Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lenovo Still Shipping Laptops With Superfish

Posted by timothy on from the maybe-they-need-some-superbait dept.

Ars Technica reports that weeks after Lenovo said it would stop selling computers with Superfish adware installed, it's still there for many purchasers of the company's laptops. From the article: Based on the experience of Ars readers Chai Trakulthai and Laura Buddine, Lenovo overstated both assurances. The pair recently examined a $550 Lenovo G510 notebook purchased by a neighbor, and their experience wasn't consistent with two of Lenovo's talking points. First, the PC was ordered in early February more than four weeks after Lenovo said it stopped bundling Superfish, and yet when the notebook arrived in late February it came pre-installed with the adware and the secure sockets layer certificate that poses such a threat.

"Lenovo may be saying they haven't installed Superfish since December, but the problem is that they are still shipping out systems with Superfish installed," Buddine said. "The Windows build had a date of December. They apparently aren't sorry enough to re-image the computers they have in stock to remove the problem and they're still shipping new computers with Superfish installed." Supply chains are long, and hand-work is expensive, so this might not surprise anyone. Less forgivable, though is this finding, of the software provided to purge machines of the adware: "Lenovo's software didn't begin to live up to its promise of removing all Superfish-related data. Based on its own self-generated report, the tool left behind the Superfish application itself. A scan using the Malwarebytes antivirus program found the Superfish remnants VisualDiscovery.exe, SuperfishCert.dll, and a VisualDiscovery registry setting."

127 comments

  1. Too late by Anonymous Coward · · Score: 5, Interesting

    My company bought 1200 Lenovo laptops last year, but now we'll never buy another Lenovo product again. I don't care if was the consumer laptop, they are no longer a company that can be trusted.

    1. Re:Too late by Zontar+The+Mindless · · Score: 1

      So sez you.

      (Posted to remove a moderation gone wrong.)

      --
      Il n'y a pas de Planet B.
    2. Re:Too late by sumdumass · · Score: 4, Insightful

      Unless his company disolves or passes the burden of purchaseing laptops onto employees in the future, there will be a need in 3-5 years to get new ones.

      However, 1200 laptops, with a company that large it should be using volume licensing and reimaging the computers with their own keyed software. This would negate anything the manufacturer does. Is there something with new laptops making this impractical?

    3. Re:Too late by Enry · · Score: 1

      Most companies that buy that many systems have their own image they just blast onto the laptop. Since it's usually a base install of the OS plus required drivers and software, there's no Superfish installed.

    4. Re:Too late by Anonymous Coward · · Score: 4, Insightful

      I don't think they're worried about the OS level stuff, but more that if they'll load malware onto a consumer product intentionally they might consider loading other less savory things into firmware or something similar. There's worry about the slippery slope rather than the actual Superfish fiasco.

    5. Re:Too late by ssam · · Score: 3, Interesting

      If a company is incompetent enough to ship such insecure software, why would you trust that their firmware drivers were safe. If a company thinks its good econmic sense to ship adware, why would trust them use high quality components where they might save a few cent by cheaper low quality ones.

      I have bought thinkpads in the past, because they are great hardware (i like the track point, wide set of ports even on the ultraportable x series, replacable battery, easily swapable disks, IPS screens). But my 18 month old x230 has just developed a random shutdown fault, so my opinion of Lenovo is failling fast.

    6. Re:Too late by Aighearach · · Score: 1

      If only another company would make a Thinkpad clone, there would be a giant army of people running away and Lenovo would die, and companies would be On Notice not to do that.

      As it is, their key product line is unaffected and has no good alternative.

    7. Re:Too late by Aighearach · · Score: 3, Informative

      If they're buying consumer grade laptops for employees, they'll just buy whatever is cheap in 5 years, and the bean counter won't listen to the whining about which brands anybody wants. That's true even if the CTO was overheard in the cafeteria saying, "Gosh, we'll never buy from them again!"

    8. Re:Too late by Anonymous Coward · · Score: 0, Troll

      Not to mention Lenovo also implements digital restrictions so users can't replace parts with those of there own choosing based on there own need. This is done for profit and self-interest. Lenovo adds whats called digital restrictions to the BIOS. Try replacing that wifi card with another and it won't boot. HP, Dell, Apple, and Sony are also in that boat doing this and/or similar stuff (proprietary parts).

    9. Re:Too late by citizenr · · Score: 1

      you still buy Cisco switches, right? :)

      --
      Who logs in to gdm? Not I, said the duck.
    10. Re:Too late by thegarbz · · Score: 4, Insightful

      If a company is incompetent enough to ship such insecure software, why would you trust that their firmware drivers were safe. If a company thinks its good econmic sense to ship adware, why would trust them use high quality components where they might save a few cent by cheaper low quality ones.

      That's an easy answer. Companies are ignorant machines. A company isn't incompetent, certain parts of it are. While a small group of idiots thought it may be a good idea to do one thing, it is quite likely that the other group (responsible for firmware or hardware) had no idea that it was going on, have far better quality for their own segment, and the people may have even been against it had they known.

      I postulate that the people assembling the hardware or the firmware had no idea what malware was being installed on the final machine, and that one has nothing to do with the other.

    11. Re:Too late by HiThere · · Score: 1, Troll

      Read the other reports above. Lenovo seems untrustworthy from one end to the other. (Of course, I can't verify that those other posts are made by disinterested parties.)

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    12. Re:Too late by Anonymous Coward · · Score: 1

      Legally companies are people.

      If some part of a person does something wrong.
        You don't blame the part. You blame the person.

      "I didn't kill those people! my hand did!"
      Yeah. that won't work.

    13. Re:Too late by Anonymous Coward · · Score: 1

      Thinkpads _were_ great hardware. My last Thinkpad was an x220, and a lemon. They refused the third return and then the warranty expired. The video never was reliable (would stay dead for days through multiple reboots, then return for a while if you never rebooted). The hard drive was also a lemon, death clicks and all.

      At work I had X230 and X240, but they just weren't good hardware, and got cycled frequently. That employer no longer buys Thinkpads either - too much downtime even if you have warranty service.

      Thinkpad as a brand is done. I hope Lenovo lost money buying and destroying it, but I doubt it.

    14. Re:Too late by sound+vision · · Score: 3, Interesting

      3 years ago I was involved in a contract to replace several thousand public school computers from Lenovo that had bad PSUs. The computers weren't just dying, they were actually catching fire.
      Lenovo has been coasting on brand reputation for quite some time now.

    15. Re:Too late by stooo · · Score: 2

      Alternative ?
      Try the Fujitsu Lifebooks.

      --
      aaaaaaa
    16. Re:Too late by Anonymous Coward · · Score: 1

      From the sounds of it, you are some lickspittle social marketing drone for Lenovo. Why else would you be here trying to disparage users to protect a company unless you have a stake?

    17. Re:Too late by Anonymous Coward · · Score: 2, Interesting

      Bios compatibility is a thing. My experience is mostly with Dell non-consumer hardware, but you can generally replace most parts with non-branded ones. When you can't it is typically something that is not coded to be compatible in the BIOS, not that it's BIOS locked not to be able to use it. For example, if you get a brand new wireless card and try to put it into a 3 year old laptop, the BIOS may not support that card because it's old, not because it's locked.

    18. Re:Too late by JohnFen · · Score: 1

      While much of what you say contains truth, I think you are too quick to discount overall company culture. If the processes in one part of the company can get so lax without management correcting it, it's more likely that the same problem exists in every other part of the company as well.

      Even if the only part of Lenovo that sucked was the group that decided that the malware was acceptable, that still means the company as a whole can't be trusted -- since from the outside of the company, there's no way to know what groups suck and what groups don't.

      However, the reason that I will never again purchase anything made by Lenovo is more basic than that: their official response to Superfish was either that they were outright lying or that they were seriously incompetent. Either way, they proved to be a company that you can't trust -- even if there are groups within the company that are trustworthy.

    19. Re:Too late by Anonymous Coward · · Score: 0

      Your company doesn't re-image machines as soon as they get them? They actually use OEM OS installs for anything? Really?

      That screams incompetence. If you were doing things properly and gave a damn about security you'd never use OEM Windows installs, ever. Then it wouldn't matter who the vendor was.

      It sounds extreme, but most technology companies do this.

    20. Re:Too late by LduN · · Score: 1

      So... using your logic, all Muslims are terrorists? I mean if a part does something, then the whole is to blame... right? So if Obama does/says something to offend anyone, the entirety of the US is to blame?

  2. Lenovo by Anonymous Coward · · Score: 4, Informative

    Lenovo were the only ones who were caught. And:

    Criticisms of Superfish software predated the "Lenovo incident" and were not limited to the Lenovo user community: as early as 2010, Apple, Mozilla Firefox, and Microsoft Windows users had expressed concerns in online support and discussion forums that Superfish software had been installed on their computers without their knowledge, by being bundled with other software.

    After that there is some finger pointing by the CEO of Superfish at another company.

    Anyway, when it comes to this shit and cheap computers that subsidize their prices with adware/malware/advertising/etc ..., I just clean all that shit off and then some other things - and it tickles me that the asshole companies like Superfish are getting screwed because they won't be getting any ad revenue from me or anyone else that I cleaned a machine for.

  3. Two Words by Anonymous Coward · · Score: 0

    Those fuckers.

  4. Rush job? by DoofusOfDeath · · Score: 5, Informative

    Although I consider Lenovo fully responsible (and liable) for SuperPhish in the first place, I could easily see the removal tool's inefficacy stemming from it being a panicked rush job.

    1. Re: Rush job? by Kvathe · · Score: 4, Informative

      Agreed. The original superfish bundling was a bad move, but this seems like more a case of Hanlon's Razor. It's hard to discount stupidity when talking about Lenovo.

    2. Re:Rush job? by houstonbofh · · Score: 1

      So why not just work a deal with Malware Bytes? There stuff already works, and both companies benefit from the exposure...

    3. Re: Rush job? by SigmundFloyd · · Score: 3, Insightful

      I think Hanlon's razor (never attribute to malice what can be explained by stupidity) is way too optimistic about human nature.

      Lenovo has no ethics, pure and simple. As far as I'm concerned, they lost a prospective customer.

      --
      Knowledge is power; knowledge shared is power lost.
    4. Re: Rush job? by Anonymous Coward · · Score: 1

      Another perspective is that Lenovo has been so burned by this that they're the one company that will never do anything like it again.

    5. Re: Rush job? by dreamchaser · · Score: 2

      Few if any corporations have ethics. They generally (not always) do what is legal, but not necessarily what is ethical, and almost never what is morally correct. They exist for one purpose and that is to make a profit.

    6. Re: Rush job? by savuporo · · Score: 1

      My morally correct is not your morally correct. It is impossible for a company to do anything morally correct as universal morality code would be an oxymoron.

      --
      http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
    7. Re: Rush job? by Aighearach · · Score: 2

      My morally correct is not your morally correct. It is impossible for a company to do anything morally correct as universal morality code would be an oxymoron.

      That is what Ethics is for, and why the main focus of complaints is generally ethics and not morality. Ethics is the overlapping parts people agreed on.

    8. Re: Rush job? by Anonymous Coward · · Score: 0

      We're sorry, sorry you busted us. We hope, hope that we get away with it longer next time.

    9. Re:Rush job? by mwvdlee · · Score: 1

      And admit it was malware whilst Superfish was obviously just a case of misunderstoodware? /sarcasm

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  5. Genral Consumer vs. Business Models by Anonymous Coward · · Score: 0

    The solution is simple: just buy from their business class line as they don't install this crap on them. Their general consumer systems are garbage anyway. I wouldn't use a new computer as it comes from the factory anyway; rather, I would wipe the hard drive and install an OEM copy of the OS of my choice.

    1. Re:Genral Consumer vs. Business Models by Anonymous Coward · · Score: 1

      You don't do business with any company that allows this shit in any part of their business.

      You make this choice because you have an ounce of morality. Which you clearly lack.

    2. Re:Genral Consumer vs. Business Models by Anonymous Coward · · Score: 0

      Obvious troll is obvious.

    3. Re:Genral Consumer vs. Business Models by HiThere · · Score: 3, Insightful

      It's not even so much morality as self interest. If they'll do this to some of their customers, they'll do it to others, so you don't want to be one of those others. And if software is too easily removed they're quite capable of doing it in firmware.

      Doing business only with reputable companies falls within the area of "enlightened self-interest" rather than altruism.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  6. Never trust them again by gman003 · · Score: 3, Insightful

    This was such a blatantly anti-customer move that I will never - NEVER - be a Lenovo customer again. They cannot be trusted, and probably can never be trusted again because any "change" could just be a whitewashing campaign, not a real change.

    This is simply more evidence that they deserve all the shit they're getting, and more.

    1. Re:Never trust them again by vadim_t · · Score: 4, Interesting

      That's a counterproductive way of doing things.

      Whenever making that kind of statement towards any sort of business you're telling them that there's no point to try to correct whatever upset you, as all resources spent to that end are going to be in vain anyway.

      The spyware gives them some money. If all people who hate it put Lenovo in their blacklist forever, then the most sensible business decision is keeping the spyware. The customers that hate it won't come back, and the ones that remain don't care, so nothing is gained by removing it after losing that part of the customer base.

    2. Re:Never trust them again by websitebroke · · Score: 4, Informative

      I think what the OP is getting at is that if enough people don't trust Lenovo, and Lenovo goes under as a result, it would be a great lesson to the other manufacturers that putting this sort of crapware on their machines doesn't pay in the long run. It's not an unreasonable point of view, but I think you're right, because I think the Superfish debacle won't be enough to drive Lenovo out of business. All we have left is the carrot of being a potential future customer since the stick of beating down Lenovo won't be effective.

    3. Re:Never trust them again by Anonymous Coward · · Score: 0

      That's a counterproductive way of doing things.

      Whenever making that kind of statement towards any sort of business you're telling them that there's no point to try to correct whatever upset you, as all resources spent to that end are going to be in vain anyway.

      The spyware gives them some money. If all people who hate it put Lenovo in their blacklist forever, then the most sensible business decision is keeping the spyware. The customers that hate it won't come back, and the ones that remain don't care, so nothing is gained by removing it after losing that part of the customer base.

      That's not the point of the message. Indeed it is as much to other PC makers as Lenovo, the message bing, "Fuck us and this is what happens"

    4. Re:Never trust them again by guygo · · Score: 2

      There is not a single unit of electronics equipment made in China that can be trusted not to spy on you for some pretext. Not one. If you buy Chinese-made electronic equipment, you can expect to be spied on. That's what they do.

    5. Re:Never trust them again by nightsky30 · · Score: 1

      Agreed. And just how many keyboards and mice are produced in the USA? I bet very few.

    6. Re:Never trust them again by vadim_t · · Score: 1

      I understand the idea, yes. But:

      1. Most of the time, it doesn't work. Let's face it, at least 95% of the people looking to buy a laptop don't understand this issue. A good amount of people doesn't care about spying either, because they think they have anything to hide, or because the US government is doing it so it must be good, or because the US government doing it makes it impossible to avoid anyway, or for a myriad other reasons. I think Lenovo would have to be in a very weak state for this to do them under.

      2. If it worked, it wouldn't be a good thing anyway. The laptop business is a very expensive to enter and competitive one. If people ran a company out of business every time it displeased them enough, despite trying to rectify their mistake, nobody would want to enter the market. Who would want to risk their money in such a way? So the market would eventually stabilize with 2 or 3 remaining companies which are too big to bankrupt, or who people won't boycott because there's too much inertia and not enough alternatives.

      If the market settled for instance on Dell and Apple, boycotting one would require rebuilding your entire infrastructure and way of doing things. This won't happen, so if such a situation is reached they can basically do whatever they want.

      If we want a consumer friendly environment we need plenty of competition, and this means that bankrupting a company should be the absolute last resort.

    7. Re:Never trust them again by houstonbofh · · Score: 1

      So what you are saying is that you still buy Sony after three separate attempts at owning your computer... OK, then.

    8. Re:Never trust them again by freeze128 · · Score: 2

      The customers that hate it won't come back, and the ones that remain don't care, so nothing is gained by removing it after losing that part of the customer base.

      Those aren't the only two options.

      This is an opportunity for the typical end-user to learn how to uninstall the malware and/or reinstall windows from a clean version, thus making them better as a computer user.

    9. Re: Never trust them again by Anonymous Coward · · Score: 0

      I think the exact same thing about firmware, software, and cloud services produced in the US.

    10. Re:Never trust them again by SigmundFloyd · · Score: 5, Interesting

      Whenever making that kind of statement towards any sort of business you're telling them that there's no point to try to correct whatever upset you, as all resources spent to that end are going to be in vain anyway.

      At the very least, heads should have rolled. And one of them had better be the CEO's. Better yet, the whole chain of command that made and approved the decision to install the malware.

      Since this hasn't happened, we can safely conclude that Lenovo is in bad faith and unwilling to do what is right.

      --
      Knowledge is power; knowledge shared is power lost.
    11. Re:Never trust them again by DoofusOfDeath · · Score: 1

      Whenever making that kind of statement towards any sort of business you're telling them that there's no point to try to correct whatever upset you, as all resources spent to that end are going to be in vain anyway.

      At the very least, heads should have rolled. And one of them had better be the CEO's. Better yet, the whole chain of command that made and approved the decision to install the malware.

      Since this hasn't happened, we can safely conclude that Lenovo is in bad faith and unwilling to do what is right.

      At the very least, Lenovo should have been sued half way into oblivion, and their executives should have been arrested and charged under the Computer Fraud and Abuse act.

      But they're a corporation, so... "fuck you" says the U.S. attorneys.

    12. Re:Never trust them again by DoofusOfDeath · · Score: 1

      There is not a single unit of electronics equipment made in China that can be trusted not to spy on you for some pretext. Not one. If you buy Chinese-made electronic equipment, you can expect to be spied on. That's what they do.

      Neither can we trust the US, thanks to the traitors to the Constitution. We're kind of short on alternatives here.

    13. Re:Never trust them again by Anonymous Coward · · Score: 0

      Statements like that are generally emotional and sound harsher than they really will end up being. However it's safe to assume that for the next round of hardware the company needs to purchase, the spyware has cost them a full, large scale order.

      And this particular news about them not even bothering to reimage the affected superfish stock they still have gives fuel to the desire to stay away from from them for at least a few years - to make sure the affected stock isn't sold to them.

      All that they've done is ensure customers they pushed away over superfish will remain away longer than they otherwise would have been.

    14. Re:Never trust them again by mwvdlee · · Score: 1

      On the other hand, people who keep buying their machines make them stop installing spyware HOW exactly?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    15. Re:Never trust them again by JohnFen · · Score: 1

      Everything you say is correct if what Lenovo did was just commit an innocent error. I don't think that's what they did. I think what they did was overtly malicious, and the only suitable response is to never do business with them again.

    16. Re:Never trust them again by JohnFen · · Score: 1

      And between the US and China, I would prefer to be spied on by China. They have less of an ability to harm me.

  7. Lenovo is looking at this from a profit PoV by QuietLagoon · · Score: 5, Insightful
    Lenovo is not looking at this from a customer point of view. They are looking to minimize the damage to their profits caused by their arrogant ignorance

    .
    From that point of view, why should they reimage the drives of notebooks in inventory?

    1. Re:Lenovo is looking at this from a profit PoV by Zontar+The+Mindless · · Score: 1

      ...why should they reimage the drives of notebooks in inventory?

      To avoid a class-action lawsuit, maybe?

      --
      Il n'y a pas de Planet B.
    2. Re:Lenovo is looking at this from a profit PoV by plover · · Score: 1

      I'm pretty sure that the people who've already been impacted are enough to bring a class action suit; eliminating a few more plaintiffs won't change much.

      --
      John
    3. Re:Lenovo is looking at this from a profit PoV by Zontar+The+Mindless · · Score: 2

      What I'm saying (bearing in mind of course that This Is Merely My Opinion and that I Am Not A Lawyer) is:

      Previous to this, Lenovo didn't promise not to sell machines with SuperFish installed on them. Now they have done so, and yet they're still shipping them with it.

      Said another way:

      To people who bought their machines previously, Lenovo could (and did) say, "Sorry, we screwed up, but we'll make it right," which could have had mitigating effects in the event of litigation. Now, they're out of any such excuses and thus MUCH more likely to get hammered in court.

      --
      Il n'y a pas de Planet B.
  8. Not a big deal by rubycodez · · Score: 0

    Of course laptops were in warehouses, in transit on slow steaming cargo ships...many with SuperFish will still be sold even though Lenovo stopped installng it. No point to the story

    1. Re:Not a big deal by Anonymous Coward · · Score: 0

      It is a big deal since someone is trying to destroy Lenovo, some competitor probably, for money.

    2. Re:Not a big deal by PsychoSlashDot · · Score: 1

      Sure there's a point: we get to feel superior because we wouldn't be this dumb/criminal/evil/fraudulent/wrong.

      It doesn't matter that the story is literally "two people who frequent some other web site say they looked at their neighbor's new laptop that the neighbor said they ordered sometime in early February and received sometime in late February and it's still got Superfish on it. Also, those two same somebodies say that when they ran the official Lenovo removal tool the software wasn't removed, by which they mean... some files and registry keys remained, which clearly means the software is functional and a problem."

      Yeah.

      "Two people claim one laptop may have shipped around the time this story broke, give or take, and can't be bothered to say/figure out if Superfish remains functional after removal."

      I keep finding myself posting Lenovo-defending posts pretty much because the witch-hunt is way out of perspective.

      --
      "Oh no... he found the .sig setting."
    3. Re:Not a big deal by Anonymous Coward · · Score: 0

      The car industry and a lot of others recall products all the time, at great cost, both money and image.

    4. Re:Not a big deal by rubycodez · · Score: 1

      Yes, and not all cars are brought back to be upgraded, are they?

    5. Re:Not a big deal by laurencetux · · Score: 2

      let me introduce you do the retail tactic called the Return Merchandise Authorization Center

      Lenovo can have a retailer deal with this in 2 ways

      1 RMAC all units with date codes prior to %clean date%

      2 Ship "update" disc sets that burn the restore partition and reloads it with a clean version (then proceeding with a restore)

      bonus for L if the sets have some sort of "Due to a Quality Control Issue we have included a restore media set at no charge" notice on the packet

    6. Re:Not a big deal by rubycodez · · Score: 1

      I'm cheap, if I were Levono I'd post link and md5 checksum of ISO download of the clean version. Seed a few torrents with it too. Problem solved as far as I'm concerned.

      I like Lenovo laptops, Windows problems like this not an issue when I put Linux Mint and OpenBSD on them

    7. Re:Not a big deal by nightsky30 · · Score: 1

      The story allows us to inform other people, and ensure the majority of those laptops stay in their warehouses. An unsold product can gather dust while Lenovo pays for the warehouse storage of said crap, OR Lenovo can re-image and sell a slightly less crappy product.

    8. Re:Not a big deal by rubycodez · · Score: 1

      Nonsense, SuperFish easy to remove.

      This level of debacle has happened a few times in open source world also.

    9. Re:Not a big deal by Zontar+The+Mindless · · Score: 1

      You watch way too much TV, and Lenovo is already screwing themselves over quite handily, no mystery competitor required.

      --
      Il n'y a pas de Planet B.
    10. Re:Not a big deal by Smask · · Score: 2

      If you intend to run Linux on your Lenovo laptop, make sure everything works without massaging drivers because YOU NEEDS TO ROOT THE BIOS to get the computer to accept a non sanctioned (i.e. bought from some other store than Lenovo) network card. My G50-45 was delivered with a Realtek card that works like crap and I haven't got the Bluetooth part to work yet. I do have an Intel 7260 to replace the network card with IF THE FUCKING COMPUTER WOULD BOOT WITH IT.

    11. Re:Not a big deal by stooo · · Score: 1

      >> No point to the story

      Yes, there is a point. If Lenovo was concerned with the security of their customers, they would arrange with their distributors to either remove the malware or recall the hardware.
      Continuing to sell it with malware shows they don't care about their customers.
      And yes it costs money. That's the cost of deliberately distributing malware.

      --
      aaaaaaa
    12. Re:Not a big deal by stooo · · Score: 1

      Or just don't buy Lenovo.

      --
      aaaaaaa
    13. Re:Not a big deal by stooo · · Score: 1

      From the article, it seems it's not so easy after all, even Lenovo does not succed in removing it. (letting a malware exe on your system is not what i call "removal")
      Also, it it was easy, Lenovo would put in the effort to do it for their ware.

      --
      aaaaaaa
    14. Re:Not a big deal by rubycodez · · Score: 1

      No, you have one anecdote saying it wasn't removed. It is easily removable, I've done it.

  9. of course they are by Anonymous Coward · · Score: 0

    its in the supply chain now, the best that Lenovo can do now is lawsuit the crap out of Superfish, its directors and everyone involved with them and its shady network of companies and shut them down/blackhole them,
    IMHO Lenovo was socially engineered (it is one of the hackskills) by Superfishes staff that everything would be fine, just sit back and collect the money, its a shame they didnt check out the directors life/work history not their fancy MIT qualifications, its clear they have done nothing else with their lives other than spy on people in one form or another (ex signint) .

    1. Re:of course they are by stooo · · Score: 1

      No. The best Lenovo could do is not collecting money and let new users get infected hardware.
      The best Lenovo could do is commit to their customers, and get the PCs cleaned before they are sold.
      But this kind of thinking is not really in the direction of typical chinese manufacturers, who simply ship the darn thing, whatever the defects. Japanese manufacturers are more commited to their users, when they admit the fault ( which does not always happen)

      --
      aaaaaaa
    2. Re:of course they are by stooo · · Score: 1

      Perhaps we should just exclude Sony from my "Japan" remark....

      --
      aaaaaaa
  10. Why... by MoronGames · · Score: 1

    Are people still buying them at all? There are tons of companies that haven't broken your trust yet, but one of them! Stop buying Lenovo.

    --
    hey!
    1. Re:Why... by Anonymous Coward · · Score: 0

      Are people still buying them at all? There are tons of companies that haven't broken your trust yet, but one of them! Stop buying Lenovo.

      People aren't going to stop buying Lenovo products for the same reason people won't stop eating pesticide laden foods, its too convenient. A company that has used Thinkpads for a decade isn't going to just drop them for another manufacturer when they have so many reusable parts and or other customizations built on or that make use of that hardware. Lenovo won't be strongly affected by this in my estimation.

    2. Re:Why... by houstonbofh · · Score: 1

      Are people still buying them at all? There are tons of companies that haven't broken your trust yet, but one of them! Stop buying Lenovo.

      People aren't going to stop buying Lenovo products for the same reason people won't stop eating pesticide laden foods, its too convenient. A company that has used Thinkpads for a decade isn't going to just drop them for another manufacturer when they have so many reusable parts and or other customizations built on or that make use of that hardware. Lenovo won't be strongly affected by this in my estimation.

      True that. After all, Sony is still in business and how many times have they screwed the customer? CD-Rom hack. First USB hack. Second USB hack. Linux ripped out of PS3. Half a dozen online failures...

  11. firesale! by Anonymous Coward · · Score: 0

    They just need a fire-sale of all current inventory w/ a disclaimer, problem solved.

    1. Re:firesale! by houstonbofh · · Score: 1

      Or sell them all to System76 and ZAReason. :)

    2. Re:firesale! by Zontar+The+Mindless · · Score: 1

      "This unit is offered at a very special discount. Oh, and it will give your all bank and CC info to Gods Know Who. But it most likely won't eat your dog."

      Yep, problem solved.

      --
      Il n'y a pas de Planet B.
  12. Superfish components still there? by Anonymous Coward · · Score: 0

    The conspiracist part of me thinks they want a means to reactivate it, so basically the Chinese government want it there. I also don't doubt other nations are doing the same thing, but you can trust communists as much?

    1. Re: Superfish components still there? by Anonymous Coward · · Score: 0

      Jeezuz H Christ! How mofo hard is it to roll out a critical update negating the bad stuff? The moment these pos's connect to automatic update it should just get done. No need to even warn, ask, or tell users.
      Will I ever buy one myself? Hell no. I'm gettin a highend getac. Either the V100, B300, or the X500. Gotta love the sirf star iv.

    2. Re:Superfish components still there? by SigmundFloyd · · Score: 1

      I also don't doubt other nations are doing the same thing, but you can trust communists as much?

      Not when they're capitalists.

      --
      Knowledge is power; knowledge shared is power lost.
  13. Is there really a Slashdot-ish user affected ? by fraxinus-tree · · Score: 0

    Everyone in his right mind reinstall new computers. The manufacturers were known to install bloatware, crapware, shitware and so on for years. It just was not that bad.

    1. Re:Is there really a Slashdot-ish user affected ? by plover · · Score: 4, Informative

      Your average home user doesn't reinstall anything, and for many reasons.

      Even if he or she wanted to, they won't have a viable consumer OS installation disk anymore. They get the "System Recovery Disk" with their new purchase, and it's likely filled with the same Lenovo image that was used to bundle the malware in the first place.

      --
      John
    2. Re:Is there really a Slashdot-ish user affected ? by RightwingNutjob · · Score: 1

      Well, here's a chance to make some money then, it takes about 50 minutes to set up a fresh install of Deb7 or the like, so train up a couple dozen guys to do this in under an hour, and charge $40-$60 to make housecalls to set up people's new PCs with Linux out of the box and sell them peace of mind for security against all the crap that gets in from outside and that's probably in the box to begin with. Just like Microsoft in the 90's, the secret is marketting, marketting, marketting.

    3. Re:Is there really a Slashdot-ish user affected ? by Anonymous Coward · · Score: 0

      Yeah but then they get a pc laden with systemd. No thanks, I'd rather be infected with superfish.

    4. Re:Is there really a Slashdot-ish user affected ? by david_thornley · · Score: 1

      Much as I like Linux, it isn't the answer to everything. Most people have some Windows programs they want to run on their laptop, and even if the F/OS programs were better they aren't the ones they want.

      Moreover, we're talking about laptops, and installing Linux on laptops that were loaded with Windows can be iffy.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  14. JUST STOP IT!! by Anonymous Coward · · Score: 1

    Simple Fix: STOP BUYING LENOVO MACHINES... They need to feel PAIN because of this fuckup... They won't if everybody keeps on buying them... EVERYBODY needs to STOP NOW!!!

    1. Re:JUST STOP IT!! by Anonymous Coward · · Score: 0

      Simple Fix: STOP BUYING LENOVO MACHINES... They need to feel PAIN because of this fuckup... They won't if everybody keeps on buying them... EVERYBODY needs to STOP NOW!!!

      k

    2. Re:JUST STOP IT!! by Anonymous Coward · · Score: 0

      JUST LEAVE BRITTANY ALONE!!!

    3. Re:JUST STOP IT!! by Anonymous Coward · · Score: 0

      OK, I will put her back in her grave.

  15. Can't help but laugh by ilsaloving · · Score: 4, Interesting

    I'm seeing so many posts about how people "will never buy from Lenovo again because they can't be trusted" etc etc, and can't help shrug cynically.

    I wonder how many of these same people buy Sony products despite not just one, but an entire string of blatantly anti-consumer decisions (of which the rootkit CDs were just one)

    Or Microsoft, which has a very long history of not just anti-consumer, but crushing the PC industry and suberting entire standards bodies. But in the last couple years they've thrown a few open source bones... yeah that totally makes up for the last 20+ years of damage they have caused.

    So yeah, I hope everyone gets to enjoy their collective outrage while it lasts, cause before you know it you'll find your comments will get modded troll by people who think you're just overreacting.

    1. Re:Can't help but laugh by ledow · · Score: 4, Interesting

      I agree with the sentiment of your post.

      However, for some of us, a principle stands out and isn't just empty words.

      I do not now, and have not ever, owned an Apple or Sony product. I disagree with the way they do business, I disagree with the attitude to the consumer, and I disagree with the way they sting the prices on their equipment. There's a number of companies on my blacklist that I have said I won't buy from again. And I haven't.

      Microsoft, for example, is a problem to avoid. If you work in IT, it's one company that you are very often required to support, no matter what your personal objections. However, even then, there are steps you can take. I endeavour to give Microsoft as little money as possible, and as much proportioned towards the products I agree with as possible. It's cost them many, many tens of thousands of pounds over the years.

      I can't completely cut them out, but their attitude costs them all the time. IE and Bing, however, are totally unnecessary in my environments yet encourage a "lazy endorsement" of their products if you just leave them in, so I ACTIVELY do everything I can to move users off them. I often go to a new workplace and my first policy is "We don't support IE, use a real browser" for example.

      Some people will bitch and moan and then go on to contradict themselves in the privacy of their own head. Some of us don't.

      My current site is entirely Lenovo hardware on the client end. Be sure that Superfish is going to cost them, hard, next time I'm doing some purchasing. Sure, I might end up buying at a much heavier discount than normal (the Superfish issue cannot and have not affected me because of the way I deploy machines on fresh images as a matter of course) rather than outright blacklisting, but that's reflective of the hassle caused to any place using their hardware for business use. Almost none.

      However, guess who people go to when they want purchasing advice? The IT guy. Guess which laptops they are going to be advised to avoid entirely or at the very least create a fuss when buying?

      Things like this aren't zero impact. And when Superfish is just a memory, it should still play a part in people's buying opinions. But do you honestly expect permanent blacklisting for ever and ever even after the problem is fixed?

    2. Re:Can't help but laugh by Solandri · · Score: 2

      The problem with these "never going to buy from [company] again" stances is that they might seem appropriate when you're young. But if you stick to your guns, by the time you're around 40 you realize there are very few companies left which you can still buy from without compromising your principles. Can't buy from Sony because of the rootkit scandal. Can't buy from Asus because they're sexist. Can't buy from Dell because of the bulging capacitors. Can't buy from HP because they overcharge for ink. Can't buy from Acer because of their crappy PC build quality in the 1990s. Can't buy from Apple because of product lock-in. Can't buy from Toshiba because they sold advanced milling technology to the Soviet Navy. (You may laugh at that one, bit it's not really much different than anyone in their teens today - the Sony rootkit scandal happened long before they even started to use computers extensively.)

      Rather than an absolute "never buy from evil companies" philosophy, perhaps a "buy from the less evil companies" philosophy might be more reasonable. I try to apply the golden rule. Do I occasionally make bad decision? Hell yes. Do I want others to give me a second chance after I've tried to reform? Hell yes. So when other people at these companies make terrible decisions, I kinda feel obliged to give them a second chance if I'm sufficiently satisfied that they've tried to reform. You can only earn a spot on my perma-ban list if you've shown you are incorrigible and not interested in reforming (e.g. RIAA).

    3. Re:Can't help but laugh by Anonymous Coward · · Score: 0

      There are other alternatives out there: GNU/Linux for one and companies like ThinkPenguin You can actively avoid Microsoft, Lenovo, Sony, Dell, Apple, and the like if you have any morals what-so-ever. People who don't care are just being lazy. We're all lazy- but some of us more so than others. Pick your battles, but if you pick none... well... your the laziest of us all.

    4. Re:Can't help but laugh by LVSlushdat · · Score: 1

      I, for one, have a fairly long list of companies I will not do business with, with Sony, near the top of the list, and now Lenovo, working hard to beat out Sony for top place on the list.

      Since I'm sort of my neighborhood "tech support", I make it clear to anyone who asks me for advice on what to buy, of my list and WHY these companies are ON the list. I tell them that if they go ahead and buy some piece of tech from one of these companies, they need not ask for my help in setting up the item or ANY kind of support, rather they can go elsewhere in the future for advice, since they obviously don't value mine...

      --
      THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
    5. Re:Can't help but laugh by HiThere · · Score: 1

      While you've got a point, I haven't bought a Sony product in over a decade. Everytime I get near to forgetting about them some other deed crosses the screen.

      I can't really speak to Lenovo, since I've never bought anything from them, but I'd be really surprised if I ever do now. Previously it was just that I preferred to buy from someone else, now I additionally prefer not to buy from them. This is an additional barrier.

      OTOH, I've got to agree that most people don't seem to even notice company quality, but in my experience paying attention to that is a move towards enlightened self-interest.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    6. Re:Can't help but laugh by Anonymous Coward · · Score: 0

      However, guess who people go to when they want purchasing advice?

      My guess, in order:

      1. They choose what they have seen their friends and family members use...
      2. Apple marketing ads
      3. IT guy

    7. Re:Can't help but laugh by ledow · · Score: 1

      Find job in IT tech without Microsoft knowledge / support required.

      Good luck! You just increased your chances of unemployment by about ten.

      At home, yes, no excuse. I have run entirely MS-free home networks for many years. I have brought Linux into schools and other workplaces.

      However, I have equally struggled to find any Linux-related work, whereas Microsoft-based support jobs are ten-a-penny. I work in schools and there is one school in my country that I'm aware of that is entirely Linux. Guess how many job opportunities they have come up?

      What will kill MS of its own accord is cloud. If it doesn't matter what OS the browser is on, who cares about buying a Windows tablet compared to, say, an Android? And that's what I see happening. Unfortunately, the Windows PC crowd are just as likely to move to Apple iPads, however (see the reply above yours!).

      You can't avoid them entirely, but you can greatly reduce your usage of them. But good luck finding a series of jobs that will last the rest of your life and never involve having to support MS products.

    8. Re:Can't help but laugh by stooo · · Score: 1

      >> Find job in IT tech without Microsoft knowledge / support required.

      Done.
      http://nofeeofw.blogspot.ch/20...
      http://www.linuxinsider.com/st...
      http://www.careerbuilder.com/j... .....

      Just google it.
      Also, my job is MS free ( at leaset 98%)

      --
      aaaaaaa
    9. Re:Can't help but laugh by ledow · · Score: 1

      Compare to number of Microsoft jobs.

      I hear a lot about "Linux needed", the number of jobs asking for it is extraordinarily low. Yes, I can provide work experience of Linux - from small-scale to entire networks. But what you can't do is compete against the thousands of others with similar experience for the handful of jobs going. The ratios are insane.

      I'd love to be able to. For many industries these things just don't exist. As I say, in the entire United Kingdom, I know of one school that's Linux-only. There are some educational suppliers that provide Linux-only devices to do their jobs and which are popular in UK schools (Smoothwall is actually one! Various other web filters, firewalls, etc. Espresso. KnowledgeBox. etc.) but even working for them, you have to support (and therefore, test and program against) MS clients in the main.

      I have friends that work in datacentres (Rackspace, Google, etc.) and they have Linux knowledge, but are still required to support MS in the main because of the client base.

      I can go to a dozen recruitment agencies and get nothing but high-end datacenter work for a Linux search, something which not everyone is qualified for, and not everyone will be able to compete against the others to get, no matter their actual non-Windows experience. On most sites, even technical, the ratios are huge - something like 50 Windows to every Linux/UNIX job, and mainstream sites will have almost nothing Linux at all. And the jobs are an entirely different class of work, in the main.

      To be honest, I wouldn't touch the first link at all ("earn cash" is not a tag that inspires confidence, especially one expecting you to emigrate to Australia to do so), and most of the jobs you link are far outside the mainstream, and still there aren't an awful lot of them.

    10. Re:Can't help but laugh by JohnFen · · Score: 1

      I wonder how many of these same people buy Sony products despite not just one, but an entire string of blatantly anti-consumer decisions

      I haven't bought anything Sony since the rootkit.

      Or Microsoft, which has a very long history of not just anti-consumer, but crushing the PC industry and suberting entire standards bodies.

      Likewise, I have done my best to avoid giving Microsoft even a single dime -- although in practice, that's pretty much impossible to achieve, thanks to their continuing evil practices (such as demanding royalties from Android phone manufacturers).

    11. Re:Can't help but laugh by JohnFen · · Score: 1

      What will kill MS of its own accord is cloud.

      Finally, a real argument for why people should be using the cloud! This is literally the first one that I've seen that might tilt the cost/benefit analysis to the "use the cloud" side.

      Although Azure does seem to be doing pretty well, so I don't know how accurate the statement really is.

  16. The solution is simple by kheldan · · Score: 4, Insightful

    Wipe the drive and do a clean install of Windows. You'll probably also be getting rid of a whole bunch of other bloatware in the process anyway, so win-win.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    1. Re:The solution is simple by Anonymous Coward · · Score: 0

      You *will* need some of the lenovo-ware, but they have separate driver-packages for them that are mostly bloat-free. Certainly it doesn't have any thrid-party crap, although they are not exactly lean-and-mean software.

      Without that, there will be nothing listening to the embedded controller alerts, and implementing some of the crap that moved from ACPI into driver/support application space since the T61.

      You can just pretend you know what is happening, like the freebsd people do. It is not like alerts like "thermal emergency: battery charger is heating up extremely fast" alarms are interesting...

    2. Re:The solution is simple by omtinez · · Score: 1

      There *shouldn't* be any third party crap embedded with the drivers, it is (used to be?) a rule enforced by Microsoft for OEMs that go through the certification process.

    3. Re:The solution is simple by Anonymous Coward · · Score: 0

      AMD bundles their Gaming Evolved crapware in their drivers.

    4. Re:The solution is simple by stooo · · Score: 1

      "Wipe the drive and do a clean install of Linux. You'll probably also be getting rid of a whole bunch of other bloatware in the process anyway, so Lin-Lin."

      Corrected that for you

      --
      aaaaaaa
    5. Re:The solution is simple by Anonymous Coward · · Score: 0

      In ThinkPads, "driver" actually includes some of the "ThinkVantage" software suite, which might not be drivers in MS Lingo.

      You know you have the absolutely minimal set when you have enough of thinkvantage to be able to set up the advanced battery policy, and the hotkeys work. At that point, you don't need to install anything else (at least on SSD boxes. On HDD boxes, you also want to ensure you have the HDAPS stuff deployed).

    6. Re:The solution is simple by kheldan · · Score: 1

      Yeah sure thing buddy because the average user is going to have any idea what the hell to do with Linux. You give the average user Linux in their laptop and it'll get thrown against a brick wall as hard as they can toss it within an hour because it's not Windows. Like it or not this is still the world we're living in, most people just want to do what they need to do with a computer, not futz around with it like an enthusiast will. Save your arguments for someone else, too, if you want to debate this, I have no interest in debating anything.

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    7. Re:The solution is simple by JohnFen · · Score: 1

      That solution does nothing to actually fix the problem.

    8. Re:The solution is simple by JohnFen · · Score: 1

      That couldn't be further from the truth. I know a lot of normal people (including my aged mother) who don't know a damned thing about operating systems but have no more problem with Linux than they have with Windows.

      In terms of ease of use, they achieved parity years ago.

    9. Re:The solution is simple by Anonymous Coward · · Score: 0

      Wipe the drive and do a clean install of Windows.

      When did you buy your last PC with windows pre installed? My mothers laptop at least only has a third grade recovery disk, even some of the purchases I made required me to explicitly mark a Windows installation disk as additional feature.

    10. Re:The solution is simple by david_thornley · · Score: 1

      A clean install of Windows from what? Most people don't have Windows install disks sitting around. (I can get them through my work-provided MSDN subscription, but that isn't realistic for most people.)

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    11. Re:The solution is simple by kheldan · · Score: 1

      "If it breaks can we call you for help?"

      Enjoy being free tech support when their Linux installation has a problem. Or they want to install some new software. Or hardware. "Why won't {insert Windows software name here} work the way it does on my computer at work?". Etcetera.

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  17. This makes me wonder.. by Sable+Drakon · · Score: 2

    Neither the source article nor the slashdot reposting bother to say WHERE the system was purchased from. A bit of negligence if you ask me, since it's a very important point of contention for the validity of the article. If the machine was purchased through a third-party vendor (i.e. TigerDirect, Newegg, Amazon, Best Buy), then yes, it shouldn't be a surprise that Superfish is still a part of these machines. However, if this system was bought directly through Lenovo, then there really is a problem here and Lenovo needs to fix it as soon as possible.

    --
    The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol
    1. Re:This makes me wonder.. by Anonymous Coward · · Score: 0

      Lenovo once shipped a run of thinkpads with beta *pre-product-launch* BIOSes loaded from factory... also, some thinkpads had recurrent *build* issues they did not fix (the hardware was perfectly designed, and the components were excellent, but the slaves at the chinese plant kept assembling it wrong).

      They're still much better than most laptop suppliers, as long as you know enough to image-and-wipe the factory install, keep the damn thing's firmware up-to-date, and run a minimal set of drivers on a clean windows install (or just run Linux or FreeBSD on them, they're perfect for that). Their hardware is at least not made of cheap plastic and spit, and has real metal hinges.

  18. Hosts files stop SuperFish easily... apk by Anonymous Coward · · Score: 0

    0.0.0.0 superfish.com
    0.0.0.0 www.superfish.com

    * Add those to your custom hosts file & voila: NO MORE REDIRECTS to them via bogus SSL inserts...

    (There is also directions galore online on HOW TO REMOVE IT -> http://www.bing.com/search?q=s... by removing the bogus SSL cert, easily... )

    (So, that all said & aside: Anyone wondering WHY I designed the program below after reading about this (& others like it who did the SAME trick 12 yrs. ago like GATOR + Zango)?

    Don't wonder!

    (Advertisers steal your bandwidth & make you vulnerable to man-in-the-middle redirect attacks via these bogus methods (as well as serving infected ads galore over time))

    APK

    P.S.=> For the BEST hosts file vs. this threat & others like it?

    APK Hosts File Engine 9.0++ SR-1 32/64-bit -> http://start64.com/index.php?o...

    MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

    ... apk

  19. Boycott Lenovo Like The Plague by Anonymous Coward · · Score: 0

    Wait, people are still buying Lenovo products? *facepalm*

  20. Because computer shops have instantaneous turnover by Anonymous Coward · · Score: 0

    Because computer shops have instantaneous stock turnover... ...seriously, this is a non-news story.

  21. Do what you can by phorm · · Score: 1

    Honestly. I don't buy Apple products (unless you count a used iPod for which Apple would get $0 of the proceeds). I used to recommend Lenovo, but now they're off my list. HP, long gone.

    Sony is a bit harder to avoid just because they have so damn many subsidiaries and product lines (again, I own a PS3, bought second-hand as were all my games).