You are not logged in.

#1 2015-02-21 08:40:24

pablokal
Administrator
From: Nijmegen, Holland
Registered: 2010-10-12
Posts: 3,634
Website

Lenovo and Superfish, the hardware seller as malware agent

Security experts have discovered a highly threatening vulnerability in software preinstalled on some Windows computers manufactured by Lenovo through January 2015. Extreme negligence on the part of Lenovo and unscrupulous programming by its adware partner Superfish seem to have caused the vulnerability.

The basis of the problem is a program by Superfish that is designed to interject advertisements into users' Web browsing. That's irritating, but it gets worse. Superfish also installs a certificate that intercepts Web traffic and cripples the host computer's ability to use HTTPS to validate the authenticity of Web sites. This leaves an open door for attackers to use fake versions of sites that should be secure -- like bank Web sites -- to steal personal information. You can read more about the vulnerability at Ars Technica.

Whenever you use proprietary software like Windows or Superfish, true, trustable, verifiable security is always out of reach. Because proprietary code can't be publicly inspected, there's no way to validate its security. Users have to trust that the code is safe and works as advertised. Since proprietary code can only be modified by the developers who claim to own it, users are powerless to choose the manner in which security bugs are fixed. With proprietary software, user security is secondary to developer control.

Recent high-profile security vulnerabilities in free software, like Heartbleed and POODLE, were created when well-intentioned developers made mistakes that were difficult to detect. But this is different -- Lenovo and Superfish caused a massive security breach for the sake of expedience in generating ad revenue.

These companies have shown such blatant disregard for the public trust that they will have to work hard to restore it. Lenovo should work with a third party committed to the public interest -- like the Free Software Foundation -- to create and sell laptops that are certified to respect user freedom and come with a preinstalled free operating system. Join us in calling for this change on social media (see our recommendations for social media platforms).

http://arstechnica.com/security/2015/02 … nnections/


Getting your questions answered here at ArchBang Forums
Please! Always give hardware info, if there is a chance that 's relevant: #lspci -vnn
On Arch(bang) and Openbox: http://stillstup.blogspot.com/

Online

#2 2015-02-21 17:39:26

oliver
Administrator
Registered: 2010-11-04
Posts: 2,209

Re: Lenovo and Superfish, the hardware seller as malware agent

What a depressing and disappointing story

Offline

#3 2015-02-21 18:06:08

scjet
Member
From: Canada
Registered: 2010-12-01
Posts: 1,468

Re: Lenovo and Superfish, the hardware seller as malware agent

I know eh.
...couple that with stuff like this, and more: http://www.pcworld.com/article/2883903/ … mware.html
and it just becomes a scarier, and more disgusting, big brother reality.  sad

Last edited by scjet (2015-02-21 18:12:12)

Offline

#4 2015-02-22 06:31:55

ArchVortex
Retired
From: Ts’elxweyeqw, Canada
Registered: 2011-04-01
Posts: 1,465

Re: Lenovo and Superfish, the hardware seller as malware agent

My wife wanted to buy a new Lenovo laptop yesterday and I told her there was no way we're getting a Lenovo. The hardware, features and price were a good deal and I know I could get it without Windows installed (most computers here come with no OS)but not with those ethics. We got a Fujitsu instead. I traded in my Lenovo Android mobile phone a few hours after I first read the article. No sense in taking a chance and I don't want to support that kind of company. Glad I traded in the phone because I got a second hand Samsung Galaxy III and installed CyanogenMod.


You have the capacity to learn from mistakes. You'll learn a lot today.
FP:E5F8 7DBA 8128 9ACB 75F7 7279 BE34 AB66 76D9 16DE
KEY ID:76D916DE
Currently running ArchBang / LFS / OpenSUSE Tumbleweed

Offline

#5 2015-02-22 08:35:21

pablokal
Administrator
From: Nijmegen, Holland
Registered: 2010-10-12
Posts: 3,634
Website

Re: Lenovo and Superfish, the hardware seller as malware agent

Great! These are drastic measures!! When they notice this in their profit chances they will be sooner inclined to reconsider their anti-consumer politics!


Getting your questions answered here at ArchBang Forums
Please! Always give hardware info, if there is a chance that 's relevant: #lspci -vnn
On Arch(bang) and Openbox: http://stillstup.blogspot.com/

Online

Board footer

Powered by FluxBB