Archive for Lenovo

« Older Entries
Newer Entries »

Lenovo Gets Sued Over Adware Fiasco

Posted in Commentary with tags , on February 23, 2015 by itnerd

When this Lenovo Adware fiasco began, you knew that this was coming sooner or later. A lawsuit has been filed regarding Lenovo’s ill advised decision to put potentially dangerous…. Well, they admitted that it was dangerous…. Adware on their computers. Here’s the details:

A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.

Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called “spyware” in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.

The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.

Well, good on Ms. Bennett. I’m glad that someone slapped this company with a lawsuit and I hope not only that people join in on this class action, but that this is investigated by governments where these products are sold. Because behavior like this from Lenovo deserves to punished as harshly as possible.

2 Comments »

Lenovo Finally Admits Its Spyware Put Users At Risk

Posted in Commentary with tags , on February 22, 2015 by itnerd

Lenovo finally seems to have gotten a clue. In an interview with re/code, the CTO of Lenovo Peter Hortensius admitted that the adware that they installed put users at risk:

“We messed up,” CTO Peter Hortensius told Re/code. The company now confirms that the way Superfish operates could leave machines vulnerable to a “man-in-the-middle,” or MITM, attack, in which an attacker mimics both sides of a conversation to actively eavesdrop on each one. The problem stems from the fact that Superfish intercepts Web traffic, including secure traffic, using a self-signed security certificate that could be spoofed by attackers.

And:

“We should have known going in that that was the case,” Hortensius said. “We just flat-out missed it on this one, and did not appreciate the problem it was going to create.”

And:

“We are taking our beating like we deserve on this issue,” he said.

And Finally:

“We are not just curled up in a ball,” he said. “We are taking real action to make this right with our customers.”

To prove that, the uninstall tool that they promised is now available. Great. But I am still not recommending Lenovo products to my customers ever again.

1 Comment »

Microsoft Rescues Lenovo Users From Lenovo Installed Adware

Posted in Commentary with tags , , on February 22, 2015 by itnerd

If you’re a user of a Lenovo computer and you are concerned about that evil adware that Lenovo themselves installed, don’t worry. Microsoft has your back.

You read that correctly. Microsoft is coming to the rescue of Lenovo users. In its latest update to Windows Defender, Microsoft has removed Superfish’s certificate entirely, which Microsoft believes will kill the program’s ability to run on Windows. That’s not a guarantee as the tech website Neowin will explain if you click here, but it’s better than nothing.

If you run Windows 7, 8, or 8.1, you have Windows Defender. Make sure you update it and use it to make your Lenovo system safer to make up for the fact that Lenovo made it horribly unsafe.

Leave a comment »

Researcher Proves That Lenovo Adware Is Extremely Dangerous

Posted in Commentary with tags , on February 20, 2015 by itnerd

For Lenovo, installing potentially dangerous adware on computers that they sell is pretty bad. But the problem is now really bad as security researcher Robert Graham has shown how one can leverage this adware to spy on users:

I extracted the certificate from the SuperFish adware and cracked the password (“komodia”) that encrypted it. I discuss how down below. The consequence is that I can intercept the encrypted communications of SuperFish’s victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot. Note: this is probably trafficking in illegal access devices under the proposed revisions to the CFAA, so get it now before they change the law.

I guess that any attempt by Lenovo to say that this adware isn’t really harmful has just gone up in smoke. This fiasco is starting to reach the point where someone needs to slap anyone and everyone behind this adware and the installation of it onto Lenovo computers silly. The Government, law enforcement, lawyers via a class action lawsuit, consumers via a boycott of Lenovo products. I don’t really care whom. It just has to happen as this is completely unacceptable.

1 Comment »

Lenovo Promises To Get Rid Of Adware It Installed On Computers They Sell

Posted in Commentary with tags , on February 20, 2015 by itnerd

I guess that I am really jaded at this point. But given that Lenovo was caught installing potentially dangerous adware on computers that they sell, you can hardly excuse me for reacting with “I don’t buy the humility act” when I read this story in the Wall Street Journal about what Lenovo plans to do about this fiasco. Lenovo CTO Peter Hortensius was interviewed and here’s what he said about what the company was going to do about this adware:

WSJ: What are you doing now to ensure the security of people who bought Lenovo laptops with the Superfish app?

Hortensius: As soon as the programmer is finished, we will provide a tool that removes all traces of the app from people’s laptops; this goes further than simply uninstalling the app. Once the app-wiping software is finished tonight or tomorrow, we’ll issue a press release with information on how to get it.

Great. Though I really wouldn’t trust anything that this company does right now. But that’s my cynical nature entering the equation. He also said this:

WSJ: Do you do due diligence on software you pre-install on Lenovo machines to make sure it’s secure?

Hortensius: Yes, we do. Obviously in this case we didn’t do enough. The intent of loading this tool was to help enhance our users’ shopping experience. The feedback from users was that it wasn’t useful, and that’s why we turned it off. Our reputation is everything and our products are ultimately how we have our reputation.

Except that’s not quite true. It’s more like this:

  • Lenovo installed something they should not have on customer’s computers and didn’t tell their customers about it.
  • Someone found out about it and the story went viral.
  • Lenovo tried to defend it, failed, and pulled the plug to try and make the story go away.

The fact is that this adware should never have been there in the first place. Ever. Either Lenovo doesn’t understand that or refuses to accept that when customers buy computers, they shouldn’t get adware or anything else that could be potentially dangerous as part of the deal.

Oh, you might be interested in their statement on this adware. While it does list the models of Lenovo computers that might have had this software (Question: Should they not know what computers they shipped this software with?), and they state that it was only consumer and not corporate computers that got this software, it does very little to improve my perception of the company.

 

 

1 Comment »

Lenovo Ships Possibly Dangerous Adware On New Computers….. Yikes!

Posted in Commentary with tags , on February 19, 2015 by itnerd

There’s a lot of people who don’t like Lenovo. Some people don’t like them because they’re Chinese, which means that they must be evil in some way. Some weren’t thrilled with their business practices. Neither is good. But this is going to make things worse for them. The Next Web is reporting that Lenovo has been caught installing adware on their computers:

The adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.

Superfish appears to affect Internet Explorer and Google Chrome on these Lenovo computers.

For a top tier computer company to do this is beyond unacceptable. What really bothers me is that when they were caught, they did promise to stop shipping it, but they also defended it by saying that this adware “helps users find and discover products visually” and “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”

That is quite frankly is a load of bull. But it doesn’t end there:

Other users are reporting that the adware actually installs its own self-signed certificate authority which effectively allows the software to snoop on secure connections, like banking websites as pictured in action below.

This is a malicious technique commonly known as a man-in-the middle attack, where the certificate allows the software to decrypt secure requests, yet Lenovo appears to be shipping this software with some of its products out of the box.

If this is true — we’ve only seen screenshots so far — Superfish could be far more dangerous than just inserting advertising.

I am shocked by Lenovo’s behavior and I for one will not recommend their products going forward to my customers as they clearly cannot be trusted.

Now if you’ve got a Lenovo computer and you wish to check to see if you’ve got this adware on your computer, click here for a site that will allow you to do that. If you are infected, there are instructions to remove it on the site.

 

1 Comment »

Lenovo Recalls 500,000 Power Cords Due To Fire Risk

Posted in Commentary with tags on December 10, 2014 by itnerd

If you own a Lenovo computer, you should pay attention to this. Lenovo is recalling a staggering 500,000 in the US and Canada due to a risk that they might start a fire. How do you know if your power cord is affected? Check out this from the CPSC:

This recall involves Lenovo’s LS-15 AC power cord manufactured from February 2011 to December 2011. The power cords were distributed with IdeaPad brand B-, G-, S-, U-, V- and Z-series laptop computers and Lenovo brand B-, G- and V-series laptop computers. The recalled power cords are black in color and have the “LS-15” molded mark on the AC adapter end. The manufacture date code in the format REV: 00 YYMM is on a label attached to the cord.

If you’re affected, you need to surf to this website or call (800) 426-7378 to make arrangements to get a replacement. The cords have apparently tied to 15 “incidents” including “overheating, sparking, melting and burning.” No injuries were reported however.

Leave a comment »

Lenovo Purchase Of Motorola Now Official

Posted in Commentary with tags , on October 30, 2014 by itnerd

Though I had my doubts at the time that this deal was announced, it now seems that Motorola’s handset business is now owned by Lenovo. Here’s a snippet from an announcement that was posted today:

In Lenovo we have a partner that shares our mission and that brings global scale, a diverse product portfolio and a track record of seizing strategic opportunities and making the most of them. Together we will go farther, faster. With an impressive portfolio of smartphones, wearables and PCs, our two companies will be uniquely positioned to push the boundaries of choice and value, and bring exciting new experiences to people everywhere.

That may be true. Consider the following:

  • Lenovo also gains access to the North American smartphone market. That’s good for them. Though it also means that they will have a ton of competition to deal with.
  •  Motorola gets access to Asia. That will help to sell more phones.

Here’s the problem. Google never made a dime with Motorola. Thus I wonder if Lenovo can do better. I guess we’ll see.

Leave a comment »

Hey IT Nerd! How Do I File A Complaint Over #Lenovogate?

Posted in Commentary with tags on June 7, 2014 by itnerd

Here’s a question in response to my stories on the Lenovo pricing issue which has become known as #lenovogate:

Good morning IT Nerd. I am very upset about the way Lenovo has handled this “pricing error” which I really don’t believe is a pricing error. How do I file a complaint with the Canadian government? Any help you could provide would be welcome. 

Thanks so much. 

Thank you for the question.

The fact that I’m getting this question implies that #Lenovogate isn’t going away and that’s bad news for Lenovo. In any case, you’d want to file a complaint with the Competition Bureau. I took a look at their site and you’d need to go here to file a complaint. Make sure that you fully fill out the form for the Competition Bureau to properly investigate your claim.

I hope that helps you.

 

Leave a comment »

Poll: Will Your Next Computer Be A Lenovo?

Posted in Commentary with tags on May 29, 2014 by itnerd

Leave a comment »

« Older Entries
Newer Entries »