Pinterest Stumbleupon Whatsapp
Ads by Google

It’s happened again. Like a dodgy employee with their hand caught in the till and given one last chance, Chinese computer and smartphone manufacturer Lenovo has been pushing flawed bloatware on its users.

Just 12 months after Superfish threatened to undermine the company’s reputation, this latest incident demonstrates one very clear point: Lenovo PCs are bad for your online security. Let’s look at why the time has come to start looking elsewhere for affordable computers.

The Success of Lenovo

Before we do that, however, now is a good time to give Lenovo some credit. After buying IBM’s computer business in 2005, it became the largest smartphone manufacturer in mainland China by 2014. Not bad for a company only formed 30 years earlier, and in the past few years they’ve bought up Medion and Motorola Mobility from Google.

In that same period, Lenovo has managed to establish a market share of over 10 percent in the USA. This is a company that has become increasingly popular with consumers, partly due to its innovative hybrid PCs and partly because their devices are more affordable than competitors, like HP.

Now in a strong position, Lenovo has taken its customers for granted.

Lenovo Service Engine

Appearing on devices that shipped from October 2014 to June 2015, the Lenovo Service Engine supposedly sent non-identifiable system information from your PC to Lenovo, the first time your computer goes online. Meanwhile, the Lenovo OneKey Optimizer bloatware would be installed on laptops.

Ads by Google

muo-security-4lenovoreasons-bios

Worse still, these same behaviors would occur following a clean install – thanks to a Windows 8 feature called Windows Platform Binary Table – which stores executables within the UEFI firmware How to Check If Your PC Uses UEFI or BIOS Firmware How to Check If Your PC Uses UEFI or BIOS Firmware Sometimes when troubleshooting, you'll need to know whether your PC uses UEFI or BIOS. Here's how you can check with ease. Read More . It turned out, however, that Lenovo Service Engine had various security issues, and as a result, didn’t meet the guidelines for WPBT inclusion – which is intended for anti-theft software.

Lenovo Service Engine has since been discontinued, and Lenovo has issued instructions for its removal.

Remember Superfish?

In early 2015, it was discovered that Lenovo laptops shipped to stores and consumers in late 2014 had malware preinstalled Lenovo Laptop Owners Beware: Your Device May Have Preinstalled Malware Lenovo Laptop Owners Beware: Your Device May Have Preinstalled Malware Chinese computer manufacturer Lenovo has admitted that laptops shipped to stores and consumers in late 2014 had malware preinstalled. Read More . Masquerading as a piece of typical manufacturer bloatware How To Remove Bloatware & Avoid It On New Laptops How To Remove Bloatware & Avoid It On New Laptops Tired of software you never wanted consuming your laptop's resources? Your computer isn't free ad space. Here's how to get rid of bloatware. Read More , Superfish Visual Discovery was a browser extension that analyzed images, checked if they were products, and then displayed cheaper alternatives. Sounds useful, but…

“The Superfish Visual Discovery engine analyzes an image 100% algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.”

Here’s a more in-depth explainer and discussion:

Yes. Superfish hijacked browsers. Worse still, it installed a self-signed HTTPS certificate, which makes HTTPS connections What Is HTTPS & How To Enable Secure Connections Per Default What Is HTTPS & How To Enable Secure Connections Per Default Security concerns are spreading far and wide and have reached the forefront of most everybody's mind. Terms like antivirus or firewall are no longer strange vocabulary and are not only understood, but also used by... Read More as weak as HTTP, enabling Superfish to intercept your Internet traffic. This is known as a Man-in-the-Middle attack What Is A Man-In-The-Middle Attack? Security Jargon Explained What Is A Man-In-The-Middle Attack? Security Jargon Explained Read More , a key attack vector in online crime. Oh, and to make matters worse, the HTTPS certificates had the same private encryption key on every single affected Lenovo computer Superfish Hasn't Been Caught Yet: SSL Hijacking Explained Superfish Hasn't Been Caught Yet: SSL Hijacking Explained Lenovo's Superfish malware caused a stir, but the story's not over. Even if you removed the adware from your computer, the same vulnerabilty exists in other online applications. Read More !

Lenovo Customer Feedback Program

Previous security issues had been targeted at lower-and-mid-range computers and smartphones. In September 2015, however, it became apparent that the high-end ThinkPads, ThinkCenters and ThinkStations — built and promoted as alternatives to Apple computers — were being sold with preinstalled malware, the Lenovo Customer Feedback Program, that forwards personal usage data to Omniture on a daily basis.

muo-security-4lenovoreasons-thinkpad

Omni-who? Omniture is an online marketing and web analytics company, currently owned by Adobe. Following Lenovo Service Engine and Superfish, Lenovo Customer Feedback Program seems like blatant opportunism. Fortunately, Lenovo Customer Feedback can be uninstalled Now It's THREE Pre-Installed Malwares on Lenovo Laptops Now It's THREE Pre-Installed Malwares on Lenovo Laptops For the third time in a year, Lenovo have been caught shipping customers computers laden with privacy-unfriendly malware, showing that they haven't learned the lessons from the public outcry over Superfish. Read More .

Lenovo Solution Center

In May 2016, we discovered that Lenovo has failed to learn from its earlier THREE mistakes. This latest issue is with the Lenovo Solution Center, a piece of bloatware that causes more problems than it solves.

Despite being largely useless already, we now learn that it includes a privilege escalation vulnerability that allows attackers with access to a device on your network to execute malicious code. While your home network might be secured, there’s a good chance that the public Wi-Fi you use How To Combat WiFi Security Risks When Connecting To A Public Network How To Combat WiFi Security Risks When Connecting To A Public Network As many people now know, connecting to a public, unsecured wireless network can have serious risks. It’s known that doing this can provide an opening for all manner of data theft, particularly passwords and private... Read More isn’t.

What this means is that the Lenovo Solution Center can be used to subvert your entire system, and potentially a whole network. Embarrassingly for Lenovo, this isn’t the first time LSC has had problems, and it has now been patched twice in six months. Back in December 2015, hacking group Slipstream/RoL demonstrated several vulnerabilities, including one that could direct users to malicious websites (blocking the usual methods of checking 4 Quick Sites That Let You Check if Links Are Safe 4 Quick Sites That Let You Check if Links Are Safe Read More ).

While Lenovo has released steps for dealing with the privilege escalation issue, the safest option is clearly to uninstall the Lenovo Solution Center, as you would uninstall any Windows software.

Lenovo: Not the Computer You’re Looking For

One might argue that these issues can be dealt with relatively easily. The fact is, they shouldn’t be there in the first place. Oh, and Lenovo has bigger problems than malicious software. Various models of laptops have run into manufacturing issues over the past few years (often surrounding the all-important hinge mechanism, as this forum thread demonstrates), which makes you wonder whether the initial low-cost of their systems is really the advantage it at first seems.

It’s been speculated that the various security breaches have been prompted by Lenovo’s desire to monetize their user base, enabling after sale profits that “top-up” the initial sale price. Whatever the reason, the naked truth is that Lenovo computer users have been placed repeatedly at risk from security issues, and until the company deals with this, it’s time to look elsewhere.

Do you use Lenovo PCs and notebooks? Have you avoided them, or abandoned them? Tell us about it in the comments.

Image Credits: Volodymyr Krasyuk via Shutterstock.com, GregorB via Wikimedia Commons

  1. David Warfield
    July 21, 2016 at 2:43 pm

    T61P Lenovo Thinkpad. running Ubuntu 14.04 FLAWLESSLY. nice high end machine made for the graphic artist. durable construction, beyond HD display capabilities. and very out-of-date. yet it runs Minecraft just fine!
    Dave, Seattle, Wa.

  2. Tim
    May 18, 2016 at 1:46 pm

    This is the case with most large companies. The bloatware on Lenovo computers is a fraction of that with most other brands. The Thinkpad line of notebooks in particular are still the best quality of any notebook on the market and are still nearly indestructible with "normal" wear and tear. Most other brands are flimsy and break easily, not to mention the cheap components used by companies like HP, which increase the odds that you'll be replacing the whole unit sooner rather than later. When you buy a Walmart or Best Buy special for $350, you get what you pay for. I work on these things all day, and the one brand that rarely has issues not caused by the user is Lenovo.

  3. C West
    May 18, 2016 at 12:50 pm

    Like others have said, my Lenovo didn't come with overly loads of unwanted extras and not the offending SuperFish. I did have the Lenovo Solution Centre but uninstalled it.

    The one key recovery I have no clue how it works, but it sounds good ?

    When I got the laptop I ran decrappifier and surprisingly it didn't pick anything out.

    I'm sure I got rid of other things that required purchase such as Nero?? something or the other.

    Having read this article I will think twice about another Lenovo and do my research to make sure they sorted themselves out.

  4. Ramraj
    May 16, 2016 at 8:12 pm

    I own a lenovo G50-45 . All those bloatwares are not a problem for me since I am a linux user . Immediately after buying that laptop , I installed linux .

    • Wykedengel
      May 30, 2016 at 3:28 pm

      Same here with my T440s. I booted the PC and went through the initial setup to secure the Windows 10 license to use in the future if need be and then grabbed my Arch install USB.

  5. Shawn Amison
    May 16, 2016 at 3:29 pm

    Lenovo used to be my favorite laptop company, back in the day when it used to be IBM, those laptops were nearly indestructible! I don't know if their QC has gone down lately, but even about 4 years ago the last Lenovo I had was the best laptop I had so far in recent memory.

  6. Danny
    May 15, 2016 at 10:05 pm

    I have a Lenovo Win10 laptop right now. It doesn't have the offending features anymore and the bloatware is not as egregious as from, say, HP or Acer. The hardware itself is pretty good quality-wise.

  7. Spamtrap@alphadog.net
    May 15, 2016 at 3:27 am

    NOT intending to excuse Lenovo, but I work in the business, and ALL major companies (HP, Microsoft, Apple, Google, AT&T, Verizon, Comcast, etc...) Hate Us, and would happily sell razor blades to babies if they could figure out how to weather the lawsuits & still turn a profit...

    • Howard Blair
      May 18, 2016 at 1:06 pm

      This is true of ANY sufficiently large corporation.

  8. Leah
    May 15, 2016 at 2:12 am

    I have a Lenovo and I do not know of this "bloatware" you talk about. Every brand puts bloatware on their computers and Lenovo is no different. There is no extra bloatware and there is no Superfish. They must have been putting that on computers between the time I bought my last laptop and this one.

  9. Lou
    May 15, 2016 at 1:39 am

    I have made the mistake a long time back in 2010 or 2011 and bought a W510 laptop that came with dead pixels and they refused to replace or repair it the works customer service I have ever had, nasty reps. Then I heard about super fish and that was beyond forgivable. Lenovo is a company that no one should do any business with the do not deserve to have any customers. Broward county schools is moving from Apple to Lenovo laptops and go knows what information they will be stealing from students and staff in the public school system. Hard to believe that a public school would use their products after superfish and other crap this company has pulled. Whoever made this decision should be fired.

  10. Eric Xu
    May 14, 2016 at 12:53 pm

    Build quality, design, and features on Lenovo PCs such as the ThinkPad P, T, X, and IdeaPad Yoga, and Y series are top notch. No other PC maker can top this quality and design. I mean, the Yoga 900 has a beautiful metal watchband hinge and can flip into a tablet, and the P, T, and X series are portable yet nearly indestructible. Superfish was awful, but the other programs aren't considered bloatware. Hell, Dell and HP had these same issues! Remember eDellRoot?

    • Eric Xu
      May 14, 2016 at 12:55 pm

      Should also mention Lenovo PCs running Windows 10 onward have no 'bloatware'.

      • Christian Cawley
        May 14, 2016 at 7:55 pm

        Lenovo's change of approach for W10 is s a fair point, but the manufacturing issues have been documented by owners on Lenovo's own support forums. They're not going away as long as the affected models remain on sale.

        • Eric Xu
          May 14, 2016 at 8:57 pm

          I post regularly on the forums. The Y50 hinge issues is a bit disappointing, but it seems like they fixed it with the Y700. Haven't heard issues on that yet. But Lenovo's Think and Yoga lines are extremely solid.

  11. Peter Buyze
    May 14, 2016 at 7:54 am

    I bought a Lenovo G505 laptop mid 2014 & cleaned out the bloatware/crapware & uninstalled Lenovo Solution Center. I have been happy with the laptop. But all this negative publicity would make me think twice before buying another Lenovo though. Another issue I am nervous about is Windows 10, which would come preinstalled on a new laptop, but that's another story.

  12. n00bTown
    May 14, 2016 at 2:39 am

    News flash: buy custom ThinkPads with, clean, bloatless, drivers-only preload for an extra $5.

  13. fcd76218
    May 13, 2016 at 11:42 pm

    Would wiping the HD and installing Linux or BSD cure all these problems?

    • Christian Cawley
      May 14, 2016 at 7:56 pm

      Got it in one.

  14. dan
    May 13, 2016 at 10:13 pm

    Lenovo T440s own a 12GB ram sata ssd 250 and 120 m2 with i7 processor with Ubuntu on it for me is that I wanted the plane go perfectt May flawless if we were to take my other laptop I would go only on lenovo very satisfied

  15. Steve
    May 13, 2016 at 9:28 pm

    I have just bought a Laptop and was worried about the previous incidents but decided "no one could be so stupid as to do that again". Hey presto, yet another tech company adds itself to a list of famous names who try and commit commercial suicide. I bought the B51-80 for the Skylake processor and it came with the Windows 10 licence with it rolled back to Win 7 as per the business licence.

    The crapware installed actually caused issues with the running of the laptop, with the screen going blank for no reason.

    I spoke to Lenovo who were helpful, though incompetent in helping, but they sent me my recovery media very promptly. This was a clean install of Windows 10 Pro, no Lenovo crapware at all. No hidden partition, nothing.

    Once I had done the clean install, I am pleased with the laptop, good build quality, but this kind of dumbass move seems designed to kill their market share.

    • Christian Cawley
      May 14, 2016 at 7:57 pm

      Nice to read about a good support resolution!

  16. C Pearman
    May 13, 2016 at 6:46 pm

    I've run a small IT reseller business for 29 years (yeah, I'm THAT old). We sell Lenovo and Fujitsu into the small business and home markets. Lenovo machines are well built and reliable but the constant stream of crapware and reports about it makes customers nervous about the brand and takes time to remove before delivery. The company is arrogant and unhelpful but the problem is, so are most of the others. There isn't much margin in hardware so I guess they feel this makes it OK to monetize their customer base - whether they like it or not.

    • Eric Xu
      May 14, 2016 at 12:54 pm

      Lenovo stopped preloading bloatware on Windows 10 products onward.

      • C Pearman
        May 14, 2016 at 1:10 pm

        The problem is, Eric, that we've heard this from them before. The more times they get caught loading bloat/Spyware the more badly it eats at the brand's reputation.

        • Eric Xu
          May 14, 2016 at 1:18 pm

          Superfish was the only bloat or spyware. Lenovo Solution Center and Customer Feedback isn't spyware. It's a vulnerability. And Apple, Dell, HP has these same vulnerabilities. I do hope Lenovo will give us options to what software we want to download in the future. Will hopefully boost brand reputation.

  17. Zachary Brennan
    May 13, 2016 at 6:14 pm

    I have a Lenovo computer and wouldn't go back. The build quality of my device is superior to any dell or HP I've ever owned. Clean the bloatware out and you're fine. Maybe it's not a good computer for the every day user that doesn't know how to properly maintain.

    • Christian Cawley
      May 14, 2016 at 7:59 pm

      I'm pleased you're happy. So was I before the malware and manufacturing issue on a $1000 laptop.

    • Leah
      May 15, 2016 at 2:20 am

      Definitely superior to the two HP laptops my parents have, especially the one he's only had for like half a year and is already going bad. I keep asking if it's under warranty but they act like they don't know anything.

Leave a Reply

Your email address will not be published. Required fields are marked *