Are you still buying Lenovo?
I used to have an older Lenovo laptop and it worked great. With this next set of revelations on their products, I’m glad I don’t have one anymore.
They have a piece of their BIOS code, the code that runs from flash even before the operating system starts to initialize, that ensures the installation of crapware that serves ads and tracks you. If the crapware has been deleted, or even if the os has been completely rebuilt from scratch, the BIOS still makes sure the OS loads the privacy- and security- busting crapware onto your machine.
All of this despite claims in February that they wouldn’t be installing crapware anymore.
It looks like Lenovo may not have learned much from February’s Superfish shenanigans. If you recall, Lenovo was busted for stealthily installing adware on consumer laptops. Worse, the Superfish adware in question opened up all Lenovo customers to man-in-the-middle attacks by faking the encryption certificate for every HTTPS-protected site customers visited. When pressed, Lenovo idiotically denied there was any security threat introduced by faking encryption certs solely for the sake of pushing ads.
Lenovo’s now under fire this week for reinstalling the company’s bloatware on Lenovo laptops, even if customers have completed a fresh install of Windows.
Apparently, Lenovo’s using a Windows function called Microsoft Windows Platform Binary Table (WPBT)… as a method to force the laptop to phone home to Lenovo servers so adware can be installed.
Basically, before booting Windows, the Lenovo Service Engine (LSE) built into the laptop’s firmware replaces Microsoft’s copy of autochk.exe with Lenovo’s version. Lenovo’s version then ensures that LenovoUpdate.exe and LenovoCheck.exe are present in Windows’ system32 directory, with full administrative rights. Lo and behold, you then get Lenovo crapware — and a machine that phones home to Lenovo servers — even if you think you’ve avoided such practices via what you incorrectly assumed was a truly clean OS install.
You’ll be shocked to learn that this practice isn’t particularly secure… Once Lenovo learned of the security risk, and likely received a wrist slap from Redmond for running afoul of Microsoft’s security standards regarding WBPT, Lenovo very quietly backed away from the practice last June, then released tools for laptops and desktops to aid in the removal of the LSE.
Clearly, since users are only just in August realizing this problem exists, Lenovo did a wonderful job communicating the issue to its customers. Lenovo now says that any computer sold since June should not include this stealth crapware install mechanism, but somehow it still thought it was a great idea to employ this technology from between October 2014 and April of this year.
What you can do
- Don’t buy Lenovo
- If it’s too late and you already have a Lenovo, contact their customer service agents to get their removal tools working on your machine. Don’t search for it on their website, expend their human resources by placing as many phone calls as necessary.