Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lenovo Installed Software On Laptops That Persisted After Complete Wipes

Posted by Soulskill on from the learned-nothing-from-superfish dept.

An anonymous reader writes: The Next Web has confirmed reports from owners of Lenovo laptops that the company used a BIOS feature to install its software on the laptops even if a user wiped a device clean and reinstalled the operating system. "If Windows 7 or 8 is installed, the BIOS of the laptop checks 'C:\Windows\system32\autochk.exe' to see if it's a Microsoft file or a Lenovo-signed one, then overwrites the file with its own. Then, when the modified autochk file is executed on boot, another two files LenovoUpdate.exe and LenovoCheck.exe are created, which set up a service and download files when connected to the internet." Lenovo has published a patch to remove this functionality. The article notes that this technique seems to be sanctioned by a Microsoft policy. "Manufacturers are obligated to ensure that the mechanism can be updated if an attack is discovered and should be removable by the user, but the rules outlined in the document are fairly loose and don't require the OEM to notify the owner of the laptop that such a mechanism is in place."

8 of 163 comments (clear)

  1. Simple, no malice from Lenovo by jkrise · · Score: 4, Funny

    When Windows auto-updates go horribly wrong, almost all users blame the h/w vendor, not Microsoft. So Lenovo uses this BIOS trick to protect their reputation. Why is this being depicted as malicious behaviour?

    --
    If you keep throwing chairs, one day you'll break windows....
    1. Re:Simple, no malice from Lenovo by Anonymous Coward · · Score: 3, Funny

      When Windows auto-updates go horribly wrong, almost all users blame the h/w vendor, not Microsoft.

      What the fuck are you talking about? Everyone, and I mean EVERYONE blames Microsoft.

    2. Re:Simple, no malice from Lenovo by Impy+the+Impiuos+Imp · · Score: 5, Funny

      You must be newer. He was making a sarcasm.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  2. Re:China ... by 0123456 · · Score: 5, Funny

    Sorry, but this is what happens when you let a country under the sway of a totalitarian government build you computers.

    But isn't Lenovo based in China these days, not America?

  3. Re:Not sure if Google abandoned Lenovo... by Anonymous Coward · · Score: 1, Funny

    When I briefly worked inventory in 2008, Google management was thinking of abandoning Lenovo laptops as they kept finding backdoors for Chinese hackers in the BIOS. Not sure if they ever did. On the few contract assignments I've done for Google since then, everyone I worked with had a MacBook Pro laptop.

    I am beginning to suspect that there is a Chink in the security of these devices.

  4. Re:China ... by Anonymous Coward · · Score: 5, Funny

    Tell me your thoughts on the NSA and FBI please

    Do NOT buy an NSA or FBI laptop.

  5. Re:Lenovo by MachineShedFred · · Score: 5, Funny

    ... install Windows ...

    I think I just found how to fix it. Don't install Windows!

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  6. It could be worse... by mandark1967 · · Score: 2, Funny

    They could be loading Adobe Flash

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain