Lenovo once again accused of attacking their own customers. Maybe it's time to switch to Mac?
Back in February Windows PC manufacturer Lenovo was caught injecting Superfish adware onto some of their laptops, not only exploiting their own customers but leaving those customers open to man-in-the-middle attacks. Now they've been charged with using something akin to a rootkit to make sure their own customers can't cleanly reinstall Windows, not without Lenovo reinstalling updaters, app installers, and system data collectors as well. And yes, this Lenovo hack was also potentially exploitable by malware. Owen Williams, reporting for The Next Web:
The users discovered the issue in May when using a new Lenovo laptop that automatically and covertly overwrote a system file on every boot, which downloaded a Lenovo updater and installed software automatically, even if Windows was reinstalled from a DVD.
The only problem is that nobody actually asked for this software, and it persisted between clean installs of Windows. Lenovo was essentially exploiting a rootkit on its own laptops to ensure its software persists if wiped.
Lenovo appears to have been able to do this by abusing a system Microsoft put in place that would allow anti-theft software to survive a re-installation of Windows. Because the way Lenovo implemented seemingly left the door open for third parties to exploit it and install malware, Lenovo issued a fix. A complete patch that removes the rootkit-like software entirely was also released but apparently wasn't pushed out to customers as an automatic update. It currently needs to be found, downloaded, and run manually.
To be one hundred percent crystal clear, bugs happen to every vendor, including Apple, and they need to be patched as fast as possible to protect customers from the exploit. But this wasn't a bug. If the charges are accurate, this was an attack. This was Lenovo not only failing to protect customers but acting as an attacker customers need to be protected from.
Lenovo's behavior here would be like punching a customer in the face and then hanging around to drive them to the hospital if they bothered to ask. The customer would still have been punched in the face.
It scared Owen enough that he added this to his coverage:
The revelation is one that makes me slightly nervous: a truly clean, untouched install of Windows is now very difficult to achieve, and computer manufacturers are quietly installing software without user knowledge.
It's hard to give Lenovo any benefit of the doubt here either, given the company's past behavior with Superfish. So, rather than paraphrasing what I wrote the last time Lenovo was caught attacking their own customers, I'll just quote it:
This isn't the first time a manufacturer has deliberately sabotaged its products to service its own ends. (Sony, famously, implemented [rootkits] on their own customers to try and prevent them from enjoying their own music on their own computers.) And despite the inevitable fallout from Lenovo's massive misstep, it probably won't be the last time, either. Adware and crapware have become increasingly ubiquitous on OEM PCs, and declining industry profits may turn yet more vendors towards their worst angels.
Apple makes its money up front. The company makes great products that provide far more value than they cost, and enough people feel that to way to have made the Mac the only current desktop and laptop success story in the market. The Mac's share keeps growing even when the PC market as a whole has shrunk. And it's beyond profitable enough that we, as customers, don't have to worry about Apple implementing any adware or crapware schemes anytime soon.
Just like with Apple's services, the company believes in selling the product, not selling out the customer.
Whether anyone chooses to trust in Lenovo's products again makes no difference to me — I'm using a Mac. My interests and Apple's currently align. I'm fine. Not having to wake up one morning to discover the company that made my computer has betrayed me is of enormous comfort and value to me — far beyond the cost of the device itself.
Apple isn't perfect, and there are certainly bugs and features on OS X and iOS that need to be fixed. But they aren't intentional, they aren't malicious, and they aren't out to deceive or trick customers into giving away their personal data. As of right now, today, the company is making privacy, security, and integrity not only a point of pride, but a core feature and value proposition of its product line.
And I bet more and more people take notice of that, and more and more people switch to the Mac.
What to do if you're at risk
If you're using a Lenovo computer, here's what you should do:
Then, if you really need a Windows PC, consider getting one from a Microsoft Store that's adware- and hopefully rootkit-free. If not, strongly consider getting a Mac. You can even run Windows on your Mac if you really want to.