Page 1 of 1

Don't buy Lenovo laptops

PostPosted: Thu Feb 19, 2015 3:56 pm
by Cyborg Girl
Or if you do, wipe the hard drive before you start using it, and install Windows from a clean disk (i.e. one purchased directly from Microsoft), not the one it came with. The extra price tag of the install disk is totally worth it, IMO.

http://www.theverge.com/2015/2/19/80675 ... ta-hackers

They deliberately break encrypted browsing, so that they can insert custom ads on e.g. you bank's encrypted website. I should not need to tell you how bonkers that is.

Re: Don't buy Lenovo laptops

PostPosted: Fri Feb 20, 2015 4:04 pm
by Sigma_Orionis
Update on this

Lenovo is claiming that the the piece of adware crap/SSL Man-in-The-Middle Attack Facilitator they were installing on consumer laptops (Superfish) was installed on laptops shipped between October and December 2014, Whoopee.

Re: Don't buy Lenovo laptops

PostPosted: Fri Feb 20, 2015 4:10 pm
by Sigma_Orionis
AH, here is Lenovo's Official response (marketese for "because we can")

All,



As an update on this...



Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.



To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.



The Superfish Visual Discovery engine analyzes an image 100% algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.



Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.




____________________________________________

ThinkPads: S30, T43, X60t, X1, W700ds, IdeaPad Y710, IdeaCentre: A300, IdeaPad K1
Mark Hopkins
Program Manager, Lenovo Social Media (Services)
twitter @lenovoforums


Not Impressed.

Re: Don't buy Lenovo laptops

PostPosted: Fri Feb 20, 2015 4:27 pm
by Cyborg Girl
What they don't say there is that their update doesn't remove the bad SSL certificate! :hammer:

Re: Don't buy Lenovo laptops

PostPosted: Mon Feb 23, 2015 6:58 am
by squ1d
I would say just don't buy Lenovo laptops in general anyway, TP's have sucked since that business got sold to Lenovo!

Re: Don't buy Lenovo laptops

PostPosted: Mon Feb 23, 2015 2:17 pm
by Sigma_Orionis
IBM just dumped their entire Intel Based Server Business Unit on Lenovo, so I guess you can add Servers as well to that lot.

Re: Don't buy Lenovo laptops

PostPosted: Mon Feb 23, 2015 2:41 pm
by Sigma_Orionis

Re: Don't buy Lenovo laptops

PostPosted: Mon Feb 23, 2015 3:03 pm
by Cyborg Girl
I think you mean "sued." :)

Re: Don't buy Lenovo laptops

PostPosted: Mon Feb 23, 2015 3:21 pm
by Sigma_Orionis
Yeah :P

Re: Don't buy Lenovo laptops

PostPosted: Tue Feb 24, 2015 12:51 pm
by geonuc
Without being too knowledgeable about the technology or the specifics, I'm tempted to hope the lawsuit is successful. Computers and computer programs and applications have become such an integral part of our lives that they are now 'necessary'. With that designation, businesses that provide computers and computer software have - or should have - a heightened responsibility to ensure their products are not harmful to users. Much like car manufacturers have a responsibility to produce vehicles with a certain level of safety and reliability.

Maybe this type of lawsuit has already happened and this one isn't ground-breaking.

I'm still chapped about the Anthem healthcare data security breach. I think those people should be sued for reckless negligence. Such suits will drive up prices but I for one think it is worth it.

There's a thread on CQ about fear of technology and although I think the OP is a bit ridiculous, it's things like the Lenovo Superfish fiasco, and the Anthem hacking disaster, and many others too numerous to count, that make me think we need greater safeguards and care with information technology.

Re: Don't buy Lenovo laptops

PostPosted: Tue Feb 24, 2015 2:26 pm
by Sigma_Orionis
I would like that lawsuit to be successful as well. Ladening PCs with crapware is one thing. Doing something as irresponsible as stuffing a "catch-all" SSL certificate in the MS Windows Certificate Store is another.

And geonuc, as you surmised it's not the first time this specific problem has happened, check out Sony's Rootkit fiasco What makes it worse is that Lenovo is being more sanguine about it than Sony.

Re: Don't buy Lenovo laptops

PostPosted: Tue Feb 24, 2015 6:14 pm
by Cyborg Girl
It gets even worse: they include a rootkit.

https://gist.github.com/Wack0/f865ef369eb8c23ee028

So not only is there a ready-made means of compromise, there is a preexisting compromise with a nice backdoor to hide further mischief.

Re: Don't buy Lenovo laptops

PostPosted: Tue Feb 24, 2015 6:44 pm
by Sigma_Orionis
Good enough reason not to buy a Lenovo Laptop ever again. Hell, if it was up to me I wouldn't buy anything from them again.

Re: Don't buy Lenovo laptops

PostPosted: Sat Feb 28, 2015 2:33 pm
by Sigma_Orionis
Here's a very thorough comment on this

You Had One Job, Lenovo

Re: Don't buy Lenovo laptops

PostPosted: Mon Mar 02, 2015 3:30 pm
by Sigma_Orionis