PDA

View Full Version : OT - Help for Lenovo PC owners - A MUST read.



CCWKen
02-20-2015, 01:31 PM
Its been known for many years that OEM PC manufactures pollute their PCs with burdensome software add-ons but this takes the cake.

If you purchased a new Lenovo PC from June 2014 through January 2015, there's a good chance you have malware preinstalled by Lenovo. It's called Superfish and could open your PC to other hackers and more malware. Lenovo claims the software was loaded to "Consumer Grade" (read: cheap) PCs but it's been found on Lenovo Y50, Z40, Z50, G50 and Yoga 2 Pro laptops as well.

Lenovo spins the software as "technology that helps users find and discover products visually". What is does is force feed advertising on sites you visit including banking and secure sites by creating its own Trusted Certificates.

http://www.theregister.co.uk/2015/02/19/superfish_lenovo_analysis/

How to check for it: https://filippo.io/Badfish/

How to remove it: http://www.cnet.com/how-to/lenovo-superfish-adware-uninstall-fix/

Rich Carlstedt
02-20-2015, 01:58 PM
Thank You !
Rich

MrFluffy
02-20-2015, 02:00 PM
Whats worse is they Man in the middle the session with their own self signed key, and the password is the same for every pc shipped and its the name of the software company that wrote the intercept engine.

I have a lenovo here (in fact I have two in front of me, both idea centres both running gentoo linux), but my first job on purchase was as always to take the hard disk out and put it in the cupboard and start to install from scratch on a ssd drive.

However, before you beat down on lenovo too much, others have pulled exactly the same trick only worse. The nsa is under the spotlight for creating malware that lives on hard disk bios and is undetectable, and BT in the UK did this to their entire customer base and sent their traffic off for analysis to servers in the USA owned by a 3rd party (Phorm). They tried something to increase profits, got a backlash and removed it afterwards.

Jon Heron
02-20-2015, 02:14 PM
Here is a recent article with some more information, Superfish is transparent adware and the user had to opt in, or agree for it to run.
http://www.pcworld.com/article/2886690/lenovo-cto-admits-company-messed-up-and-will-publish-superfish-removal-tool-on-friday.html
Just another reason to run linux, no fear of this crap, you can order a Lenovo with linux preinstalled instead of Windoze too.
If your running Windoze your in danger of malware, adware, trojans, loggers, virili, etc every time you log on, so beware.
Cheers,
Jon

CCWKen
02-20-2015, 02:37 PM
Lets not go there again. Linux is full of holes too. More so than Windows. You just don't hear about it because the fixes are silent and Linux users aren't as free with public self-deficiencies. :)

dp
02-20-2015, 03:15 PM
Lets not go there again. Linux is full of holes too. More so than Windows. You just don't hear about it because the fixes are silent and Linux users aren't as free with public self-deficiencies. :)

Do you have some examples of vendor-installed spyware in any version of Linux and if so, which vendor and which Linux? For example it is well known that Ubuntu installed tracking software in Ubuntu's Linux to skew search results to Amazon. I don't know if Ubuntu still does this because they're on my never install, never recommend list. Apple added this to the Mac OS and it is enabled by default. Same with Firefox's search box. It's made it all but useless.

https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks

Any search pre-fetch should be assumed to be exploitation. In fact any uncommanded connection to the internet should be considered an exploit. That includes sites that provide JavaScript code that polls remote sites (not the same as an http refresh) or functions as a tracking beacon via cookies or other distributed method.

http://www.howtogeek.com/115483/htg-explains-learn-how-websites-are-tracking-you-online/

I'm perfectly happy to advise of exploits when I know about them and that includes all operating systems and software vendors. I don't install apps on my iPhone because there is so much exploit-ware at the Apple store. Who needs the grief? Social media is also right out. iPhone apps love the GPS location information to be enabled. Anyone have a guess why that might be?

Jon Heron
02-20-2015, 04:00 PM
Your right on DP, Ken cant see the forest for the trees being the big Windoze fanboi that he is, I believe he spewed this BS about windoze being more secure awhile back too and of course couldn't back it up with anything significant.
If windoze is so much more secure why is it repeatedly compromised, Ken? If linux is so insecure why cant you provide some real world examples of significant attacks on linux boxes?
The fact of the mater is that linux just has not had any of these issues, not just because its a small target and most malware authors use linux to deploy their crap, but also because of the way linux handles users and permissions.
The windoze fix for this will be the same as in the past, install 10 different antivirus/antimalware programs, fiddle with the registry and hope everything will boot and work once you get rid of the nasty...
I wasn't aware of the Ubuntu tracker but then I never liked unity, I am a fedora guy.
Crapple is gearing up to be worse then windoze ever was, greedy pigs...
Cheers,
Jon

MrFluffy
02-20-2015, 04:05 PM
Here is a recent article with some more information, Superfish is transparent adware and the user had to opt in, or agree for it to run.
http://www.pcworld.com/article/2886690/lenovo-cto-admits-company-messed-up-and-will-publish-superfish-removal-tool-on-friday.html
Just another reason to run linux, no fear of this crap, you can order a Lenovo with linux preinstalled instead of Windoze too.
If your running Windoze your in danger of malware, adware, trojans, loggers, virili, etc every time you log on, so beware.
Cheers,
Jon

Yes but no. The certificate is still in the trusted chain if you enable it or not. So any drive by hacks using the cert would still work even if your not opted in or its disabled. The fix for that aspect is in the article posted earlier, revoke that certificate.

Ken your way off the mark technically, so far in fact that I thought personally that it was a subtle attempt at humour, others think differently so who knows.

Jon Heron
02-20-2015, 04:18 PM
Got it thanks MrFluffy! I didnt think the cert would be used until the opt in but I really didn't look into it as it doesn't effect me.
It seems like this crap is bound to be an issue forever when it comes to big business software and hardware companies with low margins with lots of greed heaped on top...
Sent from a Lenovo X1 Carbon running secure f21. :p
Cheers,
Jon

MrFluffy
02-20-2015, 04:35 PM
Got it thanks MrFluffy! I didnt think the cert would be used until the opt in but I really didn't look into it as it doesn't effect me.
It seems like this crap is bound to be an issue forever when it comes to big business software and hardware companies with low margins with lots of greed heaped on top...
Sent from a Lenovo X1 Carbon running secure f21. :p
Cheers,
Jon
Not so much, anyone in a business of any size has a custom image on their pc built especially for that enterprise which is locked down and configured to only contain the bits they want in it. To do otherwise would be corporate suicide with espionage and many other issues.
Lenovo wisely decided to not risk inflicting this on their business range of machines. All the same I think it has done irreversable damage to their brand and rightly so. Its the reincarnation of that damn purple gorrilla we all suffered through in the 90s ripping out of relatives computers, what was it called? bonzai buddy or something, corporate greed has existed in many forms for since corporations first got going.

I could make a wry comment about corporate greed and big business and you using fedora f21 with systemD in it , but I wont turn this into a linux distro holy war, we can leave that ranting to redditers and /.

Black_Moons
02-20-2015, 04:53 PM
Its worse, the private key was of course in the Superfish software (Because else it couldn't work) and has been extracted. So now hackers can sign ANY WEBSITE they want with a superfish key and it will appear as legit on your machine. With DNS poisoning they can basically redirect YourBankName.Com to their website and have no SSL warnings appear, totally breaking the security of internet connections.

Jon Heron
02-20-2015, 04:53 PM
I could make a wry comment about corporate greed and big business and you using fedora f21 with systemD in it , but I wont turn this into a linux distro holy war, we can leave that ranting to redditers and /.
:p I hear ya!
I like systemD, its easy to work with and has given me no grief.
It seems to me that the big issues with systemD are more related to big ego's and resistance to change...
Cheers,
Jon

MrSleepy
02-20-2015, 05:57 PM
The nsa is under the spotlight for creating malware that lives on hard disk bios and is undetectable

I read this a few days ago

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

It is quite incredible how they are able to infect a windows PC ... I think I'm just going to get a read only linux Raspberry Pi2 that deletes itself after each session.

loose nut
02-20-2015, 07:26 PM
I would think that by now there are at least some PC's being produced with spyware hardwired in at the chip level that can't be detected. Machine shop tools are way more secure, a bit of rust maybe but no viruses. Do your business online at your own risk.

Black_Moons
02-21-2015, 02:03 AM
http://www.theregister.co.uk/2015/02/20/superfish_is_malware_us_government/
'the US government's Computer Emergency Readiness Team (US-CERT) today said the Superfish ad-injecting malware installed by Lenovo on its new laptops is a "critical" threat to security.'

CCWKen
02-21-2015, 09:51 AM
Your right on DP, Ken cant see the forest for the trees being the big Windoze fanboi that he is, I believe he spewed this BS about windoze being more secure awhile back too and of course couldn't back it up with anything significant.
If windoze is so much more secure why is it repeatedly compromised, Ken? If linux is so insecure why cant you provide some real world examples of significant attacks on linux boxes?
The fact of the mater is that linux just has not had any of these issues, not just because its a small target and most malware authors use linux to deploy their crap, but also because of the way linux handles users and permissions.
The windoze fix for this will be the same as in the past, install 10 different antivirus/antimalware programs, fiddle with the registry and hope everything will boot and work once you get rid of the nasty...
I wasn't aware of the Ubuntu tracker but then I never liked unity, I am a fedora guy.
Crapple is gearing up to be worse then windoze ever was, greedy pigs...
Cheers,
Jon
I gave proof. Perhaps you didn't understand it or didn't read it. There was the typical wormy dance by some on the data but the number count remains factual no mater how YOU see it.

I was simply providing a notice that may help some on this forum that own a Lenovo laptop. But it never fails to bring out the "Greater than thou" Mac and Unix users and the rest of the basement nose pickers attempting to disparage Windows. Those that like it use it, those that don't won't. I could care less. Don't get involved in the topic if you can't add something useful. Go back to your basement.