Security Corner

Feb 21 2015   7:01PM GMT

Criminal mischief: Sony gave us a rootkit, Lenovo gives us malware

Ken Harthun Ken Harthun Profile: Ken Harthun

Tags:
Adware
cybercriminals
lenovo
malware
Security
I'm fed up with Adobe!

Really, Lenovo?

It’s a sad state of affairs when companies we trust turn out to be engaged in criminal mischief. In 2005, Sony BMG installed rootkits on the computers of anyone who purchased and played certain music CDs. As a result of that betrayal, I and many others boycotted Sony-produced products. Now, yet another huge  and trusted company, a supplier of quality computer products that many of us have in our organizations, has screwed the pooch. I didn’t join in the fray on Thursday when it was revealed that computer maker Lenovo has been shipping laptops with preinstalled malware that makes you more vulnerable to hackers — all for the sake of serving you advertisements. I like to step back and breathe a little before I react to such news. Well, I’ve breathed a bit since Thursday, looked it over, and have decided that I’m mad as hell. And, as in my personal boycott against all things Sony, I’ll do my damnedest never to buy anything made by Lenovo again.

At the college where I work I have a mobile computer lab comprising 20 Lenovo ThinkPad Edge notebooks. Lenovo says they didn’t install the malware on this model, but can I really trust them? I don’t think so. I’m thankful that when I initially took delivery of these notebooks, I wiped the Microsoft Windows 8 factory image and installed our own Windows 7 image. It contains no factory-installed software. Nevertheless, we won’t be buying any more of these or anything branded Lenovo despite their completely BS we-didn’t-think-we-were-doing-anything-wrong statement:

In our effort to enhance our user experience, we pre-installed a piece of third-party software, Superfish (based in Palo Alto, CA), on some of our consumer notebooks.  The goal was to improve the shopping experience using their visual discovery techniques.

. . .

To be clear: Lenovo never installed this software on any ThinkPad notebooks, nor any desktops, tablets, smartphones or servers; and it is no longer being installed on any Lenovo device.  In addition, we are going to spend the next few weeks digging in on this issue, learning what we can do better.  We will talk with partners, industry experts and our users.  We will get their feedback.  By the end of this month, we will announce a plan to help lead Lenovo and our industry forward with deeper knowledge, more understanding and even greater focus on issues surrounding adware, pre-installs and security.  We are confident in our products, committed to this effort and determined to keep improving the experience for our users around the world.

Be careful to wear high boots and proper protective clothing while you’re “digging in on this issue,” Lenovo, and consider this: Cybercriminals go to jail for doing what you did.

To any other companies looking to “enhance our user experience,” why don’t you just give us bug-free, secure products that do what WE want them to do and stop treating us like lemmings.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: