DonationCoder.com Forum

Main Area and Open Discussion => Living Room => Topic started by: xtabber on February 19, 2015, 11:31 AM

Title: Preloaded spyware, courtesy Lenovo
Post by: xtabber on February 19, 2015, 11:31 AM

It seems that Lenovo has been preloading their consumer grade laptops with ad-injecting spyware (http://www.theregister.co.uk/2015/02/19/superfish_lenovo_spyware/).

Even worse, this particular spyware installs its own root certificate and serves fake certificates on the fly.

You can read more about it here (http://www.theregister.co.uk/2015/02/19/superfish_lenovo_analysis/).

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: hamradio on February 19, 2015, 12:45 PM

Could it be that it is the Chinese equivalent of the NSA intercepting them on export and adding it then sending em on the way...lol

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: mwb1100 on February 19, 2015, 12:46 PM

I hope that this behavior is found to be against some anti-hacking laws somewhere and that Lenovo can be hit with something more damaging then bad press.  Certainly, a MITM attack breaching secure banking sites must be against the law?

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: ewemoa on February 20, 2015, 01:48 AM

Thanks for sharing this.

The article contained some nice links:

• Lenovo installs adware on customer laptops and compromises ALL SSL. (http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/) -> Has sections "HOW TO CHECK IF YOU ARE AFFECTED" and "WHAT TO DO IF YOU ARE AFFECTED" near the end of the article (before the comments section)
• Errata Security: Some notes on SuperFish (http://blog.erratasec.com/2015/02/some-notes-on-superfish.html) -> Had clear timing info: "It's been going on since at least June 2014"
• What You Need to Know About Superfish, The Man-in-the-Middle Adware Installed on Lenovo PCs (http://www.tripwire.com/state-of-security/security-data-protection/superfish-lenovo-adware-faq/)

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: xtabber on February 20, 2015, 07:00 AM

I feel personally aggrieved in this matter.  I bought a Lenovo Miix 2-8 nearly a year ago (before they began loading Superfish) and was pleasantly surprised at how well it runs Windows. But the screen is too small and low-res to use for any real work, so I was about to buy a Lenovo Yoga 2 10 inch Windows tablet. Needless to say, I will look elsewhere and expect to never purchase a Lenovo product again.

It’s pretty clear from their statements that the folk at Lenovo don’t think that they did anything wrong, just that they “messed up” and got caught.  The only way to teach people like this is to hit them where it hurts, in the pocketbook.

I generally detest lawyers who file class action lawsuits, but I would suspect that Lenovo is going to face a bunch of them and this is one situation where I hope the predators get their pound of flesh.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: IainB on February 20, 2015, 07:39 AM

Could it be that it is the Chinese equivalent of the NSA intercepting them on export and adding it then sending em on the way...lol

-hamradio (February 19, 2015, 12:45 PM)

Many a true word spoken in jest.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: Renegade on February 20, 2015, 09:26 AM

I've almost always had custom built computers, but the "stock" ones that I've had have really sucked by comparison.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: wraith808 on February 20, 2015, 10:20 AM

You can check to see if you're affected: https://filippo.io/Badfish/

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: rgdot on February 20, 2015, 11:04 AM

Have a Lenovo, but long since overwritten with Mint (from original Windows)

FWIW this is what I see:

[ You are not allowed to view attachments ]

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: wraith808 on February 20, 2015, 11:48 AM

If you overwrite, you're fine.  I received that link from my IT department (we use Lenovo's), and they do the same thing.  When we get them in, they overwrite with a standard image.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: ewemoa on February 21, 2015, 07:12 AM

I overwrite too.  Definitely takes time to set up from installation media first time (e.g. today from W7 SP1, literally had over 130 updates total), but apart from avoiding the questionable content that is preloaded there are a few additional benefits IMHO:

bloat reduction
a somewhat more up-to-date image to restore from and possibly customized more to one's taste
a bit more flexibility regarding use of HDD -- e.g. can use the space reserved for restoration (i.e. onekey) for other purposes

May be others have additional / different reasons for doing likewise?

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: Steven Avery on February 21, 2015, 09:02 AM

Are you saying that you overwrite their OS with the installation media that comes with the hardware?  
If so, do they supply CDs, or do you burn them, or have another source?  If from Lenovo, these are clean unlike the PCs they sent out?

Just want to have a clearer explanation.
Clearly overwriting with Mint is another story.

Steven

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: wraith808 on February 21, 2015, 01:27 PM

Are you saying that you overwrite their OS with the installation media that comes with the hardware? 
If so, do they supply CDs, or do you burn them, or have another source?  If from Lenovo, these are clean unlike the PCs they sent out?

Just want to have a clearer explanation.
Clearly overwriting with Mint is another story.

Steven

-Steven Avery (February 21, 2015, 09:02 AM)

Well, from a corporate standpoint, they have images that they have created that are licensed and install the exact same image onto each category (developer, analyst, etc) of user.

Personally, I don't buy laptops that don't include actual installation media that is certified bare bones windows.  In the case of those that don't provide the same, in many cases they provide computers without the operating system.

Some include restoration partitions that already have the crapware in them.

Of course, I haven't bought a laptop in years... so not sure if it's possible to buy a mainstream without the OS now.  But in that case, you'd have to purchase the OS separately and install it.  I had to do that on my last laptop.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: TaoPhoenix on February 21, 2015, 07:32 PM

I've almost always had custom built computers, but the "stock" ones that I've had have really sucked by comparison.

-Renegade (February 20, 2015, 09:26 AM)

I think I stand by this. I am making my own problems with upgrade woes but my current comp is custom built that we did as a project and when it's your buddy building it you know generally there's no weird stuff (initially!) on there.

You don't have to de-construct it in labor-hours what you saved in build dollars.

 :tellme:

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: ewemoa on February 21, 2015, 07:46 PM

Are you saying that you overwrite their OS with the installation media that comes with the hardware?  

-Steven Avery (February 21, 2015, 09:02 AM)

In my case, I have purchased separate installation media -- can get a bit expensive, but then these days there are some places that offer the purchase of PCs without a bundled OS.

Didn't mention this earlier, but up through this post I've had notebook PCs in mind.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: ewemoa on February 21, 2015, 07:47 PM

I think I stand by this. I am making my own problems with upgrade woes but my current comp is custom built that we did as a project and when it's your buddy building it you know generally there's no weird stuff (initially!) on there.

-TaoPhoenix (February 21, 2015, 07:32 PM)

I haven't found a practical way to assemble appropriate notebook PCs, but for desktop / server, have almost always gone with custom.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: wraith808 on February 21, 2015, 09:41 PM

I think I stand by this. I am making my own problems with upgrade woes but my current comp is custom built that we did as a project and when it's your buddy building it you know generally there's no weird stuff (initially!) on there.

-TaoPhoenix (February 21, 2015, 07:32 PM)

I haven't found a practical way to assemble appropriate notebook PCs, but for desktop / server, have almost always gone with custom.

-ewemoa (February 21, 2015, 07:47 PM)

Same here.  It just isn't practical to assemble a laptop from what I've seen.  The desktop/server- because of the ability to choose individual parts- is practical for a build.  Laptops haven't seemed to reach that level yet.

And I do think it's only laptops that were affected by this...

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: Target on February 23, 2015, 07:26 PM

saw this on Ghacks this morning - privdog-is-superfish-all-over-again (http://www.ghacks.net/2015/02/23/privdog-is-superfish-all-over-again/)

it appears Privdog (which ships with Comodo) may be a similar application...

and so it goes...

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: ewemoa on February 23, 2015, 11:18 PM

Thanks for sharing...tip of the iceberg, anyone?

Nice to have instructions for removal (near the end of the article).

On a side note, I found it particularly irksome that for the GUI-ishly inclined that one has to "Add/Remove Snap-in".  Grrr!  On a positive note, the Ghacks article described a language-independent way of accessing the UI window that's relevant for this process, and that is much appreciated.  Some other articles describe steps that use searching which don't work on (at least some) non-English-based Windows machines (at least they didn't work for me).

Screenshots would be a plus for some of the steps to help guide (though of course that probably wouldn't help in the case where searching is part of the instructions...).

Spoiler

The last 2 paragraphs in the article...

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: mwb1100 on February 23, 2015, 11:50 PM

So when will legitimate security vendors (whoever they might be) start reporting when there are fishy root certs installed?  Because I don't know about you, but when I look at the collection of root certs installed on my machine (run the certmgr.msc management console plug-in program), there's no way I could say which (if any) didn't belong. 

There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: Target on February 23, 2015, 11:57 PM

I think the most irritating thing here is that these are 'trusted' vendors

Comodo seems to be a well regarded security vendor which is doubly disturbing (though i suppose not altogether surprising, it's not like it's the first time something like this has happened)

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: ewemoa on February 24, 2015, 12:46 AM

So when will legitimate security vendors (whoever they might be) start reporting when there are fishy root certs installed?  Because I don't know about you, but when I look at the collection of root certs installed on my machine (run the certmgr.msc management console plug-in program), there's no way I could say which (if any) didn't belong. 

There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.

-mwb1100 (February 23, 2015, 11:50 PM)

I agree about it being impractical to tell -- didn't have that many here, but there were a few completely unfamiliar ones.

Something to help assess what should and shouldn't be there does sound like it could be useful....not sure how practical and effective it would end up being, though perhaps much better than nothing.

Wouldn't really trust what one specific vendor had to say about a specific cert (cf. the value of VirusTotal, Jotti, etc.), but with a collective assessment, may be some suspicious things could be detected.

Spoiler

It's not like the whole root cert idea is foolproof, but that would be a different type of discussion I guess :)

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: ewemoa on February 24, 2015, 12:48 AM

I think the most irritating thing here is that these are 'trusted' vendors

Comodo seems to be a well regarded security vendor which is doubly disturbing (though i suppose not altogether surprising, it's not like it's the first time something like this has happened)

-Target (February 23, 2015, 11:57 PM)

So where's our "anti-virus / security vendor" scanner ;)

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: Stoic Joker on February 24, 2015, 06:31 AM

There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.

-mwb1100 (February 23, 2015, 11:50 PM)

Why? SSL Certs only serve to verify the identity of the entity on the other end of a connection ... Not the purity of their intentions..

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: mwb1100 on February 24, 2015, 12:40 PM

There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.

-mwb1100 (February 23, 2015, 11:50 PM)

Why? SSL Certs only serve to verify the identity of the entity on the other end of a connection ... Not the purity of their intentions..

-Stoic Joker (February 24, 2015, 06:31 AM)

Because a company that is in the business of to helping deal with malware on my computer is in a better position to track certs that are known to be used for MITM schemes than I am.  Or they could track certs that are trustworthy and flag the other ones as something suspect.  That's what some of the more aggressive anti-malware does with programs.

I'm not sure how it would work. I'm just suggesting that it's a service that I would like to be included in the package for the fee that I'm paying.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: xtabber on August 13, 2015, 10:48 AM

Just when you thought it was safe to go back in the water.....

Lenovo used Windows anti-theft feature to install persistent crapware (http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/)

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: ewemoa on August 13, 2015, 11:37 PM

Thanks for pointing this out.

---

Interesting related commentary here:

  https://news.ycombinator.com/item?id=10039306

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: xtabber on September 25, 2015, 08:58 AM

And yet again!!!

Lenovo insists that they have only ever loaded spyware on consumer products, not their business oriented Think line (ThinkPad, ThinkCentre, etc.).

That also turns out to be a lie. (http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html)

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: tomos on September 25, 2015, 09:53 AM

Lenovo insists that they have only ever loaded spyware on consumer products, not their business oriented Think line (ThinkPad, ThinkCentre, etc.).

That also turns out to be a lie. (http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html)

-xtabber (September 25, 2015, 08:58 AM)

not wanting to minimise this in any way, but there is an interesting comparision there at the end
=>

Had this been any other PC vendor, this might be a triviality. Certainly Microsoft is doing far more tracking in Windows 10.

But trust is the price Lenovo pays for their previous behavior. Those of that recall the company's initial reaction to Superfish, dismissing it out of hand, have a hard time trusting them again.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: xtabber on September 25, 2015, 12:04 PM

Comparisons with Microsoft, Google and others are spurious in that those companies publicly acknowledge a business model that depends on collecting information for advertising and marketing purposes.  They also generally provide clear information on what they are doing and how to opt out, although warning that can reduce the functionality of their products.

Lenovo is a hardware vendor. They have no business collecting this kind of information unless they are reselling it to third parties, which would appear to be the case here. 

The fact that this latest spyware uninstalls itself after 90 days is a dead give-away that Lenovo was fully aware of the damage this could do to their already abysmal reputation.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: IainB on September 25, 2015, 04:51 PM

I'm beginning to give up. I mean, what is the point?
"Resistance is futile!", as the soldiers on the Vogon constructor fleet said.
I suspect that there is already more than sufficient evidence to demonstrate that users are being so ceaselessly bombarded/inundated with reasons or arguments to substantiate/justify them being spied upon (for whatever reason, and whether it is by a nation's government, or some corporation, or whoever else wants to justify doing it) that they are beginning to accept it as a de facto condition of using the Internet or any telecommunications device in a Western society. It is a remorseless attack on our freedoms.

The freedoms have arguably, by now, already been lost, whilst we were sleeping, taken by those with more power than our pathetic franchise gives us, and possession being nine-tenths of the law, we are unlikely to be afforded any leeway to repossess them.

So, here we are now, seemingly left in the impotent and feeble position of considering/debating to what extent we will "allow" our freedoms to be further eroded, all the while pathetically deluding ourselves and pretending to believe that we actually have some say in the matter.

In such a storm, we will probably tend to become (or may already be becoming) desensitised to the matter.
Whenever I read this sort of discussion thread, for example, I experience ennui. I sometimes think I should change my email address to [email protected], and have done with it. I used that email address as the recommended fake browser html header when I was using JunkBuster some years back, but at the time I did not imagine that it would come to this.

Title: Re: Preloaded spyware, courtesy Lenovo
Post by: Shades on September 25, 2015, 06:27 PM

With the amount of tracking and spyware that comes with new versions of Windows itself and the additional spyware the manufacturer decides to put on your laptop...how is this different than running an older version of Windows?

The net result is actually the same!

The only thing you don't know with an older version of Windows is who actually collects the info from your computer. With a new PC you know at least it is Microsoft and the manufacturer/selected partners. But if that is some sort of reassurance. As long as I can make my own PC's, I will. The headache of pre-fabricated PC's really isn't worth it, in my point of view.