Lenovo bundled adware on some laptops, leaves users with staggering security vulnerabilities

2

Comments

  • Reply 21 of 46
    (He also used to praise Apple for not doing this, and as a result, would take much online abuse from the great unwashed....)

    1) I think that started well before Mossberg, but since Windows had the mindshare no one seemed to care about the floundering Apple and their pathetic MAC.

    2) Note that Apple used to include some bloatware with new Macs that was also on their restore DVDs. Besides a "Test Drive" of Office for Mac, they also had some game with a dinosaur, as I recall. Although, to be fair, it was never as egregious or dangerous as what we've come to see from the Win OEMs race to the bottom.
  • Reply 22 of 46
    A short window from Septwmber thru December.

    Woof, gotta love it. "Until we were caught "
  • Reply 23 of 46
    Quote:

    Originally Posted by anantksundaram View Post

     

    Um... I've had similar problems with visits to AI using Safari on my iPad: it ends up hijacking me repeatedly to a gamer's website. I'd think that I was navigating to the 'next' page of comments, but instead takes me somewhere else.

     

    It happens off and on. (For example, I haven't had the problem in the past couple of weeks).

     

    Anyone else have this issue?




    Not me, using both an iPad 3 (still on iOS7) and an iPad Air 2 (current public build).

     

    (Sometimes my 4S misinterprets a swipe as a tap, and if that occurs on an ad, it may launch the target.  But that may be just lazy swiping on my part.)

  • Reply 24 of 46
    Quote:

    Originally Posted by SolipsismY View Post



    Besides a "Test Drive" of Office for Mac, they also had some game with a dinosaur, as I recall. Although, to be fair, it was never as egregious or dangerous as what we've come to see from the Win OEMs race to the bottom.

     

    Yep, bloatware is the accurate wording.  If you decided to buy/install Office for Mac for real, you had to uninstall the Test Drive version first.

    The dinosaur thing was pretty innocuous, as I recall.

  • Reply 25 of 46
    dysamoriadysamoria Posts: 3,430member
    I'm still stunned by the junk pre-installed on PC laptops. I just set up a Toshiba for a friend. The Toshiba apps themselves were variously useless and extremely inefficient. It was like they had drafted a specification that said "design system tools to run in as many processes and with as many executables as possible".

    Anyway, PC sales are used as software/service advertising. That's problem number one for junkware.
  • Reply 26 of 46
    Quote:

    Originally Posted by SolipsismY View Post

     
    Quote:

    Originally Posted by anantksundaram View Post



    (He also used to praise Apple for not doing this, and as a result, would take much online abuse from the great unwashed....)




    1) I think that started well before Mossberg, but since Windows had the mindshare no one seemed to care about the floundering Apple and their pathetic MAC.



    2) Note that Apple used to include some bloatware with new Macs that was also on their restore DVDs. Besides a "Test Drive" of Office for Mac, they also had some game with a dinosaur, as I recall. Although, to be fair, it was never as egregious or dangerous as what we've come to see from the Win OEMs race to the bottom.

     

     

    Nanosaur, I think.

  • Reply 27 of 46
    Spyware. The appropriate user experience for Windows PCs. I mean, sooner or later, right?
  • Reply 28 of 46

    easier said than done (at least in the old days). 

     

    I tried to install retail Win on a Dell and it complained that the BIOS was not compatible. I NEEDED the factory OEM OS. 

  • Reply 29 of 46
    MacProMacPro Posts: 19,718member
    easier said than done (at least in the old days). 

    I tried to install retail Win on a Dell and it complained that the BIOS was not compatible. I NEEDED the factory OEM OS. 

    I've never had a single issue installing any version of Microcrap's Windblows from XP to 10 on my my Mac Pro using VMWare. I do this for savage entertainment just to see how bad it is but it they all work, sort of. Why anyone would buy a Dell or any other POS beige crap is beyond me.
  • Reply 30 of 46
    Why anyone would buy a Dell or any other POS beige crap is beyond me.

    A few years ago I bought an unused netbook from an AI forum member. In the next couple months I'll be buying a cheap-ish Win notebook. I use them for things that either for my networking labs (since everything in that field will still use Windows as default or require Windows. These are things where a VM simply becomes a hassle since trying to plug in cables over USB or serial to a MBP to then be ignored by the Mac and then seen by the Windows VM becomes a hassle. Also, spending $90 per year on an updated VM for the same build of Windows which I could use in a cheap notebook is becoming annoyingly expensive.
  • Reply 31 of 46
    Questionable default software has been common practice among PC makers for years. Dell, Gateway, HP, Sony....everyone of them have done similar things to the point that most people that are concerned with security immediate wipe a new PC and load a clean version of windows from a source other than the recovery media/partition.

    You're wrong. The average user of a laptop can't even set up their own email account on one. They buy something cheap, plug it in and use it to the extent of their abilities to find Facebook and play Farmville. Erase a hard disk, including the OS, Install a clean version of Windoze, it can't happen — even if they got a CD of the OS when they took possession of the crap computer.
  • Reply 32 of 46
    easier said than done (at least in the old days). 

    I tried to install retail Win on a Dell and it complained that the BIOS was not compatible. I NEEDED the factory OEM OS. 

    I've heard that is somewhat common with laptops especially. Some crapware only allow you to reinstall the image of the hard disk you got when you lugged the virus-ridden thing into your home. So you really can't get shed of the bloatware...
  • Reply 33 of 46
    Um... I've had similar problems with visits to AI using Safari on my iPad: it ends up hijacking me repeatedly to a gamer's website. I'd think that I was navigating to the 'next' page of comments, but instead takes me somewhere else.

    It happens off and on. (For example, I haven't had the problem in the past couple of weeks).

    Anyone else have this issue?

    I've had the issue with game ads at the bottom edge of my iPad screen... I easily touch that area and "KAPOW" I'm sent to the installation page... Usually not a problem if you buy the app so the ads are not present.
  • Reply 34 of 46

    well.. as I said. The old days back when Apple was not doing so well (pre Jobs return). And it was WIN NT

     

    Since then I've had 2 Mac Pros (and Windows never entered my mind). I just bought my 3rd - I love the new Mac Pros.

  • Reply 35 of 46
    Quote:

    Originally Posted by SockRolid View Post

     

     

    Google: "Dang.  Can we buy Superfish?  We need to inject ads wherever we can."




    Why would Google need to buy Superfish?  They now have the password for the root certificate.  They can pretend to be Superfish and for users of Lenovo computers they can now pretend to be any website they want.  They can generate phishing email campaigns to get folks to show on other websites, proxy all that traffic through Google servers making it look like the user is actually on the website they think they are and completely track the users activity.

     

    This is the worst security flaw ever.

  • Reply 36 of 46
    Quote:

    Originally Posted by woodycurmudgeon View Post



    Questionable default software has been common practice among PC makers for years. Dell, Gateway, HP, Sony....everyone of them have done similar things to the point that most people that are concerned with security immediate wipe a new PC and load a clean version of windows from a source other than the recovery media/partition.



    This is barely news.



    If you think this is "barely news" then you have no idea regarding the ramifications of what Lenovo did.  Sure PC makers have installed AdWare for years, I will give you that.  But in none of those cases did those AdWare packages come bundled with a pre-installed Root Certificate Authority (Root CA) certificate from any of those adware makers.  This puts the AdWare on the same level of trust as say VeriSign.  It means the AdWare company can present an SSL certificate for HTTPS communication to your browser and say it is from Amazon.com when in fact it is from them.  It also means that if Amazon's certificate was compromised you would never know anyway because the browser would not be able to warn you because it would only be getting the fake certificate generated by the AdWare Root CA.  

     

    This completely undermines the SSL framework.    What is worse, the password for the private key of the Root CA was guessed in short order.  Most Root CA's have very strong passwords protecting their certificates so they cannot be backwards engineered.  What this means is now anybody in the world can launch phishing attacks at Lenovo users who will have no way of verifying that the website they are communicating with is indeed the one they think it is.

  • Reply 37 of 46
    nasseraenasserae Posts: 3,167member
    That's perfectly fine.. You only need to clear your weekend schedule to format, reinstall, and go around the web hunting for drivers.. Not a big deal ¡
  • Reply 38 of 46
    Google: [I]"Dang.  Can we buy Superfish?  We need to inject ads wherever we can."[/I]
    [/quote]

    They don't need to by Superfish as Lenovo,aka Motorola, are already building the Nexus 6 for them. It is probably pre-installed.
  • Reply 39 of 46
    kibitzerkibitzer Posts: 1,114member
    You want to talk about "staggering" security vulnerabilities?

    http://www.theverge.com/2015/2/19/8071453/nsa-gchq-snowden-sim-phone-security

    Spot on. The SIM card exploit dwarfs any of Lenovo's misdeeds, and will flare into a global media firestorm today and in the coming days and weeks. Doubtless one of Snowden's most damaging exposures of NSA's activities.
  • Reply 40 of 46
    relicrelic Posts: 4,735member

    Quote:


    Originally Posted by sog35 View Post

     

    This is what happens when you buy POS stuff.

     

    I can only imagine the adware/malware on those $99 tablets they sell at walmart


     

    I wouldn't call Lenovo Computers POS as personally I think they make the best Windows based Laptops on the market but this Spyware crap is defiantly worrying to say the least. I know their ThinkPad line doesn't have this problem as there is hardly anything installed, it's one of the most vanilla installations of Windows I have ever seen. I always reinstall Windows anyway as I like to use multiple OS's. My new ThinkPad Yoga for instance has Solaris, Android x86 (actually runs great, fastest Android tablet I have ever used, better be with an i7), CentOS (Linux Distro), Windows 10 (I really don't need Windows, just want to see what it's all about) and OSX. I just did a complete reinstall on Thursday because I just bought a new 960GB SanDisk X300, I just love the fact that this Laptop uses a normal 2.5" disk size. Anyway, something like this won't prevent me from buying another. I always assume that there is some sort of spyware installed on every new Computer I buy anyway, hence the format and reinstall. Every Lenovo ThinkPad I've ever owned have been bullet proof, though I always purchased a particular model, the X series, unfortunately they stopped making the tablet version with the twisty screen so I went with the Yoga. Not the normal Yoga but the ThinkPad version and it's a fantastic machine. I gave my daughter the Surface Pro 3 because she is studying in Ireland for a semester which gave me the perfect ascuse to buy this one, glad I did as it's a much better solution for me to run Solaris (Unix) on, which is something I really wanted as I just purchased a Sun Blade system from eBay(super cheap for what it is and does) for my on going Cluster/distributed computing project.

Sign In or Register to comment.