Ask HN: Would you buy a Lenovo again after Superfish? - secfirstmd
======
nine_k
Yes. Why:

* Good Linux support.

* Good price / performance ratio.

* Trackpoint.

Note that I only look at T series. The corporate-oriented T and X series were
not affected with Superfish at all.

~~~
jacobroufa
This.

------
cnvogel
Lenovo is a big company, and I'm pretty sure that the department responsible
for the preloaded junk is completely separate from the people doing security
(or, for that matter, any) testing on their regular drivers and utilities.

Unfortunately preloading of software with (to put it mildly) limited
usefulness is epidemic in the whole industry, and we also learned that
Superfish is only one of many products built with the "Komodia MITM toolkit"!
So, I really see this as one outlier in a crappy business. This could have
happened to every laptop manufacturer that has crapware in their default-
install. Which is every single of them.

~~~
subsection1h
> _the department responsible for the preloaded junk is completely separate
> from the people doing security_

Lenovo's CTO stated, "We're not trying to get into an argument with the
security guys. They're dealing with theoretical concerns." If the CTO and the
department that's responsible for choosing the default software are both
"completely separate" from everyone at Lenovo who has a clue about security,
what does that say about Lenovo?

~~~
cnvogel
The CTO also claimed that the preinstalled software would be appreciated by
users ;-). So better take his words with a grain of salt.

❝In general, we get pretty good feedback from users on what software we pre-
install on computers.❞

And yes, I'm pretty sure that security in third party software is at most an
afterthought. Security holes hardly every are as blatant as the one created
here, and my guess is that the normal process is to "just get an update from
the vendor, should any security holes become apparent."

With the constant change of bundled software, do you really think that a
thorough security review takes place? I'm very sure that this will only be
done on the utilities, tools and drivers that are built to operate on a much
broader range of devices (e.g. the ugly "battery icon" power manager
blemishing most Lenovo PCs' taskbars), will also be installed by
"enterprise"-customers, and generally are maintained over longer time periods.

The decision on including crapware certainly is done somewhere in marketing,
and then just passed on to whoever has to build the default image.

~~~
bobdvb
"pretty good feedback" could be interpreted as: 'the amount of hassle it
causes us is (normally) less than the amount of revenue we get'

------
bcolb
I might consider it given that I just run Linux on it anyways. Quality issues
with the case of my current thinkpad, an E530, are likely to give me more
pause.

I really do think there is a niche for linux compatible bare bones laptops. I
know that some companies make them, but most are of low quality. Maybe Dell
will come out with more options in the future.

But to answer your question, I would buy again, but would choose a competitor
over them if all other things were equal.

------
khara
How can you still buy a lenovo product? Superfish was a VERY a dangerous
software to have preloaded. I'm pretty sure lenovo engineers knew exactly how
dangerous this is and did absolutely nothing about it. And if no one in lenovo
knew then that is much worse. In essence, the company installed software to
spy on you, and I hear people defending their decision and say they will still
buy their products. It does not matter if you use linux or not. This is not an
honest mistake and I will never buy a lenovo product in my life. I will not
sit here and defend them or try to associate with them and defend their
incompetence/ignorance/maliciousness.

~~~
dingaling
To me, the software that comes installed on a laptop is as relevant as the
"special offer on peripherals and laptop bags" pamphlets in the box;
immediately discarded without a look.

It's the hardware that counts and to date Dell and Lenovo have been pretty
consistent in offering solid corporate hardware.

So personally I would buy Lenovo hardware particularly if payments made to
them for including the irrelevant crap actually knocks a few dollars off the
retail price!

------
th0br0
ThinkPads rock(ed). The current generations (post __20, i.e. W520) have
started to deteriorate in what I 'd call developer friendliness (still need to
pass a special boot line parameter to the kernel to get the system to boot up
properly with the dedicated nvidia GPU) as they've changed the keyboard and
mouse buttons (no longer 3 above the trackpad and 2 below, only 3 above) and
trackpad itself. + quality issues with the modern models and the build feels
weak compared to, e.g., the T61.

So, to be honest, I'm not sure.

------
magicaltits
Interestingly enough, the company that wrote Superfish (Komodia) is based in
Palo Alto, California.

I don't think it was malicious intent by Lenovo to install adware on user's
computers, rather, they were negligent to the fact they were dealing with an
incompetent software vendor.

I wouldn't hesitate to buy another Lenovo.

~~~
PhantomGremlin
> the company that wrote Superfish (Komodia) is based in Palo Alto, California

How do you reach this conclusion?

1) komodia.com/about doesn't have any geographic information on it.

2) Their whois entry says Israel, but is (deliberately?) misleading. Is that
phone number real?

Registrant Phone: +00.6142772739 The leading digits "614" don't match the
calling code for Israel which is 972, nor any Palo Alto area code. Instead
it's Columbus, Ohio?

3) It's hard to be sure what was recently on their website, because of a
claimed DDOS. But archive.org still has some old info
[https://web.archive.org/web/20150220024525/http://www.komodi...](https://web.archive.org/web/20150220024525/http://www.komodia.com/contact-
us/) which points to a PO Box in Israel, and gives a phone number with an
Israel calling code.

------
auganov
As long as they have the only reasonable Trackpoint [with physical buttons!
lol] I'll keep on buying.

------
noobermin
Since I usually run linux on the machines I buy, Superfish wouldn't be an
issue. In fact, the current laptop I have is Lenovo. The hardware is what
matters to me.

The matter of supporting them in this behavior gives me pause, though.

------
bryanrasmussen
I am really hating Mac at the moment and want off, so I guess - well I would
be removing Windows anyway... the answer is if the cost is really good.

------
jensnockert
Not really, this time it's in software and fixable with free software, next
time it's firmware…

------
esaym
I only buy Lenovo. Paid $120 for my T61 from ebay a couple of years ago.
Rocking Debian Stable.

------
mariuolo
Only at a discount.

------
r0nin
i'd only buy them 2nd hand now. Outcry and blog posts don't help with such an
attitude. Vote with your money.

------
jackgolding
I think I'll be swapping to Dell myself

------
azeirah
Yes.

------
whitehat2k9
Yes, if you can't distinguish between hardware and software you shouldn't be
buying a computer from anyone.

~~~
grover_hartmann
Problem is, what happens when they start doing this in firmware ROM next time?
If they don't already.

