It seems from the article that the best way to handle this is to uninstall all the trash that comes with a new computer (or hell, reinstall windows from scratch). Do I need Lenovo's power management tools? No. Do I need its Wifi connection manager? No. Windows has all this stuff already and it works really, really well.
In my case, when I received my Lenovo the first thing I did after opening the box was unscrew the case and change the drive for an SSD. Before even powering it on once. But yeah, if I used the default HDD, I'd at least reformat it first thing. I'm a Linux user though, so I'd have to reformat it anyway, but I'd still reformat it even if I were a Windows user.
Microsoft, Google, Apple, Ubuntu, et al. all make decent OSes that are designed to, um, work. I don't get why manufacturers don't get this simple fact and always have to tamper with stuff. For the less-technical people out there, can't we have a "Nexus" sort of PC manufacturer who prides themselves in selling with ONLY vanilla OSes and as-standard-as-possible hardware components?
It's the same problem with Android currently which is that when every manufacturer is using the same OS they have to find a way to differentiate. In Android this means custom skins, custom apps, and the like. On Windows this means "free" antivirus, custom apps, and the like. It would be nice if they all just completed on hardware but then it's really a race to the bottom.
Do consumers actually differentiate on these extras? I don't think I've ever heard anyone say "Yeah I picked up a Lenovo laptop because the antivirus they package is better than Dell's" or "I got a Samsung phone because their skins are better than HTC's" I'd love to see the market research that backs that idea up...
I thought the real reason manufacturers do this is because they're in a very low margin industry. For computers they get some deal with software companies to pre-install their product, and similar for cell phones with service providers.
I'm not sure if the "free" antivirus counts as "differentiating", since it's almost always - without fail - either McAfee or Norton.
With that said, differentiating by custom UIs on top of the base platform (i.e. the Android approach) would be much better, and would be actually-useful differentiation rather than a matter of "well which company's going to fuck me over the least with their preinstalled shitware?".
I personally dislike custom UI's shipped by the phone manufacturer because more often than not it leads to delays in OS updates due to them needing to adapt their UI to core changes. Customization (by manufacturers) can come at a very high price for the end user in terms of security and upgradability.
Right, but that's leaps and bounds better than "free" McAfee, no matter which way you skin it.
This also isn't exactly universally true. HTC was pretty responsive in getting Lollipop out to my One M8, for example, even with its whole "Sense UI" shebang.
Their perspective is that they're adding value through software (i.e. without spending more money on hardware). Not that I agree with this line of reasoning...
Are you certain of this perspective or is this your best guess? I see people say this type of thing all the time, and I don't see any official statements corroborating them.
This might depend on country, but in most countries that have some consumer protection, replacing a hard disk and similar reasonable operations are considered to be normal use of the machine, and the consumer law says that the consumer may not be prevented from doing this.
When the customer is not a consumer but a company, then things might be different (companies may be able to give away their rights in a way that consumers may not).
In EU countries, a manufacturer may offer a warranty, but this is just supposed to be an extra service; the seller is at least required to provide defect liability (i.e. a device must fixed if broken when it is sold and it must last for a reasonable time in reasonable use).
I have a T440p laptop which opens up very nicely and cleanly for user hard drive replacement. 2 screws and the whole back cover pops off, no "warranty void" stickers or any of that. I also upgraded the WiFi module to one that supports 5 GHz, and upgraded the RAM to 16GB, all without any fuss from the chassis. It was significantly cheaper to order the barebones system and do these upgrades myself than to order a more advanced system pre-assembled from Lenovo.
So I don't think changing a hard drive would void it. But also, I don't usually care about warranties. Things usually break only after the warranty expires, and for any electronic device, as long as it's a common enough model number it's usually possible to get spare parts on eBay when the time comes.
Kinda offtopic, but this is a bit misleading. The T4x0s series, for instance, makes it very difficult to access anything -- and the T series is known as one of the good ones!
Also, Thinkpads all have a BIOS whitelist that prevents you from actually using the hardware you just easily installed.
Wow, wouldn't have guessed. Haven't played with a T4x0s. I have a T4x0p (T440p) and it's extremely easy to access everything. But I just looked at some Youtube videos and the 's' is indeed a world of difference from the 'p'.
I've yet to encounter a manufacturer that considered a hard drive swap to be warranty-voiding. Capacity upgrades are generally perceived to be routine enough to be considered normal use; making it warranty-voiding would be like making the installation/removal of USB devices warranty-voiding.
For example, If your HDD fails under warranty, they'll ship you a new one with the simple instructions to replace it. Only tool needed is a small Philips screwdriver. :-)
What is the motivation for Lenovo to keep making that software? I can't imagine it would be cheap for them, and I find it hard to believe people buy their products for the preinstalled software; Are there other reasons?
A guess: Lenovo is trying to differentiate the experience of using their computers from that of competitors.
When all vendors sell products running the same OS, with essentially the same keyboard, screen, processor, etc., their products become commodities and margins disappear; consumers will buy whatever costs least.
If consumers associate a special experience with your product, you might be able to charge a little more or at least have some brand loyalty.
For me, though, the "special experience" is hardware reliability and ease of maintenance, which is why I typically buy either Dell or Lenovo and avoid HP like the plague. Reliable hardware is the real differentiator for me, and I'm sure I'm not alone (though probably part of a minority of shoppers).
One could also differentiate by focusing on a custom-tailored UI/UX. This is a bit harder to do with Windows than it is with Linux (including Android), though.
> the "special experience" is hardware reliability and ease of maintenance, which is why I typically buy either Dell or Lenovo and avoid HP like the plague.
I have the same priorities, but how do you know which vendor's hardware is more reliable? All we have is anecdotal experiences. FWIW my experience is that HP's business product lines are most reliable, and Dell's business lines have relatively many quality issues. The HP Elite laptops have exceptional serviceability (better than any I've seen -- find a video and just look at how the laptop case opens for service) and tech support.
> I'm sure I'm not alone (though probably part of a minority of shoppers).
Consumers buy on price, but the priorities of business IT departments are similar to yours: reliability, serviceability, and support; the costs of downtime and skilled labor for repairs far exceed the savings from buying cheap machines. Each vendor sells consumer (e.g., Dell Inspiron), and business (e.g., Dell Latitude) product lines. Maybe try shopping the products they sell to corporate IT; those match your priorites. They cost more, but you get what you pay for.
Several years ago I tried to do a fresh Windows install on a ThinkPad Edge (their cheapo wanna be TPs), and I found out that I needed their power management software. I can't remember off the top of my head what the problem was, but it was quickly solved by downloading Lenovo's management tools. I just wanted things to work, so I didn't investigate further why my nilla install of Windows didnt' work.
I just bought a used five year old ThinkPad X201 Touch. One of the things I did with Lenovo's [new] upgradesoftware was upgrade the BIOS. Their software also offers fine grained control over lots of other proprietary hardware...e.g. the Watcom digitizer and security chip. It also offers fine grained control over the trackpad and function keys.
And the great thing is that Lenovo is keeping all that stuff current to support an ancient-in-internet years piece of hardware. This isn't HP consumer machine crapware...this is the stuff that costs Lenovo money not something they get paid to pre-install.
Why the hell would the fan rely on software to tell it to spin up? That function should be in the firmware. The logic board should be able to handle cooling without any software running on the machine.
You have described why there might be an interface for fan control that software could use. It does not justify not having the board opt for sane defaults.
I never said it would fry itself. It actually just turns itself off, and I have to remove the battery and power cord to get it to restart. And I only had this problem on Windows 7. Every major Linux distro I tried had proper power management support.
thanks for the clarification. you should have sent it back! it's probably out of warranty now. if you can switch off the ati graphics and use the intel graphics, that's a workaround.
If that was the case with the T500, that's exceptional. My T520 and T530 have no problem spinning up their CPU fans in all sorts of configurations missing Lenovo's utilities.
I have a Yoga Y 510 p. Windows barked at me after a few weeks of installing Windows 8.1 from scratch. It said I should get the latest version of the power utility from Lenovo. The power utility lets me spin up the fan which apparently can help get rid of dust. It also lets me select battery health mode as opposed to battery performance mode. When in battery health mode, the power supply does not charge the battery beyond about 60% and will not start charging before the power gets drained to about below 40%.
As far as I know, the power utility is the only thing I installed from Lenovo. The graphics drivers from nVidia came directly through Windows Update.
Should I be concerned? Should I uninstall the power management tools?
which driver would tell you to install a power utility? how would that happen? what driver, could possibly get installed by windows update that would tell you to do that?
that will install bare bones drivers and services, but not startup daemons, control panel software or anything that could give you a message telling you you need to install a power utility.
I think you have it backwards: The CPU fan spins. Until the OS (or the AML bytecode that the OS interprets as a part of ACPI) tells it "the CPU is cool right now, you can slow down and save power".
I'm pretty sure you're trolling, but I'll feed you. I wasn't fully clear. Really what I meant is that the fan always spins at a slow speed. When the processor heats up, the fan doesn't speed up, and eventually the cpu shuts down to protect itself. And I've spent 12 hours a day in front of this computer for the past 5 years. I know how it works.
You might be better off installing a Free Software operating system from scratch. (e.g. OpenBSD for the security fanatics, or any other *BSD, or Solaris, or some Linux distro.)
Even better: Buy a laptop without any operating system. However, in some cases this may make the laptop more expensive. (e.g. what if Lenovo gets paid by crap providers for pre-installing?)
Where do you get the installation media? I haven't seen more than a "system recovery disk" shipped with a consumer machine in at least a decade.
And I don't know about Lenovo, but I know that on the Dell laptops I last dealt with could never get a stock Windows 7 install to be stable without downloading Dell's drivers for the video card at minimum.
My Lenovo came with a recovery partition from which I could reinstall Windows. However, I suppose it would also automatically reinstall crapware, which is beside the point.
The solution was to download an official Windows 8 copy from Microsoft's website - the Windows installer will get the license key from the EFI.
Not as good as a recovery disk, as you will need to download and install manually all drivers, but vetting everything is part of the point.
I wasn't aware you could get vanilla windows install media for OEM license keys. Does this work with older windows versions as well? I have a Windows 7 Laptop that I would love to do this with,
It's a new feature with windows 8[1]. Unofficially you can install windows 7 using the OEM key (note this is not the key printed on the sticker on your laptop) and then activate it.
You would of course need to grab drivers from the manufacturer as well, but you can skip all of the bloatware (and borderline spy/malware) that comes with a retail machine.
I've tried this with an old laptop and the site refused to let me download anything. It claimed, for Windows 7 at least, that you need a retail key; OEM keys are not supported and you must go through your OEM. Really obnoxious.
I tried this and when I reinstalled I got all the bloatware back. It was pretty frustrating because I don't know what I did incorrectly.
I ended up putting a Microsoft Windows 8.1 iso on a flash drive using rufus. https://rufus.akeo.ie/
I don't understand why Microsoft won't just make the latest build of its operating system publicly accessible in ISO format for anyone to download. I mean I still have to enter a serial number and activate. Why not just let me download from a trusted source without jumping through a bunch of hoops?
They used to allow this (as recently as a few months ago). You could download any windows 7 iso and then would have to activate after install. They even provide a utility for making bootable flash drives from an iso (presumably for installing win7 without needing a disc). I have to imagine they stopped offering the images due to the high level of piracy.
With an image from microsoft and an easy to find, spy-ware free, super easy to use executable (I'll avoid mentioning names on here), it was way too easy to pirate windows.
Also, not sure why you still got bloatware with this method. Manufacturers typically offer all of the required drivers individually online. The drivers themselves are bloatware-free but maybe you got roped into installing a software pack for the machine or something?
We buy Lenovo. Its great hardware. We put in a custom image. The default image is a nightmare. I can't stress how terrible their applications are, even by the low standards of OEM default Windows apps.
I hope Win10 brings in more control from MS. The status quo really sucks.
1) This particular malware may be removable by reformatting and installing from a clean copy of Windows (which may not even be available without a separate purchase, since it's likely that the recovery disc that comes with the laptop contains the same default software installation.)
2) Reformatting and reinstalling to remove the malware requires knowing that there's a problem, which you wouldn't have if the articles about it hadn't come out.
From years of experience dealing with Windows preinstallations, I've defaulted to assuming that vendor-preinstalled operating systems contain malware/adware/etc. and installing a fresh copy of Windows (or better yet, GNU/Linux or one of the BSDs). While it's probably unreasonable to assume that all users can/should do this, it's certainly good advice, and it means that I've yet to be burned.
It is well known (via Snowden) that the US installs backdoors into US hardware and software for export to China, and it has for at least 15 years warned about the same from imports.
So none of this is particularly new. What is new is that the US is now moving against China on all fronts to prevent it from acquiring superpower status - to isolate it economically and politically, to block its trade and international investment programs, and to increase the risk of its using its military (with the second largest funding of any nation) to project power lawfully in the Asia Pacific.
So these articles come at a good time for the US.
You should not trust pretty much any hardware - recent revelations have shown that products come with backdoors; that is the article does not establish the absence of 'security flaws' by other manufacturers.
There's a big difference in intercepting packages and installing backdoors in a targeted and legal way, at least acording to SCOTUS who have zero problems with our status quo SIGINT operations thus making them lawful - and massive cyberwar attacks from China and cooked in state mandated malware.
I know HN hates the US and thinks China and Russia are bastions of liberty and human rights, but the US's method are a million times more ethical than autocratic states in regards to SIGINT. Heck, Putin had Kaspersky give him information on journalists he didn't like. Meanwhile, my Russian friends on VK are always bugging me about citizenship and H1bs. Yeah, they WANT to come here, pal. They hate it there, they aren't blinded by anti-US, anti-UN, anti-NATO propaganda so popular here. They're gentle geeks in fear of a dictator who could eliminate them at any moment.
If I had the power and wealth I would hire them all and bring them to the states. Every. Single. One.
>China on all fronts to prevent it from acquiring superpower status - to isolate it economically and politically,
We power their economy via our manufacturing and via the sales of our products. If anything they are close economic partners. Are we moving all of our manufacturing to Mexico or something? Seems to me the US is very much tied to the success of China. I can't interpret your statement as anything but incredibly dishonest. Does our national firewall block alibaba now? Oh right, we don't have a national firewall. They do. hell, my own company is tortured by their VPN and censorship limitations. This is a daily headache for me and I'm TRYING TO DO BUSINESS WITH THEM. If anyone is business hostile its them - to us. Hell, they outright block Google services on Android.
> and to increase the risk of its using its military
This is asinine. China is unilaterally taking over disputed islands with zero attempts to use diplomacy, the UN, etc. The Japanese, Korea, and others have claims on those islands. Why are you dismissing their rights? Because they are "evil US" partners as well?
Meanwhile the Chinese prop up the worst state in modernity which has become a mass murder state we have not seen since Stalinist times. I was just in South Korea and its complete madness that a modern democratic state needs to be terrorized by a client Chinese state 24/7 via a madman with nuclear weapons because the CCP likes to "stick it to America." The Koreans we met, drank with, laughed with, etc were no different than me. They bought us gifts and were so gentle, humorous, and loving (especially of children and the elderly) it breaks my heart to think they are one madman's decision away to shell Seoul which would destroy it, and them, in minutes. But I get to fly home to a secure nation because of our strong military and they get to sit there waiting the CCP to tell their pet attack dog to invade or have their pet attack dog go off chain and shell a few things and blow up some nukes to terrorize them. Its depressing. The one man who had a son in the military was so proud of his son's service and showed us many photos, knowing full well, that kid is mincemeat when the North decides it times to roll tanks with Beijing's blessing. The kid looked 16.
> to project power lawfully in the Asia Pacific.
This is pro-China bullshit right here. Lawfully by whose standards? The CCP? Oh okay. Only on a kiddie politics site like HN or reddit would a dishonest and extremely biased anti-US comment like yours be voted to the top. Grow up.
I wonder if perhaps the existence of intolerable tyrannies in both China and the US are not mutually exclusive?
> This is pro-China bullshit right here. Lawfully by whose standards? The CCP? Oh okay. Only on a kiddie politics site like HN or reddit would a dishonest and extremely biased anti-US comment like yours be voted to the top. Grow up.
If you resort to childish ad hominem attacks, you relinquish your credibility when it comes to telling people to "grow up".
I don't hate the US, so that's a weird accusation...
> > to project power lawfully in the Asia Pacific.
> This is pro-China bullshit right here. Lawfully by whose standards?
International standards. There is nothing wrong with sending your naval forces into international waters so long as proper notifications are made. China is doing this. Is is lawful. It is aggressive. The Japanese and Philippines don't like it. But it is lawful.
> There's a big difference in intercepting packages and installing backdoors in a targeted and legal way, at least acording to SCOTUS who have ZERO problems with our status quo - and massive cyberwar attacks from China and cooked in state mandated malware.
Yes there is. Actually, both the US and China (and France and Israel and Germany and the UK and Russia, etc, etc) perform massive cyberwar attacks. They all also backdoor their hardware and software en masse (not just targeted interception).
> the US's method are a million times more ethical than autocratic states in regards to SIGINT. Heck, Putin had Kaspersky give him information on journalists he didn't like.
I don't think you want an apple to apple comparison with the US... The US just turned their intelligence agencies on the Associated Press to ruin their relationships with informants and to track their sources... The US does have more covert ways of doing things - their censorship and propaganda efforts are more covert and rely more on bribery and deception than force. But is that something we want to cheer on?
The US is much better than Russia on journalistic rights. The US isn't fighting huge swaths of KGB installed media in the US, whereas Russia has to deal with Western NGOs and CIA intermediaries. So what? And why do you want to bring it up?
> We power their economy via our manufacturing and via the sales of our products. If anything they are close economic partners. Are we moving all of our manufacturing to Mexico or something? Seems to me the US is very much tied to the success of China.
We are tied to the success of China. But not its success of becoming a superpower. This is the distinction you are asking for.
> > and to increase the risk of its using its military
> This is asinine. China is unilaterally taking over disputed islands with zero attempts to use diplomacy, the UN, etc. The Japanese and others have claims on those islands. Why are you dismissing their rights? Because they are "evil US" partners as well?
Erg, well the situation is a whole lot more complicated than you made it? Technically nothing they are doing is illegal. I'm not going to say its right?
All I'm getting at is that no state is right. The US isn't a hero. Neither is China.
They are merely in conflict. We are stuck in the middle.
I didn't buy good versus evil. You did. For you the US is good and China is evil.
You are accusing HN (and me) of thinking China is good and the US is evil.
Neither is true. There is no good or evil. There are states in conflict. And there are ideals they both break.
The point of my post is to bring up the point that it is not China breaking with ideals. It is every nation breaking with ideals.
No, it is lawful. Find me an international law scholar that will call it illegal. Not a single one will.
It's true that the Chinese presence in the islands is disputed. US military presence on Japan is disputed. Disputed != Illegality; they should not conflated or confused.
All of the policymakers I follow complain about how difficult the situation is because technically it IS legal. It's unfortunate. But it is legal.
(In addition, they are building new islands from nothing, and then inhabiting them. This is mostly without precident, but the precedents that are there have it legal.)
Just receiving the new sputnik, oh hell no, the Ubuntu install was so broken. The benefit of shipping it with Linux is at least they made a decent attempt to work with Linux. Why an attempt? See first sputnik laptop.
Regardless of whether you trust the pre-installed software, it would assure that the hardware and firmware are compatible with Linux. Whether they rely on proprietary drivers is another question though.
Researchers seem to encounter a handful of privilege escalation vulnerabilities for Windows every year. I wonder if this will ever be "fixed" (dramatically reduced in number).
A well organized cyber-crime group or a whole number of spy agencies could have access to at least one such vulnerability throughout the year.
This specific case is not Windows. It's Lenovo's unbelievable hostility toward their customers in combination with their amazingly aptitude for being completely incompetent.
I would venture to guess that the adware service is running as SYSTEM. Any vulnerability in the service would escalate to system. You can do exactly the same thing in Linux (daemon running as root) and it would have a very similar surface area.
The only difference in this specific case is that Windows has idiots for hardware manufacturers. The only way to "fix" it would be for Microsoft to encourage users to wipe the default installation.
They probably rewrote "privilege escalation" to that sentence.
So they probably have some sort of way to root the box after getting in as a standard user. Oops!
So I feel like I missed a memo. Is there a list / primer on what we do and do not know about hardware backdoors, firmware backdoors and software backdoors?
This bothers me - a16z podcast also threw up a reference to "200 security hygiene" functions - keeping patches up to date and encryption at rest. But Incan only get to about ten.
Is there an appendix in SysAdmin / oReilly I should read or do I have to watch all the CEF notifications and work backwards to what preventative action Inshould stick in my sh file.
It's a serious question - I just don't feel I know what is dangerous out there anymore let alone have it automated.
I have a Lenovo ThinkPad, if I blow away the stock version of Windows 8 I'm currently running with an incoming Windows 10, will that blow away all the Lenovo bloatware?
> if I blow away the stock version of Windows 8 I'm currently running with an incoming Windows 10, will that blow away all the Lenovo bloatware?
It will remove the Lenovo applications, but the 'bloatware' and security risks could exist elsewhere, or example in BIOS or in a separate partition on the hard drive.
Or even worse - it's not inconceivable that some a bit too clever firmware for a ethernet or wifi device could be exploited by a specially crafted IP package that could be sent over the public internet. As such a device usually has DMA access that would be really bad. I don't think even "High" would be sufficient in that case though.
