Lenovo Yet Again

From Irreal's You Can't Make This Stuff Up department we have news of Lenovo once again secreting malware on their computers. This time it's on the top-of-the-line Thinkpad model widely assumed to be immune from this nonsense.

I know lots of people who swear by their Thinkpads and insist none of this matters because they run Linux on them anyway. Cory Doctorow, in the BoingBoing piece linked above, says he goes even further and replaces the hard drive with an SSD drive.

Those attitudes miss a couple of points, I think. First, why would you want to deal with a company with a proven track record of abusing their customers and putting those customers' security at risk? If nothing else, getting caught 3 times in a year is evidence of incompetence and a refusal to deal with those responsible for it. Second, and more important, they're coming for you next. Up till now Lenovo has concentrated on targeting Windows systems but it's only a matter of time before some bright bulb realizes that the stuff really worth stealing is going to be on a Linux system.

When that happens, all your “but I'm running Linux” is out the window. Lenovo controls the hardware and can arrange for whatever backdoors it likes. As I wrote the last time Lenovo did this, they can, and did, put malware in the firmware where it's hard to detect and hard to eliminate. Unless you're prepared to take a microscope to the chips on your system, you'd be well advised to look elsewhere for your hardware.

I appreciate that if you're not an Apple user, Lenovo has the best hardware available and that the alternatives may not be as good, but maybe you should give Dell, HP, or one of the others a second look.

This entry was posted in General and tagged . Bookmark the permalink.
  • Tamas

    According to the article you link to, "The fact that this was taking place was buried deep in the user "agreement" that came with the machine", so technically the user did have to consent to it, which makes similar but firmware-based schemes more difficult (from a legal POV).

  • tetheno

    Superfish was certainly a big mistake and a security issue. I doubt it was something that Lenovo wanted, just lousy QA when testing the crapware they add in their cheap computers. Like most other vendors.

    The last two ? I wouldn't even call them newsworthy. Deciding to not use a Thinkpad based on this last piece of news is not rational. As far as I know it did just track Lenovo software usage. Windows 10 or Android do infinitely more tracking.

    Apple ? I don't know how much tracking they do on their devices. What's true is that their network security was completely rubbish a few years ago, enough that I would not trust them with nothing of importance. It took me 30 minutes to find ways to get a shell on their servers. True that they solved the bugs soon after I sent the email.