Lenovo Has Been Selling Laptops with Malware Pre-Installed

Yahoo Tech ^ | Feb. 19, 2015

[Wolfie]

Lenovo Has Been Selling Laptops with Malware Pre-Installed

Computer maker Lenovo has been shipping laptops prepackaged with malware that makes you more vulnerable to hackers — all for the sake of serving you advertisements.

Made by a company called “Superfish,” the software is essentially an Internet browser add-on that injects ads onto websites you visit.

Besides taking up space in your Lenovo computer, the add-on is also dangerous because it undermines basic computer security protocols.

That’s because it tampers with a widely-used system of official website certificates. That makes it hard for your computer to recognize a fake bank website, for instance.

It’s a nasty trick — the same one that the in-flight Wi-Fi service Gogo was caught doing last month.

"This is exactly what bad guys do with trojans and other malicious software to trick users to access fake sites to surveil/monitor private communications," said Kevin Bocek, an executive at cybersecurity company Venafi.

Customers started spotting this on their Lenovo computers in mid-2014.

After facing a fierce backlash by customers and computer security experts this week, Lenovo on Thursday acknowledged as much.

"User feedback was not positive," so Lenovo stopped preloading the software on new computers in January, a company spokesman said. Lenovo also promised it "will not preload this software in the future" and said it disabled the feature on its servers, which essentially kills the program on everyone’s computer.

The company initially claimed it only included Superfish on “some consumer notebook products shipped in a short window between October and December.” When CNNMoney noted that customers started complaining about this feature earlier than that, Lenovo acknowledged that factory installations of Superfish started back in September.

But questions remain. It’s also unclear which exact laptop models were affected. A Lenovo representative said the company could not immediately answer these questions.

So, what was the point of the “Superfish Visual Discovery” software? It makes it easier to shop for deals. The program analyzes images you see on the Web and presents similar products that might have lower prices.

Lenovo stressed that the program did not “monitor user behavior” or record user information.

"The relationship with Superfish is not financially significant; our goal was to enhance the experience for users," the company said in a statement. "We recognize that the software did not meet that goal and have acted quickly and decisively."

To be completely safe, experts usually advise that users reinstall a fresh new operating system. Lenovo customers have already paid for Windows in their laptops, so they will have to shell out another $120 for a copy of Windows 8.1.

[Red Badger]

Well, that saves tons of time..................

[NorthMountain]

Lenovo was banned at my workplace years ago, for trying to phone home.

Lenovo == Peoples’ Republic of China.

[2ndDivisionVet]

[WayneS]

Who is this Malware guy and how did they get him to fit inside a computer cabinet?

Malware... Must be Italian.

[Gay State Conservative]

Lenovo = Red China = No thanks

[Regulator]

It’s a feature, not a bug!

[Pontiac]

Lenovo customers have already paid for Windows in their laptops, so they will have to shell out another $120 for a copy of Windows 8.1.

People still pay for Windows?!!!

PT Barnum said it best “There’s a sucker born every minute.”

[Veggie Todd]

[Calvin Locke]

The program analyzes images you see on the Web and presents similar products that might have lower prices.

Ah so, it also takes up cpu cycles in addition to memory...

Reminds me of a documentary on spies trying to discern what was going on with Reagan's Star Wars research.

A very anal [retentive] systems adminstrator noticed some missing cpu time, in the order of a couple hundred milliseconds (iirc), and it led to the breaking of a spy ring.

[Responsibility2nd]

Lenovo's New Marketing Slogan....

[NorthMountain]

I worked as SYSADM for a while (aeons ago).

A man’s got to know his limitations. I’m simply NOT anal retentive enough for the job. I moved on to other things ...

[DUMBGRUNT]

“The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage”
Cliff Stoll

???

[sten]

professional malware. walware you can trust.

[Bob]

There was a book named “The Cukoo’s Egg” by Richard Stoll that described the whole process of discovering and eventually tracking down the hackers. While it’s been a number of years since I’ve read it, I do recall that it was a very interesting story and very well told.

[bicyclerepair]

Using Linux Cinnamon Mint 17.1 right now. Best OS I have ever used. And it’s running on half the hardware of my windoze boxes and is still faster.

Everything works. You should give it a try. I cobbled this pc together out of spare parts and it blows windoze away.

i.e. My linux box only has a single 64-bit Athlon, 2gb RAM and does circles around my dual-proc 4gb RAM windoze boxes.

[Fresh Wind]

HP does the same thing.

[af_vet_rr]

Lenovo == Peoples’ Republic of China.

Besides the Mac Pro, which is made in Texas, name three computers made in the USA.

In that rush to make cheaper computers, we really screwed things up.

[MaxMax]

This is why I build my own. There's always some jerk out there willing to sell you
down the road for a few more nickels, and that's all your security is worth to them.

[Utilizer]

Not a problem. Any new pc arrives here, we immediately dump the pre-installed crap OS and install linux. No problems whatsoever for years now, and Opera rounds out the install.

Have several extra ‘doze COA and sernos lying about as well going back to 98SE at least.