Lenovo preloaded laptops with reformat-resistant perpetual crapware


The company abused the Windows installer's anti-theft mechanism, which reads the firmware for executables at install-time, embedding a ton of crappy, insecure shovelware that would be added to your computer every time you reinstalled the OS.

I'm a Lenovo user, though none of this affects me: I always take the Lenovo-supplied drives out of my Thinkpads, swap in an SSD and install Ubuntu GNU/Linux. But it's pretty gross nevertheless. Based on this, I wouldn't recommend Lenovo to Windows users, if I knew any.

Lenovo eventually offered a removal tool. This is the second time this year they got caught pre-loading evil crapware to their PCs. This is becoming a pattern.

LSE on laptops installs the OneKey Optimizer (OKO) software that Lenovo bundles on many of its machines. OneKey Optimizer arguably falls into the "crapware" category. While OKO does do some somewhat useful system maintenance—it can update drivers, for example—it also offers to perform performance "optimizations" and cleaning "system junk files," which both seem to be of dubious value.

Making this rather worse is that LSE and/or OKO appear to be insecure. Security issues, including buffer overflows and insecure network connections, were reported to Lenovo and Microsoft by researcher Roel Schouwenberg in April. In response, Lenovo has stopped including LSE on new systems (the company says that systems built since June should be clean). It has provided firmware updates for affected laptops and issued instructions on how to disable the option on desktops and clean up the LSE files.

Lenovo used Windows anti-theft feature to install persistent crapware [Peter Bright/Ars Technica]

Loading...