General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsLenovo Laptops Come Pre-Installed With Giant Security Hole – Consumerist
Lenovo Laptops Come Pre-Installed With Giant Security Hole
By Kate Cox February 19, 2015
Its not uncommon for a new PC to come with some pre-installed crap on it you dont want. From proprietary hard drive management tools to antivirus trials, software bundling is sadly common. But the junk shipping on new Lenovo laptops goes one troublesome step further: the bloatware present on several models is not only annoying, but dangerous, with a vulnerability that could let someone easily access users private, nominally secure data.
The program is called Superfish. As Ars Technica explains, Its meant to be just adware, scanning what you do and where you go and inserting advertisements while you do it. That, by itself, is pernicious and problematic enough. But the program also operates in such a way that any wandering third party with an eye for mischief could easily sneak in and steal your info.
For example, lets say you want to do some online banking. Ordinarily you type in your banks URL and get an encrypted connection to it that https that leads off the address bar. Your computer and your banks site then talk to each other. The bank site shows a security certificate saying, Hey, Im legit! Your computer agrees that the bank is legit, the site loads, and you log in and carry on with your business.
But with Superfish installed, theres a new link in that chain. You go to the banks website. Instead of the bank saying to your computer, Hey, heres my security certificate, Superfish says to your computer, Oh, no, its cool, the bank totally showed me its certificate. Totes legit. Here, take mine instead!
As the saying goes, a chain is only as strong as its weakest link. And Superfish has a major weakness indeed: that fake security certificate is always the same, on every Lenovo computer. So if an info thief created a fake HTTPS site using Superfishs credentials to siphon off personal data from every user that visited it, Superfish would pass it right on through as legitimate.
More
http://consumerist.com/2015/02/19/lenovo-laptops-come-pre-installed-with-giant-security-hole/
..
arcane1
(38,613 posts)Though I fear this is the Future: no way to escape from targeted advertising
blkmusclmachine
(16,149 posts)Recursion
(56,582 posts)Preferably with Linux or BSD, but failing that, with a clean Windows disk (the product key should be on a sticker on your computer).
betterdemsonly
(1,967 posts)want quality but can't afford a Mac.
Recursion
(56,582 posts)I'm typing on one right now. That said, I put Linux on it first...
CaliforniaPeggy
(149,831 posts)I bought a Windows 7 online from Lenovo several years ago, and my computer guy installed my stuff from my hard disk onto it.
He didn't mention the Superfish. So I don't know if my machine came with it or not.
betterdemsonly
(1,967 posts)Last edited Sun Feb 22, 2015, 02:25 AM - Edit history (1)
CaliforniaPeggy
(149,831 posts)Phlem
(6,323 posts)into the cost of each laptop?
Initech
(100,149 posts)And I will never buy any desktop that I can't build myself. No bloatware, no problem.