$250K: That's what Lenovo earned to rat you out with Superfish Lenovo bagged a paltry US$250,000 from the deal that saw it install the Superfish certificate slurper onto PCs, according to reports. The PC maker was last month caught installing the ad/bloat/malware into its consumer PCs, sparking a very considerable backlash once the software's ability to intercept encrypted website …
Doubt it. Doubt we'll ever know how some shitty software was peddled along with the normal bloat.
Offering McAfee AV as a cadeau? You have to be kidding me. Asking the lion to come in and clean up the mess the fox made in the hen house?
Sorta reminds me of those nice little Target/Gap offerings of "free credit reports for the next year" after you've lost all of your vitals to the whole nefarious world. And of course those "credit reporting agencies" are, once again, after your stash.
(Typed on my Thinkpad W701. Probably my last from this brand after buying 20-30 over the years.)
If commenter jojack is like most citizens, especially those in Western countries, he will probably have forotten about the Superfish debacle in a few months - a symptom of Attention Deficit Syndrome (ADS) suffered by hundreds of millions - and would probably run to purchase next new Gee-Whiz! Lenovo introduced with some supposedly unusual feature.
I have witnessed this malady many times with all types and categories of technology clients over past twenty plus years.
I will never buy another Sony again after they threatened to sue me for buying a laptop in the US and then daring to to try to register it with a non-US address so that I could get technical support for it under their 'worldwide warranty'.
Over the years following the Sony television was replaced by another brand, the home cinema amp was replaced, the digital camera was replaced and so on...
The rootkit palaver happened after this time and that would have been the final straw for me if I were still using Sony gear as I consider this Superfish to be more misguided than Sony's rootkit which was, as far as I am concerned, intentional and downright evil.
Odd that this was downvoted. Given the Chinese attitude to loss of face, I expect Lenovo to be extremely careful about its image for at least several years. China seems still to be a very shame-based culture, California not nearly so much (and the UK not at all nowadays).
Really? If Lenovo follows through on their statement about no longer pre-loading bloatware going forward, that would keep them on my shortlist.
Ditto here as I rather like the hardware. Then again I do blast the machine with a new operating system when it comes out of the box.
Of course the problems we face today are now in the BIOS...
Reminds me of a scene in A Man for all Seasons (Robert Bolt)
Richard Rich has just perjured himself to condemn Thomas Moore to the block.
Moore: "Richard, that's a chain of office you're wearing."
Rich: "Yes, I am Chancellor for Wales."
Moore: "What profit a man who gains the whole world if he loses his soul - but for Wales Richard, Wales."
... but for $250k. I can hardly believe Lenovo are so cheap. Heads should indeed role.
Actually, I'd be pretty bloody certain that someone's head WILL roll for this. This is going to cost Lenovo a lot more than £250K and the one thing the heads of a company don't like, is seeing someone's fuckup hit their bottom line. The only people who get a pass are the people at the very top and I seriously doubt that it was the CEO who contemplated the ramifications of installing a new root certificate and intercepting all HTTPS traffic. Somewhere below them will be the person who actually understood what they were doing and that person will not be having a fun time right now.
I think Lenovo's involvement goes deeper. I custom ordered a new Think Pad laptop for my business. When I received it in the mail, it came with software installation CD's yet no CD/DVD player, and the software not installed. My bad for not realizing this configuration, I just assumed all laptops had DVD players. I called customer service to complain about the not so obvious omission and was told "No problem, I'll pass you over to our tech department and they will install the software remotely." So I did the dumb thing being trusting and all and gave their "tech" remote access. The first thing the "tech" did was scan the computer and tell me that I had all kinds of malware and spyware on the laptop and offer to remove it for a fee. I informed them that they were the literal first person to have any access to the computer, so if there was crap on the computer, they must have installed it themselves.
In the ensuing conversation I got rather angry by the obvious obfuscation and attempts to convince me to sign up for regular 'virus removal services'. I tried to end the conversation and the "tech" kept hijacking the cursor so I could not end the session. I had to pull the power on the machine to break the techs control. Turns out the Lenovo "tech" was an outside company, not Lenovo at all.
I will never buy a Lenovo again.
";...promising to never again install bloatware...', '...six month subscriptions to McAfee...'
It may have been a PR disaster but at least Lenovo still have a sense of humour"
Is it really humor ? I have yet to see anyone else paying their users a sub to an anti-virus company, to clean up *their* mess ... Geez.
I imagine they have alrady lost more than that in sales since it came to light.
(Icon for Lenovo of course).
As a company I have had little dealings with but by default would have assumed they were one of the 'reputable' brands, they have now been relagated to 'another dodgy box slinger' status in my mind. And that will be a very hard perception to change in me now, even if I actually wanted to change it.
Perhaps. Perhaps not.
We order abut 100 machines a year, and were about to switch to Lenovo, now we decided not to. I don't see us going there next year either.
It wouldn't take so many businesses to do the same to actually hurt them. I mean, we're a pretty small fish, but there are people out there who measure their purchases in thousands of units who might be thinking the same way.
Nobody remembers anything any more. It won't hurt them for more than a week - if that.
I dunno. More that a few commentards here have likened this to the Sony rootkit debacle, which happened several years ago. I, for one, do not buy anything Sony anymore...and I know I'm not alone.
Also, reg readers represent a disproportionate portion of people with input into major corporate purchase decisions (I am just a tech, working well below management level, but the decisions in my section on what to get within the provided spec is usually left entirely up to me). And we are less inclined than the average one-off consumer to forget. Or forgive.
Every place I've worked; the SOP has been to flush the pre-installed OS image & re-install.
But these days consumer PC/Laptops etc you don't even have that option; You only get the OEM's rebuild partition
Not so much of an issue for me, most everything I buy (except fondleSlab & phones) get re-imaged with Debian. Maybe MS could do something nice like say .... "Our OS must be installed from OUR media by the END USER"; Won't work of course ... The pubic outrage would be enormous.
So....
. Sony are out due to rootkit
. Samsung are out due to ad injection & voyeuring via your TV
. LG are out due to phoning home all your media watching habbits
. Lenovo are out for on purpose pre-installed scumware.
Who else have I forgotten off my shitlist?
Could it really be that Apple is the last honest platform standing?
Shit; I need off this rock, like right now.
>. Sony are out due to rootkit
> Samsung are out due to ad injection & voyeuring via your TV
Er whatever.
Sony stopped making laptops last year and sold the VAIO brand. New VAIO laptops are coming soon.
Samsung stopped selling laptops in Europe last year.
http://www.pcadvisor.co.uk/news/laptop/3573470/samsung-exits-laptop-market-including-chromebooks/
">. Sony are out due to rootkit
> Samsung are out due to ad injection & voyeuring via your TV
Er whatever.
Sony stopped making laptops last year and sold the VAIO brand. New VAIO laptops are coming soon.
Samsung stopped selling laptops in Europe last year."
Correlation does not imply causation normally, but maybe A had something to do with B?
Microsoft do.
Windows 7 : http://www.microsoft.com/en-us/software-recovery
Windows 8 : http://windows.microsoft.com/en-GB/windows-8/create-reset-refresh-media
There are other links available for office, all direct from Microsoft, just provide them with your legit key and away you go.
To get your Windows 8 key (as they're usually stored in the bios/uefi) you can use pkeyui.
While MS might offer the Windows software recovery image, what about OEM-specific drivers? From experience they can be a pain for Windows and for Joe Average its just not going to happen.
Lenovo need a kicking over this, and maybe MS should get touch and put a stop to crap-bundling on any OEM deals.
"But these days consumer PC/Laptops etc you don't even have that option; You only get the OEM's rebuild partition"
Yes, indeed, and this just shows MS will have to amend their policy on this, as some vendors are just f***ing bonkers, selling their customers' security for a mere couple of USDs.
Previously, vendors would only add mid-usefull bloatware, but not any security-destroying fuckware. This time is gone.
The model is screwed as hell, and MS has to re-gain control of *their* OS !
"But these days consumer PC/Laptops etc you don't even have that option; You only get the OEM's rebuild partition"And that really sucks when the HDD goes out. An actual conversation with Tech Support after a hard drive failure:
Me: "My laptop hard drive started making clicking and grinding sounds, and would not be recognized on boot; so I replaced it, and would like to request some installation media, to get the laptop running again."
So-Called-Tech: "Oh, you don't need media, you can just restore from the Recovery Partition. When you turn on the laptop..<goes into spiel on recovering>"
Me: "That hard drive is dead, BIOS would not recognize it, there is a new hard drive installed that does not have the recovery partition, can you send me the install media?"
SCT: "All hard drives in our laptops have the recovery partition, you just need to access it by..."
Me: <Hangs up, installs Mint>
The problem is that Lenovo kinda was one of the last remaining "professional" laptop manufacturers. And they are working hard on stopping that.
Another example is them using TPM to rid you of the possibility to replace their UEFI crap with Coreboot:
http://patrick.georgi-clan.de/2015/02/17/intel-boot-guard/
That effectively means you cannot get rid of potential UEFI malware.
"...Jessica Bennett, who filed against Lenovo and Superfish claiming the “malware” injected smut images into her Yoga laptop"
...as expertly determined during the forensic investigation conducted by her teenage son I presume, who never, ever had any time alone with said laptop prior to the incident, especially not late at night.
A couple of days ago the main driver download page on Lenovo's website was largely filled with an advert for a third party utility to scan and download the latest drivers. Presumably this would 'phone home to check every time the machine was booted up. Although initially free, it looked as though $39.95 came into the picture somewhere along the line with another $9.95 for annual subscriptions.
Now there is no mention of this bloatware. Driver details are presented much more cleanly; there is an option to show all the appropriate drivers for a given operating system on a single page. Linux versions aren't yet provided, but one can hope.
The scanner which had been being promoted there now appears to be on 'special offer' on its own site, discounted to $29.95.
>A couple of days ago the main driver download page on Lenovo's website was largely filled with an advert for a third party utility to scan and download the latest drivers.
Strange they got any sales, as I've always used the IBM/Lenovo pre-installed "System Update" utility to keep my various pre-installed drivers and utilities up-to-date. Visiting the driver download site on those occassions when I wish to short circuit System Update (System Update seems to pull it's driver updates from a repository containing all versions of a driver, hence will sequentially step through and install each one in turn until it runs out of updates.
Just in the market for a new laptop now and Lenovo have definitely put themselves out of the running for me. That said, I'm not sure whether this isn't the ideal time to buy- normally after a company has been caught doing something intensely unethical, they are well behaved for a few months until their marketing departments decide that everyone has forgotten about it.
Remember this is what Superfish paid Lenovo to effectively place their 'advertisement' on what I assume to be a defined number of systems. Hence the monies represent what Superfish were prepared to pay for the potential 'leads' and sales affiliate commissions they envisaged gaining from this campaign.
What this tells us is that whilst "advertising space" on new PC's will continue to be attractive, the owners/controllers of this space will need to exercise much more vigilance over this space and more carefully curate those 'advertisements' they do permit.
It would be nice to think that Lenovo's experience would act as a warning to other manufacturers, but few seem to have taken note of the fallout from previous similar wrecks such as Sony's woes a couple of years ago.
I wonder how much of the lack of foresight stems from the ad pimping industry's view of itself? A read of most tech sites, even the more mainstream ones, would leave you with the clear impression that such 'services' are universally seen as malware, with even that mass of users who could previously be counted on to be uninterested now developing a dislike for anything likely to play fast and loose with their privacy.
However a trip over to the other side of the conversation on the industry's own blogs and rumour mills would leave you with the distinct impression that they fully subscribe to their own upbeat assessments and view their 'product' as useful to users, and their approach to privacy as fair. About the nearest I've come across to acknowledging any user dissent at all is the odd commentary on the 'immorality of adblocking', still conducted entirely without a hint of doubt.
If firms like Lenovo are completely failing to do their own homework in the round and reading only the ad industry drivel before signing up, its little surprise they are so often apparently taken aback when their 'helpful' bits of malware come to light - it rarely requires much actual demonisation to create a proper full scale shitstorm.
From my own perspective, I find it reassuring that the industry is very definitely its own worst enemy.
Wake up and smell the coffee kids. This problem is not new. Just today I am running a Lenovo Thinkpad's system updater program. It offers me a "free" system check, you know, to speed up my computer. I see a small text link to Iolo T&C. Well, I don't really want Iolo System Mechanic or any other 3rd party software added to my system, I just want the manufacturer drivers and utilities updated! Some bean counter at Lenovo decided to monetize this bit of support effort!
Try talking to HP or Dell or Lenovo or Microsoft tech support past your warranty period. Like as not, they'll refer you to "paid support" and your call will be forwarded to some 3rd party outfit in India that will try to upsell you to some annual support plan for the low, low price...
Monetization of formerly complimentary services is the rule these days, not the exception. It won't change anytime soon because most people buy everything based on price and manufacturers respond by dropping the price of their computers to such razor thin margins that they can't afford to also provide free tech support and updates.
I'm an end user computing person, and it's amazing how thin margins on consumer hardware actually are. That doesn't justify this, but you can see how a vendor could see a quick win, any win, in the crap hardware territory that they push out to consumers. This is the stuff you buy at Best Buy/Staples - the $200 desktop or $300 disposable laptop. The $500 business desktop or $900 ThinkPad T series is a whole other class of machine.
Lenovo, HP and the like make good business hardware, and for the most part, the default image isn't loaded with this garbage. The worst I've seen is a free McAfee or Norton trial, and I think the main reason they do this is for the small/medium business types who just use the factory image as-is. They know that most business customers are going to blow away the factory image anyway once they steal the useful stuff off of it and use it to integrate the hardware into their standard image.
If PC manufacturers could somehow just dump the crap-grade consumer hardware, they'd be in good shape. Unfortunately, enough people still refuse to pay more than $400 for a machine. I do give Microsoft points though -- they're helping by allowing savvy users to legally turn in their OEM license key to get a non-bloatware version of Windows. Unfortunately, they're not able to help integrating all the vendor drivers and utilities.
Side note - even on business laptops, it's amazing how much of the hardware requires actual software programs to control it these days. I just worked on getting a new HP EliteBook into our "supported hardware" category, and I needed about 5 non-crapware applications installed just to let me control the hardware!
>Side note - even on business laptops, it's amazing how much of the hardware requires actual software programs to control it these days.
Yes, and the worrying thing is the amount of hardware that once was discrete and now can require firmware updates: HDD, DVD/RW drive, Video adaptor, RAID adaptor ...
>I just worked on getting a new HP EliteBook into our "supported hardware" category, and I needed about 5 non-crapware applications installed just to let me control the hardware!
Dell is similar, what I discovered was that the Driver recovery disk was critical (if doing a full clean install) as these installed these poorly documented non-crapware applications and hardware drivers in the right sequence...
I do not understand the outrage, here ... I mean, computers with Windows pre-installed are always full of crapware/malware out of the box (Lenovo are NO WORSE than the others). Then you wanna go and install stuff, like winrar, VLC, OpenOffice etc, and unless you are a g33k, you will most probably download the installer from downloads.com, softonic, 01net, sourceforge, java.oracle.com or whatever which inject crapware/malware into the installers.
As for bloatware, that is the very definition of Windows.
"[Lenovo promised] to never again install bloatware."
Six months later, what do we find? A Lenovo rootkit in the BIOS, overwriting Windows files on reboot with ones that phone home and do goodness-knows what else.
http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/
Lenovo started with a box of shells, a twelve-bore and their feet, and continued upwards. Now their feet, legs and genitalia are red smears behind them, and they're working on the lower bowel.
It's like Ratner, in slow motion.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
