Okay, so some people are drawing parallels between this and Lenovo's Superfish scandal that happened late last year and carried on for the first few months of 2015. I am not a fan of that comparison. In the case of Superfish, Lenovo added third-party software that tampered with security for the purpose of advertising on the user's machine. In this case, a first-party application has a remote code execution vulnerability that was dealt with responsibly.
This happens to pretty much everyone, regularly.
But, so our readers know, they should update their Lenovo System Update. The current version, which seems to be 5.6.0.34 as far as I can tell, has been available since April and is not affected. This bug only concerns 5.6.0.27 and earlier. The issues were discovered in February by IOActive and disclosed to the PC manufacturer, who updated them before the security company published the issue. Unless I'm missing something, this is how it is supposed to be done.
In Lenovo case it was greed,
In Lenovo case it was greed, and they got caught red handed allowing third party spyware, and it was “dealt with” after much outcry, at the cost of any trust for Lenovo’s products.
This bug, although not such a case of subterfuge, will still not make the past BAD actions go away, and maybe the packaging of bloatware needs to be regulated to such an extent that the user is given the choice at first boot up to selectively install only the necessary OS and the necessary software/drivers that are needed for a functioning device.
This just shows what a nasty bunch of folks the entire marketing “Profession” is in reality, and the only way that the consumer has any real course of action, is to avoid the sponsor’s product, be it a laptop OEM, or any other product maker’s intrusive ads, or metrics gathering spyware.
It’s time for a little virtual tar and feathering of the snake oil sales teams of the online/whatever marketing, and privacy violations Industry.
No business from me Lenovo!
I’m not sure what you are
I’m not sure what you are talking about. Superfish was not spyware, it is adware, and the issue wasn’t it being there it was that it had a fatal flaw that could allow attackers to create a fake certificate authority to sign executables, allowing malicious software to masquerade as official Lenovo software.
Bloat-Ware isn;t about greed, it’s about bottom line. Margins in the mobile computing market are slim, very slim, and there is a lot of compitition with this weird “if I’m gona go pricy I’m gona go mac,” mentality. Subsidiseing the cost to consumer with third party revenue is a major way to keep costs low. It’s not a practice any of us like, in a lot of casses the bloats are resource hogs actualy affecting performance, but then again none of us wana empty our checking account for a browser with a keyboard either. Best way, always the best way, buy the best spec laptop you can for the best price you can, wipe, fresh install.
AAAAAAAAAAND, this article has nothing to do with bloat, or scam, or greed or anything, they found a flaw with their auto-updater, they fixed it, they let us know.
Damage is done. The baby is a
Damage is done. The baby is a stillborn and Lenovo is a poopoo face.