Lenovo Says No Security Concerns With Superfish, But Researchers Already Cracked It

Status
Not open for further replies.
thankfully it wasn't on my lenovo G510 laptop, unless my spyware scanner already removed it months ago. its just like a company always trying to assure people there are no problems and instead of opting to remove and disable it permanently they keep trying to talk everyone into letting them keep it. this is why i stayed with desktops for so long because it was easy to build your own and didn't have to worry about a company pre installing crap like this on
 
Once it was the bloatware issue that the manufacture were adding. Now we have manufactures installing things that can compromise personal data. As if the product doesn't cost enough to start with lets let an attacker take the rest of it so that the company can make a few extra buck off the public.

A bad business move right there. This will hurt there view in the public's eye for quite some time from now. Not to mention add supposition to if they will ever try it again.
 

dgingeri

Distinguished
I despise adware under any circumstances. Any manufacturer that would actually ADD the stuff to their PCs are going to get an "avoid like the plague" recommendation from me. One that actually breaks secure connections in order to put those ads in web sites they have no business dealing with gets a "you're stupid if you even consider it" rating from me.
 

d_kuhn

Distinguished
Mar 26, 2002
704
0
18,990
US
Always Always Always wipe the hdd of new consumer machines and reinstall windows... always. If you don't have a clean windows disk then make sure the machine you buy sends you the oem install disk (their 'reinstall' disk just reinstall the crapware).
 

OneFai

Reputable
Jan 16, 2015
24
0
4,510
Shame on Lenovo. I installed some Asus software to prioritize the PC's Lan traffic. After installation, all my secure http connections were hijacked. I couldn't even uninstalled it. I had to wipe my PC clean. No more Asus software for me.
 

Innocent_Bystander

Honorable
May 2, 2013
76
0
10,640
Wiping and reinstalling a clean system is absolutely fundamental on any OEM product. Having said that, anyone who rewards this behaviour with a repeat purchase deserves more of the same
 

ethanolson

Distinguished
Jun 25, 2009
318
0
18,780
This is why I prefer to use HP Zbook workstations. They're made near Pittsburgh in the good ol' USA. No Superfish. Just a vanilla Windows installation.
 

warezme

Distinguished
Dec 18, 2006
2,355
0
19,810
Lenovo is now owned by a Chinese company. No one should be surprised this has happened. I wouldn't be surprised if everyone didn't eventually find bios level malware also already installed.
 

nick779

Honorable
Apr 23, 2012
144
0
10,710


There also like what $3-4000?

My company has been between lenovos and dells for the past 8 months we buy the T440 and the E7240 ultrabooks.

I have my own custom image for each one, but I checked the T440 and it doesnt have that adware installed from the factory.
Honestly I could care less about the bloat because I wipe every PC I purchase and do an install from scratch. The new Yoga 3 14 is the laptop ive been trying to find for the past year or so and I fully intend on buying it in the next few months.
 

bmdc

Distinguished
Nov 2, 2011
24
0
18,510
"For instance, Lenovo's certificate can replace Bank of America's own certificate, in essence breaking your secure connection with Bank of America, merely to insert its own ads on the website."

WOW that is messed up.
 

Christopher1

Distinguished
Aug 29, 2006
651
0
19,010
US
Reason #3,037 why you should reformat and reinstall on every laptop you buy.
When you do that, you lose your free copy of Windows X (7 or 8 lately). So most are not going to do that.
Now, if someone can give me an easy way to backup my installation OEM key AND a link to a clean copy of the ISO that the OEM's used to install Windows X on their machines.... then I would be willing to clean install.
Really, the last 4 computers I got (3 laptops and one desktop) did not need to have Windows completely reinstalled. Yes, some 'kruft' needed to be gotten rid of (mainly those crapware apps) but those were easily removed.
 

Christopher1

Distinguished
Aug 29, 2006
651
0
19,010
US
Once it was the bloatware issue that the manufacture were adding. Now we have manufactures installing things that can compromise personal data.
I don't think that Lenovo meant to do that. I believe that they were lied to by the SuperFish makers about what their software actually did, something that should have the SuperFish makers arrested for fraud.
 


The point is it was done. Whether or not it was meant to allow a comprise is personal data is irrelevant the issue is there. If you break a secure link to put anything in it is wrong and should never be allowed because we trust that a secure link is "Secure". Breaking this link in anyway makes the link not secure. There for a secure link is useless.
 

Christopher1

Distinguished
Aug 29, 2006
651
0
19,010
US
The point is it was done. Whether or not it was meant to allow a comprise is personal data is irrelevant the issue is there. If you break a secure link to put anything in it is wrong and should never be allowed because we trust that a secure link is "Secure". Breaking this link in anyway makes the link not secure. There for a secure link is useless.
With all due respect, yes, it is relevant. If Lenovo was not told of the behavior that the SuperFish software was going to do or were given information on only half or less of it's capabilities, you cannot blame them for this software.
Now, if they were INFORMED of the behavior of SuperFish beforehand and still allowed it to be installed on their machines from the factory? Then we can lambast them for it and a class action lawsuit would not be wrong or unjustified.
 

Christopher1

Distinguished
Aug 29, 2006
651
0
19,010
US

I seriously doubt that you 'could not install it'. Every single piece of 'bloatware' on my friends ASUS was easily removed. If you were unable to uninstall something and downloaded it from the ASUS website itself, you should inform them of that so that they can investigate.
 

eriko

Distinguished
Mar 12, 2008
212
0
18,690
Quote: Quote:
Reason #3,037 why you should reformat and reinstall on every laptop you buy.


I always do. Bloatware and adware are unacceptable to me and wiping the thing before using it is time well spent.

+1 - and me.
 

nick779

Honorable
Apr 23, 2012
144
0
10,710


I dont know about you, but every pc Ive ever bought comes with the Serial.
 

Kenneth Hans

Reputable
Sep 3, 2014
15
0
4,510
#2 reason for me to hate Lenovo systems.
#1, for me, is their messed-up keyboard layout. They've moved keys around that I use often - makes it a pain to do certain things. I only use it because it's provided by my company and mandatory to use.
 



By putting the software on the PC made the company responsible for said software unless stated in the purchase agreement. As far as I know you do not sign a waver saying that the Laptop is sold in an AS-IS state when it is new. This holds Lenovo responsible because they installed the software and distributed it to the general public. It will be a lot worse if they knew that this issue was there than if not But they are still responsible for putting the software on them and will need to held accountable for that.

I think you will find that a class action suit may still go against them. This is because Lenovo leased the software, then installed it on their laptops.
 

Christopher1

Distinguished
Aug 29, 2006
651
0
19,010
US

You are lucky then or buy 'boutique' desktops, laptops and tablets. In the real world, most OEM's (HP, Toshiba, etc.) don't include a Windows serial number with them. They have an 'installed by the maker' OEM activation with no documentation on how to back it up and no way to back it up unless you jump through hoops.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS