Lenovo caught preinstalling malware onto its laptops. The kicker? It's horrifically insecure. - Polidicks

I can't be the first one to see the hilarity of the name. It's just a piece of ad software. Called "Super-Fish". No phishing at all here though, guise. What the hell. [editline]20th February 2015[/editline] Not that this is funny, by any means. [editline]20th February 2015[/editline] Slightly, maybe.

I recently bought a laptop for my girlfriend that had this on it. Going to attempt to get a refund/new laptop. Although I did uninstall superfish when I first bought it for her, cleaned it up.

So if you did a fresh install of the OS this shouldn't be a problem? Because I'm browsing from a X300 with Win7 installed but those links previously posted didn't throw me any errors/security warnings.

I honestly thought Lenovo were a respectable manufacturer. Seems strange they'd install this unless they were getting a HUGE cheque from the advertisers. Oh well, I don't have a laptop any more so it's not an issue.

Shit I was going buy a Lenovo, but my older laptop died right before the start of the fall semester last year and I couldn't wait the long ass wait for the computer I wanted to buy direct from them.

[QUOTE=EditOutJ;47177208]So if you did a fresh install of the OS this shouldn't be a problem? Because I'm browsing from a X300 with Win7 installed but those links previously posted didn't throw me any errors/security warnings.[/QUOTE] Doesn't sound like a fresh install then You installed fresh from a totally 100% independant-from-lenovo windows installer with a wiped hard drive?

Luckily my T400 isn't affected. It's sad to see this shit happen.

[IMG]https://pbs.twimg.com/media/B-TI0oHIAAA1BCg.jpg[/IMG] looks like microsoft appears to be doing something about it lucky I picked up a lenovo laptop before they actually started preinstalling the malware onto them, nevertheless I still removed a bunch of the trash software and in hindsight I should have just gotten a fresh copy of Windows

[QUOTE=KorJax;47177906]Doesn't sound like a fresh install then You installed fresh from a totally 100% independant-from-lenovo windows installer with a wiped hard drive?[/QUOTE] Windows installer was 100% Lenovo-free, but I don't remember doing a complete HDD wipe. Fuck

[QUOTE=EditOutJ;47178852]Windows installer was 100% Lenovo-free, but I don't remember doing a complete HDD wipe. Fuck[/QUOTE] you still have the cert installed then remove it: [url]https://filippo.io/Badfish/removing.html[/url]

[QUOTE=LordCrypto;47179075]you still have the cert installed then remove it: [url]https://filippo.io/Badfish/removing.html[/url][/QUOTE] Now it seems I don't have it at all. I'm glad. Very confused, but glad.

At this rate, we might as well buy laptops and remove their drives straight away and install new ones.

[QUOTE=Boilrig;47181163]At this rate, we might as well buy laptops and remove their drives straight away and install new ones.[/QUOTE] But then you have the backdoor firmware installed on all major HDDs, so you have to stop buying those too and buy cheap chinese ones that are usually shit but some may not be, and your PC may have issues too so it's out to find an ARM-based board that is powerful enough to emulate x86 fast enough to play games and render shit which doesn't exist at a consumer price point Point in case being that it's really either deal with it, try to make the companies change, or vote with your wallets.

Okay, I just tried cleaning this off my brother's laptop. Uninstalled it, deleted the cert, restarted, but I'm still getting the alert page on that website, is there anything I missed?

[QUOTE=EditOutJ;47179269]Now it seems I don't have it at all. I'm glad. Very confused, but glad.[/QUOTE] My guess is that you enabled that certificate from somewhere else then. [editline]20th February 2015[/editline] [QUOTE=asteroidrules;47181733]Okay, I just tried cleaning this off my brother's laptop. Uninstalled it, deleted the cert, restarted, but I'm still getting the alert page on that website, is there anything I missed?[/QUOTE] That's good then. That's what's supposed to happen, it's supposed to give you an alert.

[QUOTE=asteroidrules;47181733]Okay, I just tried cleaning this off my brother's laptop. Uninstalled it, deleted the cert, restarted, but I'm still getting the alert page on that website, is there anything I missed?[/QUOTE] if canibesuperphished gives you a cert warning you're fine, that's how it's supposed to work [img]https://lh4.googleusercontent.com/-BwafEgm2Dns/VOfeIWzf8UI/AAAAAAAARGQ/fWWsiwfooNg/s0/2015-02-20_17-23-50.png[/img]

Oh wow, how did I screw up that bad, I meant to say I'm still [b]not[/b] getting the alert, as in I get to the page without issue.

Well fuck, the laptop I got for Christmas did not give me the error message :/ Even after doing all the deletion stuff you guys have posted it I'm getting mixed signals now. The [url]http://canibesuperphished.com/[/url] link still says I can be but the [url]https://filippo.io/Badfish/[/url] link is telling me that it has been removed.

it's a weird firefox/chrome bug if you tested with one(superphish/filippo.io) before removing cert, test the other using IE if it bitches in IE for either one or both, you're fine. [editline]20th February 2015[/editline] @ above 2 posts

[QUOTE=LordCrypto;47182829]it's a weird firefox/chrome bug if you tested with one(superphish/filippo.io) before removing cert, test the other using IE if it bitches in IE for either one or both, you're fine. [editline]20th February 2015[/editline] @ above 2 posts[/QUOTE] Oh good my efforts worked. Thanks a bunch!

update update update: a: this is far worse than just superfish -CartCrunch Israel LTD -WiredTools LTD -Say Media Group LTD -Over the Rainbow Tech -System Alerts -ArcadeGiant -Objectify Media Inc -Catalytix Web Services -OptimizerMonitor all of those names have also been seen by Facebook's operational security issuing mitm root certs using the same engine as superfish (komodia) which brings me to part 2, aka the very bad one b: due to the way komodia wrote their interception engine, a self signed certificate can be presented as valid, no need to extract a key from each of those root certs, and it will be functional for every single komodia interception engine anyone who thinks they're vulnerable, [url]https://filosottile.info/[/url] if you don't get https error, you've got a komodia cert on your machine tl;dr: this went from bad, to [B][U][I]unimaginably[/I][/U][/B] bad [editline]20th February 2015[/editline] [url]https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339?_rdr[/url] [url]https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/[/url]

Yep, because it's a MITM attack, the browser never sees the true certificate from the site, and Komodia stuffed up their certificate validation and doesn't reject faulty ones, it just tries changing the hostname (Which their MITM cert still claims to cover). So having this crap installed entirely defeats any and all TLS connections, attackers don't even need to chain their fake certs to the Komodia root. And just to think, the one validation browsers could do to fight this, was disabled because they didn't actually want to break in this case (If something is MITM all your TLS connections and breaking them, you can't exactly direct said user to a secure guide on how to fix it)

When I bought my laptop I did a complete fresh install of Windows to get rid of all that bloatware, once with Windows 7, then I did it again with Windows 8, will be done again with Windows 10.

I almost bought a Lenovo laptop a month ago. Since I was completely unaware of everything when it came to new computers in 2014 because of my military service, I didn't recognize the brand and bought a HP brand laptop instead. I'm so glad I didn't buy from Lenovo. A bit humiliating, but I say HP brand because I don't know jack shit about this laptop.

Lenovo ThinkPads are still among the best laptops though. They're just not quite as good as when IBM made them.

[QUOTE=DrTaxi;47188473]Lenovo ThinkPads are still among the best laptops though. They're just not quite as good as when IBM made them.[/QUOTE] Unfortunately there isn't really much competition. You have what, MSI on the high performance end, and Mac on the premium quality. Even among business models, the thinkpad is priced far better than comparable latitudes and elitebooks.

[QUOTE=Levelog;47188986]Unfortunately there isn't really much competition. You have what, MSI on the high performance end, and Mac on the premium quality. Even among business models, the thinkpad is priced far better than comparable latitudes and elitebooks.[/QUOTE] Asus is the way to go, in my opinion. Excellent build quality and ventilation, great specs, same prices as everyone else, and barely any bloatware. The Q502 is one of my favorite laptops on the market right now.

[QUOTE=Cock Boner;47189010]Asus is the way to go, in my opinion. Excellent build quality and ventilation, great specs, same prices as everyone else, and barely any bloatware. The Q502 is one of my favorite laptops on the market right now.[/QUOTE] I've found just as much bloatware, and their customer support is literally shit.

I don't know why Lenovo got so much praise before this happend. They took a great product called ThinkPad and turned it into shit

[QUOTE=Impact1986;47189646]I don't know why Lenovo got so much praise before this happend. They took a great product called ThinkPad and turned it into shit[/QUOTE] They may have turned it to shit, but the ThinkPad didn't devolve as quickly as most other brands have imo. There just flat out aren't many good laptops on the market.