Lenovo system update flaws plugged, security world not impressed Lenovo faces renewed accusations of lax security practices - just three months after the Superfish debacle - after it was obliged to fix flaws in its software update system. Security researchers at IOActive uncovered a mechanism that would have allowed hackers to create a fake certificate authority in order to sign executables …
It always puzzles me too. All they seem to do is update the bloatware on the computers. Driver updates usually get abandoned by many of the manufacturers within a few months of release.
When setting up new machines, after one check of the manufacturers update tools it will then be removed. Too many of them have these kinds of issues in them, or are just blatant processor wasters with constant daily checks.
Because they update important software. I am not removing System Update, in fact it's usually one of the first things I look for when I get a new Lenovo system, to make sure that it's there.
Putting this into perspective, I am just looking at the list of installed Microsoft Windows "Security Updates" on this PC - there are 257 of them, many of them I am sure released by Microsoft to patch flaws no less serious than the ones discovered in System Update.
These are my personal views.
This post has been deleted by its author
I'd bet they have people working 24/7/365, I would not be surprised at all if there's a full shift of people in the war room and working on other things there at all times.
I agree 100% that their writings are definitely worth looking at though. Its good stuff if you care about security at all.
My Lenovo doesn't have anything like this because I blasted their crapware laden Windows 8 abortion off that hard drive as fast as I possibly could and clean installed Windows 7. But then again, after Superfish and my experience with that computer's weirdness, I'm never buying from them again.
I kind of second the post above me, giving the PLA access to whatever they sell is probably a concern for them, and they're probably backdoored to hell and back, I wonder if there are any hardware backdoors because I formatted everything with GParted after finding the weird partitions with DISKPART. DISKPART found two extra partitions when I ran it, one was big enough to run Linux or *BSD (with KDE or GNOME even, it was a good sized partition, like a couple/few GiB), on my hard drive when I was preparing for the Windows 7 install, it was really strange because they weren't the recovery partition at all, had a different file system even, so I switched over to GParted to have a look and finished the formatting part of the install with it. I called them and asked them what was up with them, because I didn't want to brick the computer and I've never gotten an answer as to why they were there. They did say I could delete them and the computer would be fine, but nothing else.
Those partitions lasted as long as Windows 8 did on that computer. All I know is that I don't trust them after my own experience with Lenovo's customer service idiots himming and hawing to me about what the deal was and not explaining anything really, and then the Superfish fiasco.
Also, don't be too surprised if the Wumao/50 Cent Army and Putinistas downvote you for complaining about Lenovo or Kaspersky. Its an occupational hazard.
In light of Lenovo's recent purchase of IBM X86 "Server" business for sales and services to small business and organizations, and it's Superfish Desktop PC debacle, it is incredulous that Lenovo has also refused to sell and support their newly purchased server line with RedHat or any Enterprise Linux or BSD based infrastructure OS software that underpins the established, proven, more secure and stable server OS software demanded nationally and globally, in a genuine effort to gain back some sense of competence in and seriousness about business computing.
Professional technology associates have indicated learning that Lenovo is so beholden to Adware companies and Microdoft for Windows in lock-down long term contracts, that tthe company will unlikely be able to address the reliability, security and modern corporate technology requirements for Cloud Computing Services with Containeration and enterprise Mobile computing integration with Apple iOS, Android and to lesser degree Blackberry connction that is in high demand, for years to come.
Almost every "consumer grade and mentality" technology company has been unable to understand, much less adapt to modern business technology needs successfully. It appears Lenovo is following in the footsteps of Sony Corporation.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
