Canadian TV, Computing and Home Theatre Forums banner

1 - 13 of 13 Posts

·
Registered
Joined
·
434 Posts
Discussion Starter #1
http://thenextweb.com/insider/2015/02/19/lenovo-caught-installing-adware-new-computers/

It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time.

The adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.
 

·
Registered
Joined
·
434 Posts
Discussion Starter #4
From https://www.eff.org/deeplinks/2015/02/further-evidence-lenovo-breaking-https-security-its-laptops

Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken. If you access your webmail from such a laptop, any network attacker can read your mail as well or steal your password. If you log into your online banking account, any network attacker can pilfer your credentials. All an attacker needs in order to perform these attacks is a copy of the Superfish MITM private key. There is (apparently) a copy of that key inside every Superfish install on every affected Lenovo laptop, which has now been extracted and posted online.
 

·
Registered
Joined
·
894 Posts
This is why I format and re-install the OS on most every pc and laptop I have ever bought. They put too much junk on new systems.
 

·
OTA Forum Moderator
Joined
·
24,878 Posts
Similarly to AFF's advice, when I've purchased laptops I've unboxed them, then without ever powering them on a first time I've flipped them over, removed the hard drive, replaced it with a virgin SSD and then installed from scratch, usually with Linux but sometimes with Windows if I'm testing something that requires it. The OEM hard drive goes into an anti-static bag and then into a sealed container in my shed in case I might ever need it. Once the laptop's warranty has expired I'll then reuse that OEM HD for something else if I have a need.

That's how I have avoided the "add-on" software blues like what Lenovo has been caught doing.
 

·
Registered
Joined
·
1,589 Posts
As well, if you are running Windows Defender, if you do the latest updates for it, It will remove the superfish and repair any of the certificates.
 

·
Registered
Joined
·
1,082 Posts
Replacing Windows 8/8.1 with Windows 10 Tech Preview solves that problem. I don't know if my Lenovo had the Superfish, but I checked it and Firefox on it this am using instructions from Ars Technica and it is ok and clean with W 10.
 

·
Registered
Joined
·
1,040 Posts
^^ Incorrect. WTP will not require a complete redo. You can upgrade, similar to performing the monthly patch updates. This retains all your data, user accounts, installed Desktop programs and Metro apps.
 

·
OTA Forum Moderator
Joined
·
24,878 Posts
U.S. Class Action Lawsuit proposed

It was only a matter of time:
A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.

Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called “spyware” in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.
http://www.pcworld.com/article/2887392/lenovo-hit-with-lawsuit-over-superfish-snafu.html
 
1 - 13 of 13 Posts
Top