Slashdot Mirror
Lenovo Still Shipping Laptops With Superfish
Ars Technica reports that weeks after Lenovo said it would stop selling computers with Superfish adware installed, it's still there for many purchasers of the company's laptops.
From the article:
Based on the experience of Ars readers Chai Trakulthai and Laura Buddine, Lenovo overstated both assurances. The pair recently examined a $550 Lenovo G510 notebook purchased by a neighbor, and their experience wasn't consistent with two of Lenovo's talking points. First, the PC was ordered in early February more than four weeks after Lenovo said it stopped bundling Superfish, and yet when the notebook arrived in late February it came pre-installed with the adware and the secure sockets layer certificate that poses such a threat.
"Lenovo may be saying they haven't installed Superfish since December, but the problem is that they are still shipping out systems with Superfish installed," Buddine said. "The Windows build had a date of December. They apparently aren't sorry enough to re-image the computers they have in stock to remove the problem and they're still shipping new computers with Superfish installed." Supply chains are long, and hand-work is expensive, so this might not surprise anyone. Less forgivable, though is this finding, of the software provided to purge machines of the adware: "Lenovo's software didn't begin to live up to its promise of removing all Superfish-related data. Based on its own self-generated report, the tool left behind the Superfish application itself. A scan using the Malwarebytes antivirus program found the Superfish remnants VisualDiscovery.exe, SuperfishCert.dll, and a VisualDiscovery registry setting."
"Lenovo may be saying they haven't installed Superfish since December, but the problem is that they are still shipping out systems with Superfish installed," Buddine said. "The Windows build had a date of December. They apparently aren't sorry enough to re-image the computers they have in stock to remove the problem and they're still shipping new computers with Superfish installed." Supply chains are long, and hand-work is expensive, so this might not surprise anyone. Less forgivable, though is this finding, of the software provided to purge machines of the adware: "Lenovo's software didn't begin to live up to its promise of removing all Superfish-related data. Based on its own self-generated report, the tool left behind the Superfish application itself. A scan using the Malwarebytes antivirus program found the Superfish remnants VisualDiscovery.exe, SuperfishCert.dll, and a VisualDiscovery registry setting."
My company bought 1200 Lenovo laptops last year, but now we'll never buy another Lenovo product again. I don't care if was the consumer laptop, they are no longer a company that can be trusted.
Lenovo were the only ones who were caught. And:
Criticisms of Superfish software predated the "Lenovo incident" and were not limited to the Lenovo user community: as early as 2010, Apple, Mozilla Firefox, and Microsoft Windows users had expressed concerns in online support and discussion forums that Superfish software had been installed on their computers without their knowledge, by being bundled with other software.
After that there is some finger pointing by the CEO of Superfish at another company.
Anyway, when it comes to this shit and cheap computers that subsidize their prices with adware/malware/advertising/etc ..., I just clean all that shit off and then some other things - and it tickles me that the asshole companies like Superfish are getting screwed because they won't be getting any ad revenue from me or anyone else that I cleaned a machine for.
Although I consider Lenovo fully responsible (and liable) for SuperPhish in the first place, I could easily see the removal tool's inefficacy stemming from it being a panicked rush job.
This was such a blatantly anti-customer move that I will never - NEVER - be a Lenovo customer again. They cannot be trusted, and probably can never be trusted again because any "change" could just be a whitewashing campaign, not a real change.
This is simply more evidence that they deserve all the shit they're getting, and more.
.
From that point of view, why should they reimage the drives of notebooks in inventory?
Sure there's a point: we get to feel superior because we wouldn't be this dumb/criminal/evil/fraudulent/wrong.
It doesn't matter that the story is literally "two people who frequent some other web site say they looked at their neighbor's new laptop that the neighbor said they ordered sometime in early February and received sometime in late February and it's still got Superfish on it. Also, those two same somebodies say that when they ran the official Lenovo removal tool the software wasn't removed, by which they mean... some files and registry keys remained, which clearly means the software is functional and a problem."
Yeah.
"Two people claim one laptop may have shipped around the time this story broke, give or take, and can't be bothered to say/figure out if Superfish remains functional after removal."
I keep finding myself posting Lenovo-defending posts pretty much because the witch-hunt is way out of perspective.
"Oh no... he found the
Are people still buying them at all? There are tons of companies that haven't broken your trust yet, but one of them! Stop buying Lenovo.
hey!
Yes, and not all cars are brought back to be upgraded, are they?
let me introduce you do the retail tactic called the Return Merchandise Authorization Center
Lenovo can have a retailer deal with this in 2 ways
1 RMAC all units with date codes prior to %clean date%
2 Ship "update" disc sets that burn the restore partition and reloads it with a clean version (then proceeding with a restore)
bonus for L if the sets have some sort of "Due to a Quality Control Issue we have included a restore media set at no charge" notice on the packet
Simple Fix: STOP BUYING LENOVO MACHINES... They need to feel PAIN because of this fuckup... They won't if everybody keeps on buying them... EVERYBODY needs to STOP NOW!!!
Your average home user doesn't reinstall anything, and for many reasons.
Even if he or she wanted to, they won't have a viable consumer OS installation disk anymore. They get the "System Recovery Disk" with their new purchase, and it's likely filled with the same Lenovo image that was used to bundle the malware in the first place.
John
I'm cheap, if I were Levono I'd post link and md5 checksum of ISO download of the clean version. Seed a few torrents with it too. Problem solved as far as I'm concerned.
I like Lenovo laptops, Windows problems like this not an issue when I put Linux Mint and OpenBSD on them
The story allows us to inform other people, and ensure the majority of those laptops stay in their warehouses. An unsold product can gather dust while Lenovo pays for the warehouse storage of said crap, OR Lenovo can re-image and sell a slightly less crappy product.
I'm seeing so many posts about how people "will never buy from Lenovo again because they can't be trusted" etc etc, and can't help shrug cynically.
I wonder how many of these same people buy Sony products despite not just one, but an entire string of blatantly anti-consumer decisions (of which the rootkit CDs were just one)
Or Microsoft, which has a very long history of not just anti-consumer, but crushing the PC industry and suberting entire standards bodies. But in the last couple years they've thrown a few open source bones... yeah that totally makes up for the last 20+ years of damage they have caused.
So yeah, I hope everyone gets to enjoy their collective outrage while it lasts, cause before you know it you'll find your comments will get modded troll by people who think you're just overreacting.
Nonsense, SuperFish easy to remove.
This level of debacle has happened a few times in open source world also.
Or sell them all to System76 and ZAReason. :)
You watch way too much TV, and Lenovo is already screwing themselves over quite handily, no mystery competitor required.
Il n'y a pas de Planet B.
"This unit is offered at a very special discount. Oh, and it will give your all bank and CC info to Gods Know Who. But it most likely won't eat your dog."
Yep, problem solved.
Il n'y a pas de Planet B.
Wipe the drive and do a clean install of Windows. You'll probably also be getting rid of a whole bunch of other bloatware in the process anyway, so win-win.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
You don't do business with any company that allows this shit in any part of their business.
You make this choice because you have an ounce of morality. Which you clearly lack.
Well, here's a chance to make some money then, it takes about 50 minutes to set up a fresh install of Deb7 or the like, so train up a couple dozen guys to do this in under an hour, and charge $40-$60 to make housecalls to set up people's new PCs with Linux out of the box and sell them peace of mind for security against all the crap that gets in from outside and that's probably in the box to begin with. Just like Microsoft in the 90's, the secret is marketting, marketting, marketting.
Not when they're capitalists.
Knowledge is power; knowledge shared is power lost.
Neither the source article nor the slashdot reposting bother to say WHERE the system was purchased from. A bit of negligence if you ask me, since it's a very important point of contention for the validity of the article. If the machine was purchased through a third-party vendor (i.e. TigerDirect, Newegg, Amazon, Best Buy), then yes, it shouldn't be a surprise that Superfish is still a part of these machines. However, if this system was bought directly through Lenovo, then there really is a problem here and Lenovo needs to fix it as soon as possible.
The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol
If you intend to run Linux on your Lenovo laptop, make sure everything works without massaging drivers because YOU NEEDS TO ROOT THE BIOS to get the computer to accept a non sanctioned (i.e. bought from some other store than Lenovo) network card. My G50-45 was delivered with a Realtek card that works like crap and I haven't got the Bluetooth part to work yet. I do have an Intel 7260 to replace the network card with IF THE FUCKING COMPUTER WOULD BOOT WITH IT.
It's not even so much morality as self interest. If they'll do this to some of their customers, they'll do it to others, so you don't want to be one of those others. And if software is too easily removed they're quite capable of doing it in firmware.
Doing business only with reputable companies falls within the area of "enlightened self-interest" rather than altruism.
I think we've pushed this "anyone can grow up to be president" thing too far.
>> No point to the story
Yes, there is a point. If Lenovo was concerned with the security of their customers, they would arrange with their distributors to either remove the malware or recall the hardware.
Continuing to sell it with malware shows they don't care about their customers.
And yes it costs money. That's the cost of deliberately distributing malware.
aaaaaaa
Or just don't buy Lenovo.
aaaaaaa
From the article, it seems it's not so easy after all, even Lenovo does not succed in removing it. (letting a malware exe on your system is not what i call "removal")
Also, it it was easy, Lenovo would put in the effort to do it for their ware.
aaaaaaa
No. The best Lenovo could do is not collecting money and let new users get infected hardware.
The best Lenovo could do is commit to their customers, and get the PCs cleaned before they are sold.
But this kind of thinking is not really in the direction of typical chinese manufacturers, who simply ship the darn thing, whatever the defects. Japanese manufacturers are more commited to their users, when they admit the fault ( which does not always happen)
aaaaaaa
Perhaps we should just exclude Sony from my "Japan" remark....
aaaaaaa
Honestly. I don't buy Apple products (unless you count a used iPod for which Apple would get $0 of the proceeds). I used to recommend Lenovo, but now they're off my list. HP, long gone.
Sony is a bit harder to avoid just because they have so damn many subsidiaries and product lines (again, I own a PS3, bought second-hand as were all my games).
Much as I like Linux, it isn't the answer to everything. Most people have some Windows programs they want to run on their laptop, and even if the F/OS programs were better they aren't the ones they want.
Moreover, we're talking about laptops, and installing Linux on laptops that were loaded with Windows can be iffy.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
No, you have one anecdote saying it wasn't removed. It is easily removable, I've done it.