ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Lenovo Ushers in a New Era of Mobile Workstation Power and Performance with Lenovo ThinkPad P50 and P70

    Scheduled Pinned Locked Moved IT Discussion
    141 Posts 14 Posters 30.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      According to Wikipedia: "Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems."

      Disrupt, yes. Gain access, yes. It meets two of the potential qualifications. It might easily have been used for gathering sensitive information, that it was used or would have been used before stopped we don't know, but that isn't relevant as it is already a recognized malware (all rootkits are by definition malware.)

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said:

        @scottalanmiller said:

        I'm not saying that Lenovo's intent was to steal banking data, what I'm saying is that their intent was to rootkit people's desktops. That's a malicious intent, it was accomplished.

        Then so is Dell's and HP's when they install drivers using this method and ergo this method needs to be completely removed from being allowed. But clearly even MS thinks this is a good idea because they built "Windows Platform Binary Table (WPBT)" which specifically has Windows go to the BIOS/UEFI to find these files that vendors put there do do exactly this.

        Agreed. Are Dell or HP controlling people's desktops without their permission or knowledge? Do you have documentation of that? You said that LoJack was doing this too, do you have a link? This should be huge news.

        DashrenderD 1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender
          last edited by

          How does it disrupt? Of course it gains access.

          But the same could be said of Dell or HP install ONLY drivers into a system.

          scottalanmillerS 2 Replies Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said:

            How does it disrupt? Of course it gains access.

            Every thread of someone trying to fix their machine is someone who has been disrupted.

            So you agree that it is malware by the common Wikipedia definition?

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said:

              But the same could be said of Dell or HP install ONLY drivers into a system.

              I've seriously never seen this. What's it called? How can we look it up?

              DashrenderD 1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @scottalanmiller
                last edited by

                @scottalanmiller said:

                @Dashrender said:

                @scottalanmiller said:

                I'm not saying that Lenovo's intent was to steal banking data, what I'm saying is that their intent was to rootkit people's desktops. That's a malicious intent, it was accomplished.

                Then so is Dell's and HP's when they install drivers using this method and ergo this method needs to be completely removed from being allowed. But clearly even MS thinks this is a good idea because they built "Windows Platform Binary Table (WPBT)" which specifically has Windows go to the BIOS/UEFI to find these files that vendors put there do do exactly this.

                Agreed. Are Dell or HP controlling people's desktops without their permission or knowledge? Do you have documentation of that? You said that LoJack was doing this too, do you have a link? This should be huge news.

                I never said that. I said that HP and Dell have been reported to have these same files just like Lenovo has regarding the "Windows Platform Binary Table (WPBT)".

                As for LoJack - again never said that LoJack is taking over people's computers, but when enabled it does install software that the user probably doesn't realize is happening.

                scottalanmillerS 2 Replies Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said:

                  As for LoJack - again never said that LoJack is taking over people's computers, but when enabled it does install software that the user probably doesn't realize is happening.

                  You said that they were doing the same thing. And the "thing" here is rootkitting people's machines without knowledge or permission.

                  Taking over people's computers is what we are discussing. IF anyone is "doing the same thing" to be used as an excuse why it is okay for Lenovo to do this, they've have to do roughly the same thing. What is LoJack doing that in any way relates?

                  DashrenderD 1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @scottalanmiller
                    last edited by

                    @scottalanmiller said:

                    @Dashrender said:

                    But the same could be said of Dell or HP install ONLY drivers into a system.

                    I've seriously never seen this. What's it called? How can we look it up?

                    from the Ars link

                    I would like to know if any non-Lenovo pc's have used this "Windows Platform Binary" method to run software from the firmware, because when I searched for it, I saw people with Dell's and HP's who thought they might have a virus, posting scan logs that contained the text "wpbbin.exe" (which would only be there if Windows found it in the BIOS and put it there) For example see https://www.google.com/search?q="wpbbin.exe"+site%3Aforums.malwarebytes.org (as early as 2013)

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said:

                      I never said that. I said that HP and Dell have been reported to have these same files just like Lenovo has regarding the "Windows Platform Binary Table (WPBT)".

                      So they are not doing this in a malicious way but are just using the same tools?

                      That sounds like normal installers. You can use an installer to do legitimate software installs, or you can use it to install a Trojan.

                      What Lenovo is doing here is not a legitimate use of the technology, and Microsoft agreed and shut it down.

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @Dashrender said:

                        As for LoJack - again never said that LoJack is taking over people's computers, but when enabled it does install software that the user probably doesn't realize is happening.

                        You said that they were doing the same thing. And the "thing" here is rootkitting people's machines without knowledge or permission.

                        Taking over people's computers is what we are discussing. IF anyone is "doing the same thing" to be used as an excuse why it is okay for Lenovo to do this, they've have to do roughly the same thing. What is LoJack doing that in any way relates?

                        If you believe that the POPUP mentioned in the OP in the Ars link is related, and that nothing more is coming down to the machine - then I would say this is similar to how LoJack works, possible exception is that YOU the owner have originally initiate the LoJack thing, but once enabled, if that computer is ever reinstalled, Lojack will reinstall itself from the BIOS - maybe you weren't aware that it could do that?

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said:

                          If you believe that the POPUP mentioned in the OP in the Ars link is related, and that nothing more is coming down to the machine - then I would say this is similar to how LoJack works, possible exception is that YOU the owner have originally initiate the LoJack thing, but once enabled, if that computer is ever reinstalled, Lojack will reinstall itself from the BIOS - maybe you weren't aware that it could do that?

                          The popup is not related to what we are discussing. That's something else. There is NO permissions being requested for the rootkit issue.

                          I feel that finding one guy somewhere mentioning a popup about something else has led you down the garden path. The issue at hand is not one with a pop up.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            @Dashrender said:

                            I never said that. I said that HP and Dell have been reported to have these same files just like Lenovo has regarding the "Windows Platform Binary Table (WPBT)".

                            So they are not doing this in a malicious way but are just using the same tools?

                            That sounds like normal installers. You can use an installer to do legitimate software installs, or you can use it to install a Trojan.

                            What Lenovo is doing here is not a legitimate use of the technology, and Microsoft agreed and shut it down.

                            What? Microsoft said that Lenovo had implemented it poorly - i.e. no security.. but not that it a wrong use of the tech - if they did say wrong use of tech, I'd love a link so I stand corrected.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              Here is another link that states without any doubt that there can be no popup as the action takes place before the OS is even running...

                              http://thehackernews.com/2015/08/lenovo-rootkit-malware.html

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @scottalanmiller
                                last edited by

                                @scottalanmiller said:

                                @Dashrender said:

                                If you believe that the POPUP mentioned in the OP in the Ars link is related, and that nothing more is coming down to the machine - then I would say this is similar to how LoJack works, possible exception is that YOU the owner have originally initiate the LoJack thing, but once enabled, if that computer is ever reinstalled, Lojack will reinstall itself from the BIOS - maybe you weren't aware that it could do that?

                                The popup is not related to what we are discussing. That's something else. There is NO permissions being requested for the rootkit issue.

                                I feel that finding one guy somewhere mentioning a popup about something else has led you down the garden path. The issue at hand is not one with a pop up.

                                Other people in that thread mention the popup as well. And the reality is probably most people just didn't see the popup, but If it shows that the popup isn't related.. then I'll ceed the point

                                1 Reply Last reply Reply Quote 0
                                • W
                                  WingCreative @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  @WingCreative said:

                                  Instead, it was used like some sort of hidden DRM to ensure Lenovo software persisted when one assumed only Microsoft software would remain. This DRM-like system did not use SSL, allowing anyone sharing your connection the opportunity to intercept and modify the connection and traffic created every boot cycle. Boo to that.

                                  I already agreed that Lenovo did a poor implementation of this solution, but the claim that this is malware - it's no more malware than Dell installing it's own solutions to the computer. They get off the hook ONLY because they prompt before the install actually takes place.

                                  Fair enough - Ultimately we probably don't/won't know enough details about what was being downloaded every boot cycle to determine whether or not it was malware according to Wikipedia's definition. Badware, definitely! But outside of the security vulnerability, it could be argued that making sure Lenovo Service Engine is installed dilutes the term malware to the point where Windows 10 could also be considered malware as it does not seem to truly respect all user privacy settings at the moment.

                                  With that said, we (or at least I) don't know what exact info the Lenovo Service Engine was sending outside of Lenovo's description. With Lenovo's reputation for doing dumb, sneaky stuff for a quick buck, their slippery PR department, and the fact that they are a Chinese hardware manufacturer, many people are assuming the worst. I have seen people suggesting this was part of a backdoor for the Chinese government and other things along those lines. That would fall under the "gather sensitive information" part of the definition of malware, but we don't know if that was the case.

                                  All we know for sure is that a hardware manufacturer insecurely set up a system to make sure their computers reported system information for a few months before getting shut down. The insecurity and exploitation potential makes it badware. Software made to persist despite users' best efforts is malicious in my opinion, and I don't understand why Lenovo would go to such lengths to ensure the Lenovo Service Engine was persistently installed if it only sends system information once before disabling itself as they say. In my opinion, there are too many unknowns to definitively say "Lenovo included persistent malware on their consumer devices" beyond reasonable doubt, but there are enough things that don't add up for me to avoid buying or recommending Lenovo in the future and keep an eye on this situation as it develops. I do understand hesitating to declare Lenovo outright malware peddlers though.

                                  scottalanmillerS DashrenderD 3 Replies Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    Here is another link that states without any doubt that there can be no popup as the action takes place before the OS is even running...

                                    http://thehackernews.com/2015/08/lenovo-rootkit-malware.html

                                    OF course it does! Just like Dell and HP installing Drivers before the OS loads!

                                    scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @WingCreative
                                      last edited by

                                      @WingCreative said:

                                      Fair enough - Ultimately we probably don't/won't know enough details about what was being downloaded every boot cycle to determine whether or not it was malware according to Wikipedia's definition.

                                      This description alone makes it malware. Because it is automatically downloaded and installed by Lenovo's control the have control of the machine. It meets the malware definition from that part alone. Rootkits are malware. I don't see much grey area here, this is about as malware as it gets, right?

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said:

                                        OF course it does! Just like Dell and HP installing Drivers before the OS loads!

                                        Of course it does what?

                                        DashrenderD 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @WingCreative
                                          last edited by

                                          @WingCreative said:

                                          ....Software made to persist despite users' best efforts is malicious in my opinion....

                                          Exactly. No matter what they intended to do, or how they intended to use it doesn't matter. What matters is only the part that we know. They installed a rootkit, they used it. Malicious intent and malicious action. The part about malware is without question, IMHO. Why would they do it? Stupidity for all we know. Doesn't matter, the inexcusable action happened regardless of how they planned to exploit it.

                                          1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @WingCreative
                                            last edited by

                                            @WingCreative said:

                                            All we know for sure is that a hardware manufacturer insecurely set up a system to make sure their computers reported system information for a few months before getting shut down. The insecurity and exploitation potential makes it badware. Software made to persist despite users' best efforts is malicious in my opinion, and I don't understand why Lenovo would go to such lengths to ensure the Lenovo Service Engine was persistently installed if it only sends system information once before disabling itself as they say.

                                            This is only on desktop, Laptops they say it keeps coming back - as designed.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 6 / 8
                                            • First post
                                              Last post