Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Wednesday, 25 February 2015 / Published in Woo on Tech

Lenovos shipped with vulnerable bloatware

Lenovo logo

Chinese computer manufacturer Lenovo (IBM’s former hardware division) is making headlines this month, but not the kind that most companies covet. Until as recently as January 2015, Lenovo has shipped a large number of computers with pre-installed software from adware company Superfish. In and of itself, this isn’t an uncommon practice – hardware manufacturers commonly reduce manufacturing costs for their consumer products by striking deals with various companies who pay to have their software installed on brand-new computers.  As initially reported by security researcher Marc Rogers, the Superfish partnership was a bad one for Lenovo, not only because the software itself was already notorious for being adware, but also because it compromises the built-in security of your computer’s SSL protocols to do its dirty work. Lenovo initially tried to downplay the problem, but pressure from the security community and the resulting media attention has since caused Lenovo to reverse its position 180 degrees. The CTO apologized in an open letter, and the company has issued a fix that completely removes the vulnerable software.

What this means for you:

Unless you are really into the technical details, the “what” and “how” of the Superfish vulnerability is much less important than the “why” and the “who”. In this case, we know why Lenovo installed Superfish – presumably they benefitted financially in some fashion. The real problem behind this fiasco is that Lenovo (a “trusted” brand – I use a Yoga 3 while I’m out seeing clients) missed the security flaws in this arguably useless piece of software and endangered thousands of its customers for no other reason than to make a buck. Can any hardware manufacturer be trusted to have our security in mind when making and selling their products? If the most recent NSA hard drive firmware scandal is to be believed, I’d say the answer is a resounding “no”. As we’ve seen with numerous other industries, when a company is held more accountable to shareholder profit (or “patriotic” duty?) than to consumer wellbeing, the only person we can trust is ourselves.

Unfortunately, manufacturers like Lenovo, Dell and HP have made a bed that is now very uncomfortable in which to lie. Their practice of installing “bloatware” on their equipment have driven prices down to a level that may be very difficult to maintain if they can’t lean on the dollars gained by these pre-installed software deals. At minimum, they’ll have to be much more discerning on what they pre-install, which, in turn, will drive up costs and narrow their margins even further.

  • Tweet
Tagged under: adware, lenovo, security, ssl, superfish, vulnerability

What you can read next

Deepfake Detection Can’t Come Soon Enough
Password and Account Madness
Who watches the watchers?
Getting off the grid in 2018

1 Comment to “ Lenovos shipped with vulnerable bloatware”

  1. Low Priced Tech May Cost You More Than Expected – Get Tech Support Now – (818) 584-6021 – C2 Technology Partners, Inc. says :Reply
    January 15, 2019 at 7:37 pm

    […] previous blogs, we’ve talked about computers made affordable through a similar practice of offsetting manufacturing costs by installing bloatware on your new […]

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Social Media monetizes our need to be social

    Part of our occasional series “The Elepha...
  • Freemail accounts will be hacked

    Most of you know that I do not recommend using ...
  • LastPass Breach is bad news for everyone

    Late in the year, just in time for the holidays...
  • 2023 – Approach with Caution

    Traditionally I like my year-end messages to be...
  • Privacy sign

    Popular tax apps leaked your data to Facebook

    While it shouldn’t come as a surprise to any of...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP