

                2. a_yank_lurker Silver badge

                  Re: New machine?

                  @Fihart - Linux applications are a mixed bag of excellent to horrible but so are Winbloat applications. Often users do not spend enough time to learn the Linux application to see if it as good or even better than the Winbloat application it is replacing. Often, just the layout of the GUI is enough for many not to look any further.

                  What most people complain about is either a very specific missing feature on the nearest Linux equivalent, their favorite Winbloat application is not ported (not whether there is Linux equivalent), or the Linux equivalent is unfamiliar even though it has all the features desired. IMHO, specific missing features is only one that is often valid. The other two reflect the user's laziness or incompetence in most cases.

              3. dajames Silver badge
                Facepalm

                Re: New machine?

                Says enough about quality of Linux desktop, isn't it ?

                You seem to have missed the point.

                "Stomeshop" said that controls for power, brightness, WiFi, etc were working under Linux. Not because that is at all remarkable in itself but because "x 7", further up the thread had pointed out that these things can be difficult to get working if you perform a clean reinstall of Windows, because it can be hard to identify and obtain the correct drivers for OEM hardware.

                It is actually pretty remarkable that Linux usually gets all the hardware working straight out of the box with no support or assistance from the manufacturer ... and this makes it doubly tragic that it can be so hard to correctly reinstall the manufacturer-supplied OS.

                Do try and keep up at the back, rather than taking cheap shots at posts you haven't properly understood.

            2. Anonymous Coward
              Anonymous Coward

              Re: New machine?

              "Okay, this is not a brand new machine (Thinkpad X201), but under OpenSuSE 13.2 [...]"

              Same here with a Lenovo X1 Carbon. It's a fantastic laptop which runs anything I throw at it just fine. Came with Windows 7 pro and was wiped almost immediately. Since then I've run Fedora, OpenSuSE, Mint and FreeBSD on it without any issues whatsoever.

              Power saving and suspend/resume actually work a lot better than on Windows. You close the lid and it's in sleep within a second. You open the lid, and you're ready to go and connected within about 2-3 seconds.

              Also overall battery life time is fantastic. 8+ hours under OpenSuSE 13.2 (Gnome edition) for normal office/email/browsing stuff.

              Thankfully Windows OEM bloatware isn't anything new (though the gaping security holes become more frequent recently). Hence, I have kind of been conditioned to get rid of anything pre-installed a long time ago, so it isn't something I worry or get upset about much any more.

              All that said, for products which are targetted at an average consumer market, all those security/bloatware issues are unacceptable. Average Jane and Average Joe do want Windows and can't be bothered (or aren't experienced enough) to replace it with vanilla Windows and gather all the drivers they need.

              So the bottom line: Hardware may be fantastic, but the included pre-installed software with all its issues is un-fucking-acceptable. Problem with making that a reglatory issue (like others have suggested here) is that it will increase prices. Fire-and-forget machines are of course cheaper than accommodating recall logistics for potentially millions of devices at the same time.

            3. MacroRodent Silver badge
              Linux

              Re: New machine?

              > Okay, this is not a brand new machine (Thinkpad X201),

              That's the problem. Nice laptoppy things work on Linux eventually, but not on brand-new models, because it takes time for "someone" to reverse-engineer how to do the them for some particular models. This is where EU regulation is badly needed: HW manufacturers should be required to publish full technical details on the launch day of new hardware (at the latest), so open-source operating systems could fully support them.

              Of course manufacturers will cite any number of reasons to oppose this (proprietary IP, trade secrets, would reduce security, yadda yadda...), but I am pretty sure the real reasons are laziness (making useful docs costs some), and planned obsolescence: if the hardware can be supported by open drivers, it cannot be obsoleted by withdrawing official support (usually in connection with some Windows update). Junkyards are full of scanners, web cameras, and printers that would otherwise work perfectly, but only with Windows XP...

        2. Pompous Git Silver badge

          Re: New machine?

          What is going to be missing? Some cruddy half working bloatware. It is this kind of cr*p that is making a mess of the Windows OS experience.

          Ain't that the truth? The predecessor to my Zenbook was an HP Netbook. While the Zenbook was mercifully free of crapware, the HP Netbook was loaded with it and almost none of it was usable. The HP crapware was written for a screen resolution somewhat higher than the resolution of the device. Hence action buttons and so forth were unclickable. This might also be related to regular freezes I experienced with the machine that necessitated removing the battery to restart.

      5. regadpellagru

        Re: New machine?

        "The EU needs to get onto this. "

        The EU is not even able to tell its ars from its elbrow, mate ! How could they even see anything wrong, here before the cows come home ???

        They never sent anyone fighting against terrorism, until, what, 2 days ago ? Only the french and the american went to Mali !

        1. Voyna i Mor Silver badge

          Re: New machine?

          "They never sent anyone fighting against terrorism, until, what, 2 days ago ? Only the french and the american went to Mali !"

          Yes, but exactly how does that relate to product legislation? It isn't the same people, you know. "Well, today I managed to mandate universal phone chargers and on the way home I stopped off to bomb Libya".

        2. LDS Silver badge

          Re: New machine?

          Actually, when it comes to customers protection it's the USA that are lagging far behind.

        3. Uffish
          Headmaster

          Re:"the American"

          Who was the American that went to Mali?

          1. Pompous Git Silver badge
            Joke

            Re: the American"

            Who was the American that went to Mali?

            I think some of the $10 million given to Mali by the Australian government may have been used to bribe him.

          2. 080

            Re: the American"

            Who was the American that went to Mali?

            Big Mac

      6. xybyrgy

        Re: New machine?

        Ideal application for new consumer protection laws - make Illogical, immoral EULAs illegal!

      7. jason 7

        Re: New machine?

        Actually if you are running 8 and higher you can download bloatware free ISOs directly from MS that install perfectly on OEM machines.

        Made rebuilding clean machines a lot easier this past couple of years.

    2. Primus Secundus Tertius Silver badge

      @AC

      Not so easy when Lenovo have done something to the disk hardware so that the MSFT install DVD for Windows 7 does not recognise the disk.

      1. Stoneshop Silver badge
        Flame

        Not so easy when Lenovo have done something to the disk hardware so that the MSFT install DVD for Windows 7 does not recognise the disk.

        Could be the SATA controller mode setting, AHCI versus compatibility mode or something like that. I recall it being a bugger to change back after installation

        1. Solmyr ibn Wali Barad

          "Could be the SATA controller mode setting, AHCI versus compatibility mode"

          Yes, that's definitely the thing. Win7 installer doesn't have much to offer in the department of AHCI drivers. Especially for mobile southbridges like ICH9M.

          It's of course possible to find correct AHCI driver and load it during install. But who bothers to do that. We're the IT crowd, for Pete's sake, we don't do such things. It'll be much easier to wail on the forums about the horrendous onslaught of non-standard disk controllers, even if AHCI controllers have been prevalent since 2005 or so.

          That said, AHCI driver model leaves a lot to be desired, it's a bloody fakeraid with all the niceties to go with it. But that's a rant for another day.

      2. PNGuinn
        WTF?

        "DVD for Windows 7 does not recognise the disk"

        The important question is: "Does the machine recognise a Debian install DVD?" Or Mint or...

    3. regadpellagru

      malware as a business model

      "New machine?

      First job, wipe and rebuild, always."

      Sure thing, but that may not be enough in Lenovo World, see this: http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

      More to come, from other OEMs ... Get your popcorn bowl ...

      Lesson of all of this, is this: Microsoft has withdrawn control of Windows to OEM, so that they all can get money off their customer via malware and probably next, ransomware.

      This is the result of, quoting an El Reg hack, "a cut-throat business model", as the laptop PC business has become, where you can't do more than 10E margin via usual means and have to resort to "other" means ...

      The Windows eco-system has simply become a toxic dreag-dealer business model, both directly (Windows embedded (and more to come) distributing security updates only to paying customers), and indirectly (allowing OEMs to simply install, propagate and sponsor malware, even to the cost of the whole https stack security).

      The number of incidents, for the last 6 months, is testament to this. MS is culprit of letting this happen, otherwise they'd taken strong measures ... They know what money hunger can lead people to do, they just let it happen.

      End of the line: Windows is now doomed as a trusted platform. Get out of it people !

    4. Big-nosed Pengie

      Procedure for my new Lenovo:

      Take out of box;

      plug in;

      insert USB with Linux image;

      press secret Novo button with paperclip;

      disable UEFI;

      reboot;

      format HDD;

      install Linux.

      Problem solved.

    5. Darryl

      PC Decrapifier to the rescue.

  3. This post has been deleted by its author

  4. channel extended

    New Machines

    I always buy a spare HD when I get a new machine. Slip out the MS corrupted HD, instal the spare and a new distro and I'm good. I don't buy the latest bling - so hardware is rarely an issue.

    Face it. The days of a MS product 'just works' without spying on you are long gone.

    1. Mr Dogshit

      "the MS corrupted HD"

      Ha ha ha ha ha

      ha ha ha

      Mooncalf

  5. Anonymous Coward
    Anonymous Coward

    Buy a mac

    Is all.

    1. Steve Davies 3 Silver badge

      Re: Buy a mac

      And expose yourself to a whole different set of problems.

      At least you can decide to ignore updates with OSX, just like Windows 7.

      And.... you can download a copy of the OS and create installation media which, I something that seems to be a diminishing feature in the windows world.

      And no license keys!!!! and phone home authentication.

      But...

      1) Mac's are horrendiously expensive (Apparently)

      2) Apple is doomed

      So you decide...

      1. Voyna i Mor Silver badge

        Re: Buy a mac -2) Apple is doomed

        I certainly don't think Apple is doomed. I just won't buy glueware, but that's me.

      2. Stoneshop Silver badge
        Coat

        Re: Buy a mac

        And expose yourself to a whole different set of problems.

        At least it'll keep you dry in the rain.

        1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Buy a mac

      The man from Del Monte says yes.

      When I go on one of my occasional porn blitzes, I always use the MacBook. Private mode: no history for wifey to find. Encrypted filing system, just in case there's some dispute about the age of an actress.

      Just watch those naughty websites doing their damndest to install malware executables: straight into the trash. It's bullet proof. The best attack I've seen mounted is locking up the browser with a (false) warning that the system has been corrupted, and I should call some number in the US. Now, I admit, that's gonna catch some people who don't know how to force quit a process. But apart from that, no geekiness required.

      New printer detected: Do you a) accept the offer to download an Apple driver or b) download and install a utility set that's larger than a Win 95 installation and cheerfully directs you to the manufacturer store to buy cartridges from time to time, when it's not running an update service in the background.

      Yeah, my choice of computer is a really hard one.

  6. Camilla Smythe Silver badge

    Do they...

    Still provide funky Driver GUI Interfaces in MCGA Mode where all the bits are arranged around some sort of Scorpion with obtuse buttons and power/speedo meters dangling off various appendages in lurid colours? I, for one, would not feel in control if they did not.

  7. cantankerous swineherd Silver badge

    wheels falling off the internet clown car.

  8. a_yank_lurker Silver badge

    Build your own or White Box

    There are two options available: build you own or buy a white box. With both you largely will avoid crapware foisted on you by Dell, et. al. Also, one has more control of what hardware is used.

    1. Pompous Git Silver badge

      Re: Build your own or White Box

      And a choice of Win, OSX and any number of *nix variants to install. What's not to like? :-)

    2. Richard 12 Silver badge

      Re: Build your own or White Box

      Last time I bought from a smaller custom-build place.

      It came with exactly what I'd asked for, and the only thing they did to the Win7 install was to add their logo, name, address and phone number to the About screen.

      That is as it should be.

      I will never understand why any OEM adds so much of their own crapware. At least they got paid to install 3rd party crap, but stuff they wrote/rebranded themselves?

      1. a_yank_lurker Silver badge

        Re: Build your own or White Box

        The OEMs are probably getting either a fee to install it or a cut of any sale from the bloatware aka malware.

  9. Anonymous Coward
    Anonymous Coward

    Toshiba Service Station won't do any of the things it's *supposed* to do, so I'm glad someone actually found a use for it.

  10. Adze

    A solution, providing you have or can quickly implement a login script.

    Add the following snippet to the script where it will be run for all users:

    [code]

    REM Remove all Lenovo Software Products

    wmic product where "vendor like '%lenovo%'" call uninstall /nointeraction

    [/code]

    Or if you're loath to be without SHAREit etc. but still want rid of the 'Solution' center, use the following:

    [code]

    REM Remove Lenovo Solution Center (sic)

    wmic product where "name like '%lenovo solution center%'" call uninstall /nointeration

    [/code]

  11. Christopher Lane
    Alert

    Person in the street...

    The other thing to be noted here is our "Geek Status" (I generalise but you know what I mean).

    I 100% agree with previous comments about wiping the machine and rebuilding. However Joe/Josephine Public go to Dell's site to download these "driver thingies" after wiping their machine and are presented with "Enter a Service Tag" or...hang...this looks easier..."Auto-detect your product". This promptly downloads the Dell System Detect and they (thinking they have done the right thing) open the machine up again to all and sundry. Substitute Dell with another manufacturer of your choosing, I happen to work with Dells at my place.

    As "Geeks" we know this about kind of thing but poor ol' Joe/Josephine believe they've done the right thing. The true question here is where is the boundary between user education (they should know this stuff) and Corporate responsibility (THE MAN shouldn't do this stuff).

  12. chivo243 Silver badge
    Trollface

    Bring me your

    cold, tired and hungry, but not your bloated...

    There, that's my patriotic joke for the year...

  13. ecofeco Silver badge

    In each case it's the makers' bloatware

    In each case it's the makers' bloatware. I am NOT surprised.

    Amazing that the culture is the same. Or not.

  14. W. Anderson

    Will there ever be a reasonably secure Windows computer?

    The really sad part about this security dilemma for consumers and business alike, is that the vulnerable 'bloatware' is being distributed through the manufacturers themselves, making it child's play for crackers to exploit all these machines.

    Combine this blunder with standard broken security in Windows, including Windows 10 and the situation will be like NASA saying "Houston, We have a serious problem".

    I also notice that every comment indicating alternative use of Linux brings several 'thumbs down' votes. Interesting how the simple-minded Microsofties on this form never address the 'real' problem of Windows' cronic vulnerabilities, including even through 3rd party (manufacturer) bloatware, but are quick to register negative votes on a Linux (substantially more secure and robust) OS alternative solution.

    A naive, sick group, to say the least.

  15. Whistlerspa

    HP propriety software

    Same issue with this manufacturers software IMHO. Seems to work contrary to all other software. Wanted endless firmware updates also. Got rid of the lot with an OS clean install.

  16. Unep Eurobats
    Windows

    Lenov-oh no

    ... surely?

  17. gmathol

    Think is all PC's or machines which using the Intel Processor are vulnerable for all kind of attacks.

    We know this since 2003.

  18. Halfmad

    I was so proud of my 82 year old dad last week.

    He'd got his new laptop delivered and immediately called me up to ask what a good AV was for it and "How do I remove all this shit they've installed on it."

    It made me weep a little, the old guy still knows best.

    1. Anonymous Coward
      Anonymous Coward

      Re: I was so proud of my 82 year old dad last week.

      Bless; such utterances bring joy to my heart, can I adopt him? :)

  19. jzl

    Lenovo Skylake Yogas

    Nice machines. I've just bought a couple.

    Of course the first thing I did was blast the disk away and install a freah copy of Windows 10. The machines were loaded down woth so much crap I'm not surprised some of it was dodgy.

    When will they learn?

    1. x 7

      Re: Lenovo Skylake Yogas

      "fresh copy of Windows 10"

      Oh dear......yes, some people NEVER learn

      1. jzl

        Re: Lenovo Skylake Yogas

        Well, I guess I could install Linux.

        Would that run our bespoke in-house Windows software? How about Visual Studio? Or a spreadsheet that's 1:1 compatible with Excel, including complex VBA code and Bloomberg integration? Or SQL Server?

        Thought not.

        But, hey, there's never a good reason for using Windows, right?

        1. jzl

          Re: Lenovo Skylake Yogas

          Besides, in my non-work experience, I have played with Linux. I've found that it seems to knock at least 20% off the battery life, the trackpad drivers never work properly, and good luck with Bluetooth.

          Linux is great in server farms. It's great for hobbyists. It's an awesome way to learn - properly learn - about how computers work.

          It's just not as strong on the desktop for getting stuff done as either Windows or OS X. You have to spend ages fiddling with it when it should just get out of the way.

        2. x 7

          Re: Lenovo Skylake Yogas

          "Well, I guess I could install Linux."

          well you could, but the point I was making was why Windows 10? You could have happily reloaded them with clean instances of Win7, but you went down the fuckwits route of forcing your users to use 10

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019