ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Lenovo Ushers in a New Era of Mobile Workstation Power and Performance with Lenovo ThinkPad P50 and P70

    Scheduled Pinned Locked Moved IT Discussion
    141 Posts 14 Posters 30.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Saw this thread too: http://community.spiceworks.com/topic/1121374-lenovo-laptops-now-come-with-a-free-rootkit

      1 Reply Last reply Reply Quote 0
      • Deleted74295D
        Deleted74295 Banned
        last edited by

        Bit late to the conversation.

        Yoga Network Shims, any source articles of that to reference?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Deleted74295
          last edited by

          @Breffni-Potter said:

          Bit late to the conversation.

          Yoga Network Shims, any source articles of that to reference?

          There are tons, most articles only talk about it as malware as the majority of users are unaware of the concept of a network shim. That it was a network shim was blatant as it blocked sites like MangoLassi (how it was first detected around here) by intercepting the HTTP stream and not handling io.socket calls correct (very common in older proxies, so it was immediately clear what was happening) and by the fact that even a fresh install of Windows, even a direct from Microsoft one, had the issue instantly when the only available driver for the internal network cards, the one from Lenovo, was installed. The only source of the shim was in the network driver itself!

          http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-need-to-know/

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            From the above article:

            But there’s a bigger concern that Lenovo is intercepting encrypted traffic so it can show ads on people’s computers. In the security world, this is known as a man-in-the-middle attack.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                Looks like they are still at it - though in a less notorious way this time.

                http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/

                The long and the short - Lenovo is using a method that security companies like LoJack have been using for years to install software into windows from the BIOS.

                Microsoft has made this even easier for them by creating a new connection in the UEFI that is part of Windows itself.

                On the surface, something like this seems really convenient for consumers (not needed for businesses - they have IT staff to build images, etc). You scratch install the system but of course Windows doesn't have drivers for the hardware, the BIOS pushes down a version of the driver into windows and the end user doesn't have to be concerned about using another computer to find drivers (assuming the network drivers in windows aren't there).

                The main bad part is inclusion of OneKey Optimizer - which is being reported as Lenovo junkware - but other than claiming to clean up some temp files, I'm not really sure what the issue with this software is.

                Frankly I fully expect to see embedded drivers like this on all future systems. Manufacturers are trying to find ways to reduce their support overhead. Pushing out at least a starter driver to get the system online, then a manufacturer update tool to get the latest drivers from the manufacturer's website - this seems like a win for the consumers - as long as it's implemented correctly (think TLS connections, etc).

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  As suspected, the paid PR shills and the community fanboys are starting to come out calling anyone who things what Lenovo did "paranoid".

                  DashrenderD 1 Reply Last reply Reply Quote 1
                  • Deleted74295D
                    Deleted74295 Banned
                    last edited by

                    Oh right, so it's SuperFish, there isn't a third "network shim" out there.

                    I'd already caught up on the latest bit of fun, so much warning clients.

                    https://darait.co.uk/2015/08/lenovo-another-security-hole-found/

                    scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Deleted74295
                      last edited by

                      @Breffni-Potter said:

                      Oh right, so it's SuperFish, there isn't a third "network shim" out there.

                      Yes, Superfish was a network shim that ran a man in the middle attack not just on HTTP but with a signed SSL cert so that it could intercept secure data too like banking information.

                      Deleted74295D 1 Reply Last reply Reply Quote 0
                      • Deleted74295D
                        Deleted74295 Banned @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @Breffni-Potter said:

                        Oh right, so it's SuperFish, there isn't a third "network shim" out there.

                        Yes, Superfish was a network shim that ran a man in the middle attack not just on HTTP but with a signed SSL cert so that it could intercept secure data too like banking information.

                        Yeah I know what it did, Just got confused halfway through the thread in case they did it on a separate occasion.

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @scottalanmiller
                          last edited by Dashrender

                          @scottalanmiller said:

                          As suspected, the paid PR shills and the community fanboys are starting to come out calling anyone who things what Lenovo did "paranoid".

                          Are you saying that against what I just wrote?

                          The links provided above specifically mention that HP and Dell have been found to be deploying the autochk.exe as well. This isn't just a Lenovo thing.

                          Granted - Lenovo seems to have gone a step further with their OKO. But I can't say that OKO is crossing the line, if it's malware or tracking, etc - then it's crossing the line, otherwise...

                          Let's take Lenovo out of this for a second.

                          If Dell did this, and had a BIOS shim that installed a NIC/WiFi driver that downloaded a Dell support package - would you crucify them?

                          scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @Deleted74295
                            last edited by

                            @Breffni-Potter said:

                            Oh right, so it's SuperFish, there isn't a third "network shim" out there.

                            I'd already caught up on the latest bit of fun, so much warning clients.

                            https://darait.co.uk/2015/08/lenovo-another-security-hole-found/

                            You said 'third'
                            Are you saying that SuperFish was #1
                            and Lenovo's driver shim was #2?

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said:

                              Are you saying that against what I just wrote?

                              No, I hadn't even seen that you had written anything. In SW a known semi-troll is out using terms like paranoid and claiming that Lenovo did nothing wrong.

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @scottalanmiller
                                last edited by

                                @scottalanmiller said:

                                @Dashrender said:

                                Are you saying that against what I just wrote?

                                No, I hadn't even seen that you had written anything. In SW a known semi-troll is out using terms like paranoid and claiming that Lenovo did nothing wrong.

                                OK just checking after our conversation of yesterday 🙂

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  If Dell did this, and had a BIOS shim that installed a NIC/WiFi driver that downloaded a Dell support package - would you crucify them?

                                  No, because they don't have a track record of inexcusable behaviour. We are talking about a known malicious entity doing another thing very malicious.

                                  Would I be happy if Dell was doing something similar? No. But if they were at least doing it with good intentions (legit drivers) it would not warrant crucifixion. If they did it to push malware? Absolutely.

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    @Dashrender said:

                                    If Dell did this, and had a BIOS shim that installed a NIC/WiFi driver that downloaded a Dell support package - would you crucify them?

                                    No, because they don't have a track record of inexcusable behaviour. We are talking about a known malicious entity doing another thing very malicious.

                                    Would I be happy if Dell was doing something similar? No. But if they were at least doing it with good intentions (legit drivers) it would not warrant crucifixion. If they did it to push malware? Absolutely.

                                    OK so we're on the same page then, the general idea of what is going on here is OK'ish, but because it's Lenovo - and we hate them with cause - this is untrustable.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      OK so we're on the same page then, the general idea of what is going on here is OK'ish, but because it's Lenovo - and we hate them with cause - this is untrustable.

                                      OKish at best. If it is well known and easily testable and controllable, then okay. If it is secret, not controllable and/or pushing malware it is not okay at all. That it is secret, pushing malware and doing so from a known threat source we have a pretty major issue.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        For example, if Dell or HP did this and offered a way to turn it on and off in the BIOS settings, great. Having this sort of thing as an option is wonderful. Options are "always" good.

                                        But it's no different than saying we are installing software. Guy comes to your house and installs MS Office for you. Good. Another guy comes to your house and installs five toolbars on IE or whose, a keylogger. Bad.

                                        It's not the act of installing the software that is good or bad, it is what is being done. Primarily. In this case the uncontrolled push of the software is another problem. We can say "oh it's just a NIC driver, that's good" but we are specifically talking about a vendor who put spying capabilities into their NIC drivers.

                                        1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender
                                          last edited by

                                          What's more concerning to me is if hackers will be able to update the UEFI remotely to include their own updates to your system though either the older or now available MS solution, AKA a wipe and reinstall won't be effective anymore.

                                          Just like a wipe and reinstall of Lenovo's machines wasn't effective because the shim was baked into their NIC driver, which was your only option for using the building in WiFi.

                                          scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Dashrender
                                            last edited by

                                            @Dashrender said:

                                            What's more concerning to me is if hackers will be able to update the UEFI remotely to include their own updates to your system though either the older or now available MS solution, AKA a wipe and reinstall won't be effective anymore.

                                            Yes, while what Lenovo has done technical makes them hackers (the Superfish case at least) the much bigger fear is not that Lenovo themselves will use their tools to siphon off your banking info because they have too much too lose (I have no doubt that they would if they thought that they could get away with it) but that others will leverage this as a gateway to your systems. This would be a field day for hackers - and it can be as easy as being a Lenovo employee or knowing one to potentially have access to data that would make this trivial to exploit without even needing to break into anything. And since Lenovo operates from a jurisdiction that will protect them in case of an attack on US companies, there is effectively no legal or financial incentive to keep them from doing so.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 3 / 8
                                            • First post
                                              Last post