I'm always surprised that Lenovo use in the enterprise space didn't take a hit after all this came to light. I would have thought competitors like Dell and HPE would have used that opportunity to disparage Lenovo.
No enterprise is using the base windows image that came from Lenovo with the superfish malware. They all build their own standard operating environment image that would not include the Lenovo bloatware. I would be surprised if Lenovo enterprises even realized they were shipping this way and have no reason to react negatively. Their competitors also live in glass houses and so cannot throw stones.
So yes, in a normal case, one would expect to be safe because they are using their own built image. But Lenovo went much further than simply installing crapware, they added a firmware that updates files on startup in the OS to ensure that they had a way to install whatever they wanted onto your system [1].
No enterprise would use the factory image, but a lot of small businesses would and they were put at risk as a result.
We can of course say they shouldn't have trusted it, but honestly, should it be normal to expect the manufacturer of the machine to be malicious?
Not to mention the other commenters pointed out that they used the firmware to reinstall the malware even on otherwise clean images, so even enterprises could've been at risk.
Lenovo is behaving as an attacker against its customers. That sophisticated customers had defenses for this particular attack is irrelevant. Imagine if iPhones started trying dictionary attacks against their peers on WiFi networks. Would you shrug it off and continue buying Apple products because you trust your password complexity rules?
It’s great that the countermeasures worked this time, but Lenovo is still your adversary. They deserve the same response as any other insider who tries to MITM your traffic: immediate termination, a thorough search for any remaining implants, and an FBI battering ram through their door.
35345dfgd|7 years ago
lamlam|7 years ago
[1] https://www.theregister.co.uk/2015/08/12/lenovo_firmware_nas...
Rjevski|7 years ago
We can of course say they shouldn't have trusted it, but honestly, should it be normal to expect the manufacturer of the machine to be malicious?
Not to mention the other commenters pointed out that they used the firmware to reinstall the malware even on otherwise clean images, so even enterprises could've been at risk.
larkeith|7 years ago
Do you have a citation for Lenovo's competitors installing comparably vulnerable malware?
[1] https://threatpost.com/lenovo-hit-with-criticism-over-second...
closeparen|7 years ago
It’s great that the countermeasures worked this time, but Lenovo is still your adversary. They deserve the same response as any other insider who tries to MITM your traffic: immediate termination, a thorough search for any remaining implants, and an FBI battering ram through their door.
jammygit|7 years ago
https://arstechnica.com/information-technology/2015/11/dell-...
Apparently hp also
https://www.computerworld.com/article/3238512/microsoft-wind...
lamlam|7 years ago
hannob|7 years ago