Lenovo installs adware on customer laptops

The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
I believe it said that Lenovo installs the software on the computer.


I think you can uninstall it. When my U530 gets back from the shop (the hinge cracked on it), then I will check. I believe I uninstalled it.
 

Yeah, now that IBM has offloaded their entire x86 server market to Lenovo, us folks in the enterprise IT market are less than confident that there will be no shenanigans; much to the dismay of the parade of ex IBM, now Lenovo sales engineers visiting and insisting that "there is nothing to see here"...I feel sorry for those d00ds...they are good guys who have gone above and beyond for us.
 
It's not just adware--it's pretty much malware...the adserver software is basically running a continuous "man-in-the-middle" attack on you, all the time.

Here is an article about it, detailing towards the bottom how a security expert showed that all his banking transactions were being routed through the Superfish site UNENCRYPTED:
https://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

Also, they are following the story, and the latest word is that installing Windows clean may NOT solve your problems:
https://arstechnica.com/security/2015/02/how-to-remove-the-superfish-malware-what-lenovo-doesnt-tell-you/
 
The second sentence of the article you linked says otherwise...or am I missing something?

Windows 8 uses a new method of repair/recovery/reinstall where the installation media is stored in a hidden partition on the hard drive. It is possible that superfish is also included in the installation data.

A new install with a clean (from Microsoft) source is safe. However, uninstalling the malware is relatively simple, and there are many ilustrated guides online, and so should be your primary method of redress.
 
I'm not any kind of expert on this, but I've read that just removing the Superfish malware does not necessarily remove the self-signed root security certificate that is the real security concern. You may need to completely wipe the machine and install vanilla Windows.
 
There's a lot of jargon in this thread, so for the non-technical:

Your new Lenovo may have a massive security hole that routes your secure transactions, like your credit card purchases and banking transactions through somebody else, giving them access to your passwords and other secure info. It also makes your computer super easy to hack by other hackers. You need to get it fixed.

This was a really stupid and evil thing for Lenovo to do.
 
This a big company with lots of resources. They need to provide a one step removal tool for their customers to use.
 
There's a lot of jargon in this thread, so for the non-technical:

Your new Lenovo may have a massive security hole that routes your secure transactions, like your credit card purchases and banking transactions through somebody else, giving them access to your passwords and other secure info. It also makes your computer super easy to hack by other hackers. You need to get it fixed.

This was a really stupid and evil thing for Lenovo to do.

This a big company with lots of resources. They need to provide a one step removal tool for their customers to use.

Yes, my wife and I used to love the old ThinkPads, and the Lenovo's were (up until recently) good products.

I heard they took a quality nosedive in 2014, and recently when we upgraded, I persuaded my wife to get a MacBook Air...

In any event, I know there may be people out there that may be affected, and they need to know. This is a serious problem, and if they want to do the right thing for their customers, they should come up with a simple (and effective) way to remove this problem completely.
 
I know it probably won't happen, but criminal charges ought to be brought against whomever approved this. Something along the lines of "conspiracy to commit fraud."
 
I'm not any kind of expert on this, but I've read that just removing the Superfish malware does not necessarily remove the self-signed root security certificate that is the real security concern. You may need to completely wipe the machine and install vanilla Windows.

This is true, although it is unlikely that, without Superfish installed, the certificate will ever be used. However, all Lenovo users should be checking for, and removing both the Superfish program, and the Superfish certificate both in Windows and Firefox.

A good guide for doing so can be found at https://filippo.io/Badfish/removing.html

This was a really stupid and evil thing for Lenovo to do.

I know it probably won't happen, but criminal charges ought to be brought against whomever approved this. Something along the lines of "conspiracy to commit fraud."

I agree that Lenovo has a lot of culpability here, but mostly they just installed a third party application, a normal, if unfortunate, procedure for virtually all PC manufacturers. The ultimate blame rests on the Superfish organization (a company with US offices). I don't believe Lenovo had malicious intent, although they certainly should have been more aware. Stupid? yes; evil? probably not; liable? maybe, but probably will pass the legal blame on to Superfish. Ultimately, I'm somewhat perplexed as to the outrage people are exhibiting at a badly made Chinese product. There seems to be an incredible bias against Chinese manufacturers today, and yet we still trust their products implicitly. Yes it is bad, yes they should be punished, no it wasn't unthinkable.

This a big company with lots of resources. They need to provide a one step removal tool for their customers to use.

You would trust the organization that got you into this mess to get you out? The reason we are in this mess is that the vast majority of users don't care enough to educate themselves on what is installed on their computer. Take the 3 minutes and check your computer manually so that you can be sure that the problem is solved.
 
There seems to be an incredible bias against Chinese manufacturers today, and yet we still trust their products implicitly. Yes it is bad, yes they should be punished, no it wasn't unthinkable.


Be careful where you accuse people of bias. In this world market, most people have no idea where their products come from. Until you said Lenovo came from China, I had no idea.

What is the largest producer of rice in the world?


Arkansas.

Largest producer of Peaches?



South Carolina.

The world often isn't what you think it is.
 
You all can still buy Lenovo products. Just buy a new HDD as well, swap them out, reload Windooze 7 or 8 and you'll be fine. :facepalm:

Yeah, I read about Lenovo and their malware tactics and that really pissed me off. Pissed off the wife as well, since she was looking at Lenovo for one of their laptop models for her Girl Guides of Canada work. Not anymore. :no:
 
I agree that Lenovo has a lot of culpability here, but mostly they just installed a third party application, a normal, if unfortunate, procedure for virtually all PC manufacturers. The ultimate blame rests on the Superfish organization (a company with US offices). I don't believe Lenovo had malicious intent, although they certainly should have been more aware. Stupid? yes; evil? probably not; liable? maybe, but probably will pass the legal blame on to Superfish. Ultimately, I'm somewhat perplexed as to the outrage people are exhibiting at a badly made Chinese product. There seems to be an incredible bias against Chinese manufacturers today, and yet we still trust their products implicitly. Yes it is bad, yes they should be punished, no it wasn't unthinkable.



You would trust the organization that got you into this mess to get you out? The reason we are in this mess is that the vast majority of users don't care enough to educate themselves on what is installed on their computer. Take the 3 minutes and check your computer manually so that you can be sure that the problem is solved.

I agree that SuperFish deserves plenty of scorn. They might even be criminals. But if someone is to blame SuoperFish for this, then it will have to be Lenovo, not consumers. People bought their laptops from Lenovo, not SuperFish, and anything installed on it is Lenovo's responsibility. The blame is on Lenovo. If you bought a car that had dangerous brakes installed on it by the manufacturer, you'd blame the manufacturer.

I am not at all perplexed by the outrage. This was a huge violation of trust. And I do not believe that Lenovo did not know what they were installing on their laptops. I do not agree it is the consumer's responsibility to understand security issues like this. The fact is that 90% or more of consumers are not going to check their machines for every piece of installed software, and even if they did, most would not know what the software was doing or whether it posed a risk. I do not think consumers should HAVE to be responsible for finding and removing dangerous software installed by manufacturers.

The machines should have been sold with a disclaimer that said, "Secure internet transactions are not secure on this laptop. Your computer will tell you your transactions are secure but they are not. All your web transactions including credit card numbers, passwords, financial transactions, and any other secure information you transmit will be transmitted without encryption and can be viewed by any service providers who provide the connection between this computer and the other party to your transactions. All of your confidential internet transactions will be shared with a company called SuperFish. This laptop is extremely vulnerable to being hacked and accessed without your knowledge, especially when connected to Wi-Fi networks."

Also, there are two parties to a secure HTTPS transaction and I'm sure this kind of breach has made a enemies of companies like Amazon, credit card companies, online banking companies, and any other companies who have an interest in secure transactions.

Not only that but what about employers who purchased these machines for employees to use for secure transactions for work?

This is going to be a poopstorm.
 
https://news.lenovo.com/article_dis...ay.cfm?article_id=1929&PUBNAME=VigLink&NID=CJ

List of Lenovo products that may have been infected:


Superfish may have appeared on these models:
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30
 
This a big company with lots of resources. They need to provide a one step removal tool for their customers to use.

If they put it there why would you trust them to remove it? I will not buy one of their systems ever after this. No way, no how. Heck, if I could swing it I would not buy product from China period, but as I am sure all are aware that is easier said than done.
 
To get rid of the problem with Superfish, you need to uninstall it and remove the security certificate. Google a bit and you will see how to do this. That's the last I heard about it --but it may not be that simple.

As mentioned, the best way to (just about) be certain your PC does not have something in it that is not good is to swap out the hard drive with a new one and install an OS (operating system) from scratch. Why a new hard drive? It appears that the firmware on hard drives can be compromised. Installing an OS from scratch means not using a factory re-install disk (or disks, or partition), but only the operating system itself. This can be difficult, since certain drivers (like for your video, network, etc., may have to be downloaded from the manufacturer separate from the OS installation to make everything work. Even worse, some drivers, particularly for laptops, may not be available from the manufacturer.

Difficult to know what is compromised from manufacturers these days. So many chips and other components of computers, firewalls, switches, routers, wireless access points, etc., come from various sources around the world. They get put together to form the final product and sold to consumers, but companies often do not test every component used to see if there is anything malicious hidden in the firmware.
 
Its interesting because I read a story not so long ago that the US, UK, Australian and Canadian security services had a blanket ban on using Lenovo machines. My memory is a bit sketchy on this but at the time the security services said it was nothing to do with security but just a commercial thing but the UK Home Office (as I recall) said they would immediately ditch some vast number of Lenovo machines which did make me wonder at the time what the story really was.

Older net denizens will remember there was a similar biff up over RealPlayer years back.
 
The machines should have been sold with a disclaimer that said, "Secure internet transactions are not secure on this laptop. Your computer will tell you your transactions are secure but they are not. All your web transactions including credit card numbers, passwords, financial transactions, and any other secure information you transmit will be transmitted without encryption and can be viewed by any service providers who provide the connection between this computer and the other party to your transactions. All of your confidential internet transactions will be shared with a company called SuperFish. This laptop is extremely vulnerable to being hacked and accessed without your knowledge, especially when connected to Wi-Fi networks."

Happy_fun_ball.jpg


[ open on three kids playing with their Happy Fun Ball ]

Kid 1: It's happy!

Kid 2: It's fun!

All Three Kids: It's Happy Fun Ball!

Announcer: Yes, it's Happy Fun Ball! The toy sensation that's sweeping the nation! Only $14.95 at participating stores! Get one today!

Warning: Pregnant women, the elderly, and children under 10 should avoid prolonged exposure to Happy Fun Ball.

Caution: Happy Fun Ball may suddenly accelerate to dangerous speeds.

Happy Fun Ball contains a liquid core, which, if exposed due to rupture, should not be touched, inhaled, or looked at.

Do not use Happy Fun Ball on concrete.

Discontinue use of Happy Fun Ball if any of the following occurs:
itching
vertigo
dizziness
tingling in extremities
loss of balance or coordination
slurred speech
temporary blindness
profuse sweating
or heart palpitations.
If Happy Fun Ball begins to smoke, get away immediately. Seek shelter and cover head.

Happy Fun Ball may stick to certain types of skin.

When not in use, Happy Fun Ball should be returned to its special container and kept under refrigeration. Failure to do so relieves the makers of Happy Fun Ball, Wacky Products Incorporated, and its parent company, Global Chemical Unlimited, of any and all liability.

Ingredients of Happy Fun Ball include an unknown glowing green substance which fell to Earth, presumably from outer space.

Happy Fun Ball has been shipped to our troops in Saudi Arabia and is being dropped by our warplanes on Iraq.

Do not taunt Happy Fun Ball.

Happy Fun Ball comes with a lifetime warranty.

Announcer: Happy Fun Ball! Accept no substitutes!

- George Gassaway
 
Last edited:
Digital communication is just the wild, wild West these days; you just don't get to see the bandits who rob you. In my job I get so many notifications about security issues that for my own sanity I often just delete them unless there is something I need to do about it. Beyond having antivirus and keeping your operating system patched, there are some simple steps you can take at home that will help prevent infections, like using Open DNS --https://www.opendns.com/-- and not using an administrative account when surfing the Internet (just create one for yourself and log into it if you are going to surf the 'net). There are many other steps as well, but these two will help a lot. Also, NEVER use public WiFi. ;) Now I'm going to think happy thoughts, like working on my rockets tonight.
 
A class action lawsuit has been files against Lenovo and the makers of Superfish for this bit of silliness. People are also calling for a federal investigation/prosecution for violations of hacking laws.
 
Oops. That's bad...

I'm sure glad my first action with my Lenovo laptop was to flush Windows and install some flavour of Linux :)
 
Back
Top