topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 12:59 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Preloaded spyware, courtesy Lenovo  (Read 24849 times)

xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
Preloaded spyware, courtesy Lenovo
« on: February 19, 2015, 11:31 AM »
It seems that Lenovo has been preloading their consumer grade laptops with ad-injecting spyware.

Even worse, this particular spyware installs its own root certificate and serves fake certificates on the fly.

You can read more about it here.

hamradio

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 825
  • Amateur Radio Guy
    • View Profile
    • HamRadioUSA.net
    • Read more about this member.
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #1 on: February 19, 2015, 12:45 PM »
Could it be that it is the Chinese equivalent of the NSA intercepting them on export and adding it then sending em on the way...lol

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #2 on: February 19, 2015, 12:46 PM »
I hope that this behavior is found to be against some anti-hacking laws somewhere and that Lenovo can be hit with something more damaging then bad press.  Certainly, a MITM attack breaching secure banking sites must be against the law?


ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #3 on: February 20, 2015, 01:48 AM »
Thanks for sharing this.

The article contained some nice links:


xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #4 on: February 20, 2015, 07:00 AM »
I feel personally aggrieved in this matter.  I bought a Lenovo Miix 2-8 nearly a year ago (before they began loading Superfish) and was pleasantly surprised at how well it runs Windows. But the screen is too small and low-res to use for any real work, so I was about to buy a Lenovo Yoga 2 10 inch Windows tablet. Needless to say, I will look elsewhere and expect to never purchase a Lenovo product again.

It’s pretty clear from their statements that the folk at Lenovo don’t think that they did anything wrong, just that they “messed up” and got caught.  The only way to teach people like this is to hit them where it hurts, in the pocketbook.

I generally detest lawyers who file class action lawsuits, but I would suspect that Lenovo is going to face a bunch of them and this is one situation where I hope the predators get their pound of flesh.

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #5 on: February 20, 2015, 07:39 AM »
Could it be that it is the Chinese equivalent of the NSA intercepting them on export and adding it then sending em on the way...lol
Many a true word spoken in jest.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #6 on: February 20, 2015, 09:26 AM »
I've almost always had custom built computers, but the "stock" ones that I've had have really sucked by comparison.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #7 on: February 20, 2015, 10:20 AM »
You can check to see if you're affected: https://filippo.io/Badfish/

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #8 on: February 20, 2015, 11:04 AM »
Have a Lenovo, but long since overwritten with Mint (from original Windows)

FWIW this is what I see:

Selection_009.png


wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #9 on: February 20, 2015, 11:48 AM »
If you overwrite, you're fine.  I received that link from my IT department (we use Lenovo's), and they do the same thing.  When we get them in, they overwrite with a standard image.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #10 on: February 21, 2015, 07:12 AM »
I overwrite too.  Definitely takes time to set up from installation media first time (e.g. today from W7 SP1, literally had over 130 updates total), but apart from avoiding the questionable content that is preloaded there are a few additional benefits IMHO:

bloat reduction
a somewhat more up-to-date image to restore from and possibly customized more to one's taste
a bit more flexibility regarding use of HDD -- e.g. can use the space reserved for restoration (i.e. onekey) for other purposes

May be others have additional / different reasons for doing likewise?

Steven Avery

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,038
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #11 on: February 21, 2015, 09:02 AM »
Are you saying that you overwrite their OS with the installation media that comes with the hardware?  
If so, do they supply CDs, or do you burn them, or have another source?  If from Lenovo, these are clean unlike the PCs they sent out?

Just want to have a clearer explanation.
Clearly overwriting with Mint is another story.

Steven

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #12 on: February 21, 2015, 01:27 PM »
Are you saying that you overwrite their OS with the installation media that comes with the hardware? 
If so, do they supply CDs, or do you burn them, or have another source?  If from Lenovo, these are clean unlike the PCs they sent out?

Just want to have a clearer explanation.
Clearly overwriting with Mint is another story.

Steven

Well, from a corporate standpoint, they have images that they have created that are licensed and install the exact same image onto each category (developer, analyst, etc) of user.

Personally, I don't buy laptops that don't include actual installation media that is certified bare bones windows.  In the case of those that don't provide the same, in many cases they provide computers without the operating system.

Some include restoration partitions that already have the crapware in them.

Of course, I haven't bought a laptop in years... so not sure if it's possible to buy a mainstream without the OS now.  But in that case, you'd have to purchase the OS separately and install it.  I had to do that on my last laptop.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #13 on: February 21, 2015, 07:32 PM »
I've almost always had custom built computers, but the "stock" ones that I've had have really sucked by comparison.

I think I stand by this. I am making my own problems with upgrade woes but my current comp is custom built that we did as a project and when it's your buddy building it you know generally there's no weird stuff (initially!) on there.

You don't have to de-construct it in labor-hours what you saved in build dollars.

 :tellme:


ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #14 on: February 21, 2015, 07:46 PM »
Are you saying that you overwrite their OS with the installation media that comes with the hardware?  

In my case, I have purchased separate installation media -- can get a bit expensive, but then these days there are some places that offer the purchase of PCs without a bundled OS.

Didn't mention this earlier, but up through this post I've had notebook PCs in mind.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #15 on: February 21, 2015, 07:47 PM »
I think I stand by this. I am making my own problems with upgrade woes but my current comp is custom built that we did as a project and when it's your buddy building it you know generally there's no weird stuff (initially!) on there.

I haven't found a practical way to assemble appropriate notebook PCs, but for desktop / server, have almost always gone with custom.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #16 on: February 21, 2015, 09:41 PM »
I think I stand by this. I am making my own problems with upgrade woes but my current comp is custom built that we did as a project and when it's your buddy building it you know generally there's no weird stuff (initially!) on there.

I haven't found a practical way to assemble appropriate notebook PCs, but for desktop / server, have almost always gone with custom.


Same here.  It just isn't practical to assemble a laptop from what I've seen.  The desktop/server- because of the ability to choose individual parts- is practical for a build.  Laptops haven't seemed to reach that level yet.

And I do think it's only laptops that were affected by this...

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #17 on: February 23, 2015, 07:26 PM »
saw this on Ghacks this morning - privdog-is-superfish-all-over-again

it appears Privdog (which ships with Comodo) may be a similar application...

and so it goes...

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #18 on: February 23, 2015, 11:18 PM »
Thanks for sharing...tip of the iceberg, anyone?

Nice to have instructions for removal (near the end of the article).

On a side note, I found it particularly irksome that for the GUI-ishly inclined that one has to "Add/Remove Snap-in".  Grrr!  On a positive note, the Ghacks article described a language-independent way of accessing the UI window that's relevant for this process, and that is much appreciated.  Some other articles describe steps that use searching which don't work on (at least some) non-English-based Windows machines (at least they didn't work for me).

Screenshots would be a plus for some of the steps to help guide (though of course that probably wouldn't help in the case where searching is part of the instructions...).

Spoiler
The last 2 paragraphs in the article...


mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #19 on: February 23, 2015, 11:50 PM »
So when will legitimate security vendors (whoever they might be) start reporting when there are fishy root certs installed?  Because I don't know about you, but when I look at the collection of root certs installed on my machine (run the certmgr.msc management console plug-in program), there's no way I could say which (if any) didn't belong. 

There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #20 on: February 23, 2015, 11:57 PM »
I think the most irritating thing here is that these are 'trusted' vendors

Comodo seems to be a well regarded security vendor which is doubly disturbing (though i suppose not altogether surprising, it's not like it's the first time something like this has happened)

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #21 on: February 24, 2015, 12:46 AM »
So when will legitimate security vendors (whoever they might be) start reporting when there are fishy root certs installed?  Because I don't know about you, but when I look at the collection of root certs installed on my machine (run the certmgr.msc management console plug-in program), there's no way I could say which (if any) didn't belong. 

There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.

I agree about it being impractical to tell -- didn't have that many here, but there were a few completely unfamiliar ones.

Something to help assess what should and shouldn't be there does sound like it could be useful....not sure how practical and effective it would end up being, though perhaps much better than nothing.

Wouldn't really trust what one specific vendor had to say about a specific cert (cf. the value of VirusTotal, Jotti, etc.), but with a collective assessment, may be some suspicious things could be detected.

Spoiler
It's not like the whole root cert idea is foolproof, but that would be a different type of discussion I guess :)


ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #22 on: February 24, 2015, 12:48 AM »
I think the most irritating thing here is that these are 'trusted' vendors

Comodo seems to be a well regarded security vendor which is doubly disturbing (though i suppose not altogether surprising, it's not like it's the first time something like this has happened)

So where's our "anti-virus / security vendor" scanner ;)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #23 on: February 24, 2015, 06:31 AM »
There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.

Why? SSL Certs only serve to verify the identity of the entity on the other end of a connection ... Not the purity of their intentions..

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: Preloaded spyware, courtesy Lenovo
« Reply #24 on: February 24, 2015, 12:40 PM »
There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.

Why? SSL Certs only serve to verify the identity of the entity on the other end of a connection ... Not the purity of their intentions..

Because a company that is in the business of to helping deal with malware on my computer is in a better position to track certs that are known to be used for MITM schemes than I am.  Or they could track certs that are trustworthy and flag the other ones as something suspect.  That's what some of the more aggressive anti-malware does with programs.

I'm not sure how it would work. I'm just suggesting that it's a service that I would like to be included in the package for the fee that I'm paying.