The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Lenovo Apologizes for Adware: What you need to know about bloatware on your new PC

    Discussion in 'Notebook News and Reviews' started by Jerry Jackson, Feb 19, 2015.

  1. Jerry Jackson

    Jerry Jackson Administrator NBR Reviewer

    Reputations:
    3,075
    Messages:
    2,021
    Likes Received:
    34
    Trophy Points:
    66
    If you purchased a new Lenovo notebook late last year you might have wondered why you were seeing strange ads every time you did a Google search. The answer is simple: Lenovo installed adware on your brand-new PC. Unfortunately, this isn't the first time we've seen a PC manufacturer preinstall questionable software on consumer laptops ... and it probably won't be the last.

    Read the full content of this Article: http://www.notebookreview.com/feature/lenovo-apologizes-adware-need-know-bloatware-new-pc/
     
    Jerry Jackson, Feb 19, 2015
    #1
  2. Qing Dao

    Qing Dao Notebook Deity

    Reputations:
    1,600
    Messages:
    1,771
    Likes Received:
    304
    Trophy Points:
    101
    The issue is a lot more serious than just "adware" or "bloatware." In the article you really gloss over the main issue at hand. This isn't your standard bloat that you want to trim from a new PC. This software makes all secure network connections open to third parties. This is a huge security hole and there is absolutely no excuse for them to willfully do such a thing. "Lenovo claims an internal investigation of Superfish did not find any evidence to substantiate that the adware poses a security risk to users" is demonstrably false. How do we know that Lenovo, their pals in the Chinese government, a rogue Lenovo employee, or any other hacker with knowledge of this software wasn't storing user names, passwords, or any other sensitive information that was input online? By trusting the same people who got caught red-handed installing it on new PCs? We don't. If anyone was affected by this, they should get rid of it immediately and change all of their passwords, although unfortunately other information such as SSNs, date of birth, or other permanent identification numbers could be compromised.

    Also, I don't want to get banned by posting links on how to hack it, but after this became public, people have posted online JUST HOW FREAKING EASY it is to use this spyware to intercept any "secure" connection. It is really scary stuff. This goes WAY beyond any sort of run of the mill "bloatware."
     
    Last edited by a moderator: Feb 20, 2015
    Qing Dao, Feb 20, 2015
    #2
  3. tijo

    tijo Sacred Blame

    Reputations:
    7,588
    Messages:
    10,023
    Likes Received:
    1,077
    Trophy Points:
    581
    One important thing is that removing the Superfish software doesn't actually remove the certificate that is responsible for a part of the issue. Also, yeah any script kiddie will be able to use the vulnerability.
     
    tijo, Feb 20, 2015
    #3
  4. IKAS V

    IKAS V Notebook Prophet

    Reputations:
    1,073
    Messages:
    6,171
    Likes Received:
    535
    Trophy Points:
    281
    That is absolutely disturbing to hear such a big laptop maker use such disgusting practices.
    Good thing I have never owned a Lenovo and now never will even though they say they "fixed" it.
     
    IKAS V, Feb 21, 2015
    #4
  5. Algus

    Algus Notebook Deity

    Reputations:
    130
    Messages:
    948
    Likes Received:
    47
    Trophy Points:
    41
    Yeah this is right up there with the Sony rootkit incident from many years ago. Not good at all.
     
    Algus, Feb 21, 2015
    #5