Lenovo Says No Security Concerns With Superfish, But Researchers Already Cracked It

[Guest]

Lenovo was caught injecting ads into users' encrypted connections by pre-installing adware in recently sold notebooks. The company says there are no security concerns with this, but researchers have already shown that the adware can be exploited.

Lenovo Says No Security Concerns With Superfish, But Researchers Already Cracked It : Read more

 

[captaincharisma]

thankfully it wasn't on my lenovo G510 laptop, unless my spyware scanner already removed it months ago. its just like a company always trying to assure people there are no problems and instead of opting to remove and disable it permanently they keep trying to talk everyone into letting them keep it. this is why i stayed with desktops for so long because it was easy to build your own and didn't have to worry about a company pre installing crap like this on

 

[bgunner]

Once it was the bloatware issue that the manufacture were adding. Now we have manufactures installing things that can compromise personal data. As if the product doesn't cost enough to start with lets let an attacker take the rest of it so that the company can make a few extra buck off the public.

A bad business move right there. This will hurt there view in the public's eye for quite some time from now. Not to mention add supposition to if they will ever try it again.

 

[dstarr3]

Reason #3,037 why you should reformat and reinstall on every laptop you buy.

 

[dgingeri]

I despise adware under any circumstances. Any manufacturer that would actually ADD the stuff to their PCs are going to get an "avoid like the plague" recommendation from me. One that actually breaks secure connections in order to put those ads in web sites they have no business dealing with gets a "you're stupid if you even consider it" rating from me.

 

[d_kuhn]

Always Always Always wipe the hdd of new consumer machines and reinstall windows... always. If you don't have a clean windows disk then make sure the machine you buy sends you the oem install disk (their 'reinstall' disk just reinstall the crapware).

 

[kenjitamura]

Reason #3,037 why you should reformat and reinstall on every laptop you buy.

I always do. Bloatware and adware are unacceptable to me and wiping the thing before using it is time well spent.

 

[OneFai]

Shame on Lenovo. I installed some Asus software to prioritize the PC's Lan traffic. After installation, all my secure http connections were hijacked. I couldn't even uninstalled it. I had to wipe my PC clean. No more Asus software for me.

 

[Innocent_Bystander]

Wiping and reinstalling a clean system is absolutely fundamental on any OEM product. Having said that, anyone who rewards this behaviour with a repeat purchase deserves more of the same

 

[Theretoohsprahs]

I work at Best Buy in computer sales, and this makes me sick knowing that I've probably unknowingly sold some people a compromised computer.

 

[ethanolson]

This is why I prefer to use HP Zbook workstations. They're made near Pittsburgh in the good ol' USA. No Superfish. Just a vanilla Windows installation.

 

[warezme]

Lenovo is now owned by a Chinese company. No one should be surprised this has happened. I wouldn't be surprised if everyone didn't eventually find bios level malware also already installed.

 

[nick779]

This is why I prefer to use HP Zbook workstations. They're made near Pittsburgh in the good ol' USA. No Superfish. Just a vanilla Windows installation.

There also like what $3-4000?

My company has been between lenovos and dells for the past 8 months we buy the T440 and the E7240 ultrabooks.

I have my own custom image for each one, but I checked the T440 and it doesnt have that adware installed from the factory.
Honestly I could care less about the bloat because I wipe every PC I purchase and do an install from scratch. The new Yoga 3 14 is the laptop ive been trying to find for the past year or so and I fully intend on buying it in the next few months.

 

[bgunner]

I wouldn't be surprised if everyone didn't eventually find bios level malware also already installed.

If this was the actual case, boy would the company take a hit. lol

 

[bmdc]

"For instance, Lenovo's certificate can replace Bank of America's own certificate, in essence breaking your secure connection with Bank of America, merely to insert its own ads on the website."

WOW that is messed up.

 

[Christopher1]

Reason #3,037 why you should reformat and reinstall on every laptop you buy.

When you do that, you lose your free copy of Windows X (7 or 8 lately). So most are not going to do that.
Now, if someone can give me an easy way to backup my installation OEM key AND a link to a clean copy of the ISO that the OEM's used to install Windows X on their machines.... then I would be willing to clean install.
Really, the last 4 computers I got (3 laptops and one desktop) did not need to have Windows completely reinstalled. Yes, some 'kruft' needed to be gotten rid of (mainly those crapware apps) but those were easily removed.

 

[Christopher1]

Once it was the bloatware issue that the manufacture were adding. Now we have manufactures installing things that can compromise personal data.

I don't think that Lenovo meant to do that. I believe that they were lied to by the SuperFish makers about what their software actually did, something that should have the SuperFish makers arrested for fraud.

 

[bgunner]

Once it was the bloatware issue that the manufacture were adding. Now we have manufactures installing things that can compromise personal data.

I don't think that Lenovo meant to do that. I believe that they were lied to by the SuperFish makers about what their software actually did, something that should have the SuperFish makers arrested for fraud.

The point is it was done. Whether or not it was meant to allow a comprise is personal data is irrelevant the issue is there. If you break a secure link to put anything in it is wrong and should never be allowed because we trust that a secure link is "Secure". Breaking this link in anyway makes the link not secure. There for a secure link is useless.

 

[Christopher1]

The point is it was done. Whether or not it was meant to allow a comprise is personal data is irrelevant the issue is there. If you break a secure link to put anything in it is wrong and should never be allowed because we trust that a secure link is "Secure". Breaking this link in anyway makes the link not secure. There for a secure link is useless.

With all due respect, yes, it is relevant. If Lenovo was not told of the behavior that the SuperFish software was going to do or were given information on only half or less of it's capabilities, you cannot blame them for this software.
Now, if they were INFORMED of the behavior of SuperFish beforehand and still allowed it to be installed on their machines from the factory? Then we can lambast them for it and a class action lawsuit would not be wrong or unjustified.

 

[Christopher1]

Shame on Lenovo. I installed some Asus software to prioritize the PC's Lan traffic. After installation, all my secure http connections were hijacked. I couldn't even uninstalled it. I had to wipe my PC clean. No more Asus software for me.

I seriously doubt that you 'could not install it'. Every single piece of 'bloatware' on my friends ASUS was easily removed. If you were unable to uninstall something and downloaded it from the ASUS website itself, you should inform them of that so that they can investigate.

 

[eriko]

Quote: Quote:
Reason #3,037 why you should reformat and reinstall on every laptop you buy.


I always do. Bloatware and adware are unacceptable to me and wiping the thing before using it is time well spent.

+1 - and me.

 

[nick779]

Reason #3,037 why you should reformat and reinstall on every laptop you buy.

When you do that, you lose your free copy of Windows X (7 or 8 lately). So most are not going to do that.
Now, if someone can give me an easy way to backup my installation OEM key AND a link to a clean copy of the ISO that the OEM's used to install Windows X on their machines.... then I would be willing to clean install.
Really, the last 4 computers I got (3 laptops and one desktop) did not need to have Windows completely reinstalled. Yes, some 'kruft' needed to be gotten rid of (mainly those crapware apps) but those were easily removed.

I dont know about you, but every pc Ive ever bought comes with the Serial.

 

[Kenneth Hans]

#2 reason for me to hate Lenovo systems.
#1, for me, is their messed-up keyboard layout. They've moved keys around that I use often - makes it a pain to do certain things. I only use it because it's provided by my company and mandatory to use.

 

[bgunner]

The point is it was done. Whether or not it was meant to allow a comprise is personal data is irrelevant the issue is there. If you break a secure link to put anything in it is wrong and should never be allowed because we trust that a secure link is "Secure". Breaking this link in anyway makes the link not secure. There for a secure link is useless.

With all due respect, yes, it is relevant. If Lenovo was not told of the behavior that the SuperFish software was going to do or were given information on only half or less of it's capabilities, you cannot blame them for this software.
Now, if they were INFORMED of the behavior of SuperFish beforehand and still allowed it to be installed on their machines from the factory? Then we can lambast them for it and a class action lawsuit would not be wrong or unjustified.

By putting the software on the PC made the company responsible for said software unless stated in the purchase agreement. As far as I know you do not sign a waver saying that the Laptop is sold in an AS-IS state when it is new. This holds Lenovo responsible because they installed the software and distributed it to the general public. It will be a lot worse if they knew that this issue was there than if not But they are still responsible for putting the software on them and will need to held accountable for that.

I think you will find that a class action suit may still go against them. This is because Lenovo leased the software, then installed it on their laptops.

 

[Christopher1]

I dont know about you, but every pc Ive ever bought comes with the Serial.

You are lucky then or buy 'boutique' desktops, laptops and tablets. In the real world, most OEM's (HP, Toshiba, etc.) don't include a Windows serial number with them. They have an 'installed by the maker' OEM activation with no documentation on how to back it up and no way to back it up unless you jump through hoops.