Thursday, February 19


Say No To Lenovo

I was thinking of getting a Lenovo notebook before I settled on the LG, since Lenovo and Apple are the only major manufacturers that still offer any build-to-order options in Australia.

Their Australian pricing isn't very good, though, and they're slow to release new models here, so I passed.  And now I'm really glad about that, because they just got caught putting adware with self-signed root certificates on their laptops.

The adware is bad.  The self-signed root certificates are downright criminal.  They mean that unless you install Firefox (which ignores any existing certificates and installs its own) the certificate owner can do...  Basically, whatever the hell they want.  You have no security and no privacy at all.  Even if you trust the companies involved - and they are obviously untrustworthy for doing this in the first place - it leaves you open to a third-party attack.

That's it as far as I'm concerned.  I'll never look at another Lenovo product, never recommend them, and warn people away if they ask.

Their non-excuses and non-apologies just turn it into a black comedy.  It's like being caught substituting ground-up diseased cockroaches for coffee, and putting a stop to the practice until you can find a source of disease-free cockroaches.

Update: The only tiny sliver of protection remaining was that the passphrase for the private key wasn't known.  But that was hours ago, and it's now been found.  Thanks Lenovo!

Posted by: Pixy Misa at 06:30 PM | Comments (4) | Add Comment | Trackbacks (Suck)
Post contains 241 words, total size 2 kb.

1 I'm still holding a grudge against Sony. It sounds like Lenovo gets to join them on my list.

Posted by: Ken in NH at Thursday, February 19 2015 11:02 PM (0Y1hO)


I've been reading about this Superfish thing, and it's really a trainwreck. It opens the doors wide for anyone who wants to do anything at all to the computer.

And if you follow Lenovo's instructions for uninstalling Superfish, it leaves that damned security certificate in place, which means the doors are still wide open. This is worse than the Sony root-kit...

Posted by: Steven Den Beste at Friday, February 20 2015 06:04 AM (+rSRq)

3 According to Ars, Superfish could sometimes get its cert installed in the Firefox store as well.  It wasn't guaranteed to happen, but there were instances of it occurring.

Posted by: ReallyBored at Saturday, February 21 2015 01:47 AM (ulGxe)

4 I don't use Windows, so neener neeener. Wait, I do use pre-installed Android on tablets, which is just as bad.

Posted by: Pete Zaitcev at Saturday, February 21 2015 06:49 AM (RqRa5)

Hide Comments | Add Comment

Apple pies are delicious. But never mind apple pies. What colour is a green orange?

46kb generated in CPU 0.03, elapsed 0.1999 seconds.
58 queries taking 0.1783 seconds, 299 records returned.
Powered by Minx 1.1.6c-pink.