Lenovo caught installing adware on new computers - Canadian TV, Computing and Home Theatre Forums
 
LinkBack Thread Tools Search this Thread Display Modes

post #1 of 13 (permalink) Old 2015-02-19, 11:58 AM Thread Starter
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 432
Lenovo caught installing adware on new computers

http://thenextweb.com/insider/2015/0...new-computers/
It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time.

The adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here
905shmick is offline  
Sponsored Links
Advertisement
 
post #2 of 13 (permalink) Old 2015-02-19, 01:29 PM
Veteran
 
Join Date: Jan 2009
Location: 127.0.0.1
Posts: 3,370
I think this should be called "pulling a Sony".
audacity is offline  
post #3 of 13 (permalink) Old 2015-02-19, 05:42 PM
 
Join Date: Jun 2011
Posts: 1,113
But.. but... the NSA does it!
ssbtech is offline  
 
post #4 of 13 (permalink) Old 2015-02-19, 10:34 PM Thread Starter
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 432
From https://www.eff.org/deeplinks/2015/0...ty-its-laptops

Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken. If you access your webmail from such a laptop, any network attacker can read your mail as well or steal your password. If you log into your online banking account, any network attacker can pilfer your credentials. All an attacker needs in order to perform these attacks is a copy of the Superfish MITM private key. There is (apparently) a copy of that key inside every Superfish install on every affected Lenovo laptop, which has now been extracted and posted online.

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here
905shmick is offline  
post #5 of 13 (permalink) Old 2015-02-19, 11:09 PM
AFF
 
Join Date: Apr 2007
Posts: 894
This is why I format and re-install the OS on most every pc and laptop I have ever bought. They put too much junk on new systems.
AFF is offline  
post #6 of 13 (permalink) Old 2015-02-20, 03:16 AM
OTA Forum Moderator
 
Join Date: Jan 2005
Posts: 24,878
Similarly to AFF's advice, when I've purchased laptops I've unboxed them, then without ever powering them on a first time I've flipped them over, removed the hard drive, replaced it with a virgin SSD and then installed from scratch, usually with Linux but sometimes with Windows if I'm testing something that requires it. The OEM hard drive goes into an anti-static bag and then into a sealed container in my shed in case I might ever need it. Once the laptop's warranty has expired I'll then reuse that OEM HD for something else if I have a need.

That's how I have avoided the "add-on" software blues like what Lenovo has been caught doing.



stampeder is offline  
post #7 of 13 (permalink) Old 2015-02-20, 09:34 AM Thread Starter
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 432
Lenovo has now posted info on how to remove both Superfish & the root certificate

http://support.lenovo.com/us/en/prod...rity/superfish

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here

Last edited by 905shmick; 2015-02-20 at 10:01 AM. Reason: Spelling
905shmick is offline  
post #8 of 13 (permalink) Old 2015-02-20, 02:45 PM
Veteran
 
Join Date: Jul 2013
Posts: 1,523
As well, if you are running Windows Defender, if you do the latest updates for it, It will remove the superfish and repair any of the certificates.

GDKitty
Rogers Ignite Xi6, LG 47LV5400 LED TV, Yamaha
gdkitty is offline  
post #9 of 13 (permalink) Old 2015-02-20, 03:53 PM
 
Join Date: Mar 2007
Location: Guelph
Posts: 1,044
Replacing Windows 8/8.1 with Windows 10 Tech Preview solves that problem. I don't know if my Lenovo had the Superfish, but I checked it and Firefox on it this am using instructions from Ars Technica and it is ok and clean with W 10.
timlocke is online now  
post #10 of 13 (permalink) Old 2015-02-21, 12:28 AM
Veteran
 
Join Date: Mar 2010
Location: Interior
Posts: 1,774
But Win10 will need complete redo.
gzink is offline  
post #11 of 13 (permalink) Old 2015-02-21, 08:07 AM
 
Join Date: Feb 2004
Location: Thornhill
Posts: 1,026
^^ Incorrect. WTP will not require a complete redo. You can upgrade, similar to performing the monthly patch updates. This retains all your data, user accounts, installed Desktop programs and Metro apps.
Bplayer is offline  
post #12 of 13 (permalink) Old 2015-02-23, 03:41 PM
OTA Forum Moderator
 
Join Date: Jan 2005
Posts: 24,878
U.S. Class Action Lawsuit proposed

It was only a matter of time:
Quote:
A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.

Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called “spyware” in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.
http://www.pcworld.com/article/28873...ish-snafu.html



stampeder is offline  
post #13 of 13 (permalink) Old 2015-02-24, 03:40 PM
 
Join Date: Jul 2014
Posts: 188
Glad to here.

The more people fight back, the less likely other companies will be to try stuff like this.
Wetware is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Canadian TV, Computing and Home Theatre Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome