It was in 2009. I possessed the best laptop that I had ever owned…to that point in time anyway. Small, but not cramped. A display that was beyond any adjective. “Dazzling” is what comes to mind, but many would probably categorize that as marketing hyperbole. That’s fine. That laptop lasted almost to the end of 2013 before the motherboard suffered catastrophic failure. I had received the machine already much used. I liked it so much I actually mourned my loss.
I never found one that was even close to the quality of my Lenovo X60s…until recently.
Since I haven’t talked about this to the individual involved, I hesitate to say who he is or who he works for, but holding the position of Supreme-Knower-Of-All-Things-Computer for his employer, he was able to make an extremely generous hardware donation to Reglue.
Among the items donated were seven Lenovo X220 netbooks with i5 quad processors, six gigs of RAM and 320 gig hard drives. It is a rare thing indeed for us to receive laptop donations of this caliber. I have claimed one for myself, that is until an undergrad or new graduate student needs a good laptop. Then I will prepare the one I am using for their use. I haven’t owned a laptop since 2010. I always “borrow” one from Reglue until the next one comes along.
Lather, rinse, repeat.
You may know me to be a huge fan of Lenovo laptops. Their T Series, to me, always stood for “Tank.” That’s “Tank” with a capital T. Since 2005, the IBM/Lenovo T series laptops have been the hands-down most reliable laptop we have ever placed. Right now I can bring to mind 19 or so T-42/43, T-60/61 and T-500 laptops that have been in service for at least five years. They are, in a phrase, the Energizer Bunny of laptops.
However, my love affair with Lenovo laptops, and indeed the Lenovo brand, has hit a rough patch in the past year or so. It seems that Lenovo has been up to some not-so-harmless shenanigans while building their computers. Last February, Lenovo got caught with their hand in the digital cookie jar, by poisoning their systems with what’s been named Superfish.
According to Agam Shah writing in PCWorld:
“Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter.
“A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with ‘fraudulent’ business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.
“Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called ‘spyware’ in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.
“The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.”
While Lenovo claimed that this was an innocent way to increase revenue via advertisements, security experts were quick to hold up their collective hands and not allow Lenovo to get off that easy. It seems that those with criminal intent could easily turn this into a way to steal information from a Lenovo desktop via this “innocent” method.
Just about the time most folks had let that faux pas slip into the annals of the news cycle, Lenovo takes dead aim at their other foot and pulled the trigger, this time by targeting my beloved Lenovo Laptops. Oh no Lenovo…say it ain’t so. But it is.
Two weeks ago, Fortune’s Jonathan Chew wrote:
“There may be secret software on your Lenovo laptop.
“Chinese computer manufacturer Lenovo has apparently been caught secretly installing its own proprietary software on Windows PCs, and the software appears near-impossible to remove.
“Multiple users have noticed that Lenovo computers were automatically downloading an application called ‘Lenovo Service Engine’ to their machine, and, disconcertingly, the said firmware would reinstall itself even after a clean reboot of the Windows operating system was performed.”
And while activity like this is pure asshattery, it’s far from an isolated instance.
Many of you may remember that in 2005, Sony tried a similar method of stopping music “theft” by including a back door or rootkit via music CDs released under the Sony/BMG label. The main reason for planting this nefarious code on your computer was so it could phone home to Sony and report your proclivity for sharing certain Sony/BMG label CDs. It was also supposed to stop the copying of CDs, although Linux ignored the sneaky bytes and copied CDs anyway. When caught, Sony had the absolute and pure audacity to claim they had every right to insure the security on their investment by planting a rootkit on your computer.
This is where the real story gets good. Mark Russinovich, one of the co-founders of Winternals Software, discovered the Sony rootkit and broke the story on his blog. The outrage spread across the Internet in a viral story about Sony’s backstreet tactics. This is where the story is supposed to end — Good Guys 1, Bad Guys 0 — but it’s not.
Shortly after Russinovich broke the Sony scandal, he and his company were purchased by Microsoft, where Russinovich maintained his position as chief software architect. The purchase was fast; much faster than these things usually take.
Many of you will say, “So what’s the big deal Ken? Stuff like this happens every day.”
I’ll tell you why.
It wouldn’t be long until people snapped the pieces into place and the sound of slapped foreheads would reverberate around the globe. Windows, of course, is a closed source operating system. That’s not the news. The tie-in Microsoft wanted to stifle by their takeover of Winternals was this: The level and depth by which the Sony rootkit delved into Microsoft code clearly suggested Microsoft’s complicity in the matter. In other words, the next headline could have suggested that Microsoft was neck deep with Sony/BMG in planting this rootkit. The best way to keep the only person who might be able to prove this to be true was to buy him out.
Contemplating this, I enjoyed playing several scenarios out in my head. Here’s one of them:
The huge conference room is quiet with only three men present, Russinovich, Steve Ballmer and Bill Gates. Gates is standing behind Russinovich with his hands on the shoulders of the seated software genius, who stares down at the contract in front of him. The tick of the clock is abnormally loud, as is the breathing of the three men in the room.
Gates breaks the silence.
“Mark, this is an easy matter to understand. When that clock turns to 4 p.m. here in a few minutes, there will be one of two things on the contract in front of you. Your signature or the splatter of your brains.”
Ballmer snorts with laughter as Gates stands firm behind Russinovich, who scribbles his name on the document in front of him.
“Good decision Mark”, Gates says as he pats Russinovich’s shoulder. “Welcome aboard.”
Of course, in this little daydream, the employment contract he signs is leak-proof and clad by the strongest motivation in the universe — fear.
Although that scenaro was only a fun example from Melodrama 101, I still believe the basic premise to be true. Mark Russinovich was bought to keep his silence. Microsoft’s questionable business tactics and backroom deals have been business as usual for decades, so this isn’t really a stretch by any means. However, Microsoft went even further to corral Russinovich into the herd.
This from DailyTech on the 20th of June back in 2006:
“Microsoft also announced that Russinovich will be appointed as a Microsoft Technical Fellow, a title ‘awarded to someone whose technical vision, expertise, and world-class leadership is widely recognized.’ Microsoft currently has 14 Technical Fellows. Analysts are hoping that Russinovich and [Bryce] Cogswell will each add to the stability and security of future versions of Windows.”
Cogswell is Russinovich’s business partner from Winternals.
It seems to me that Microsoft paid a healthy price for his silence. Bill Gates is one of only fourteen people who have been awarded this title by Redmond, which goes to show the rarefied air in which those bearing the title reside.
So here we are. It’s 2015…we are a decade past the whole Sony debacle. But not to be outdone, Lenovo repeats a form of Sony’s idiocy, not once but twice in the same year.
Here’s the thing that gets me about this, which stands out like red paint on a black canvas: In order to bow and scrape their way out of the Superfish mess, Lenovo’s Chief Technology Officer had to admit that neither he nor anyone within Lenovo had any idea that the rouge code regularly made browser traffic information public. I may not be the sharpest cowboy on the lawn mower, but it seems to me that admitting you don’t know the key function of one of your malware applications makes you look like a four-alarm idiot.
I can see the scene as it played out in the board room now: “Idiot, bad guy, idiot, bad guy, idiot, bad guy… Wait, idiots get pity. Let’s be idiots.” And then entered into the board of directors’ meeting minutes as, “Idiots we shall be.”
This whole thing made me take a hard look into the current inventory of Lenovo laptops we have for Reglue use, not just a few minutes spent searching for other known self-inflicted wounds by Lenovo, but a few hours looking into various bios settings and releases from as far back as 2010. I made sure, at least as sure as Internet reporting allows, that our Lenovo inventory is free from known hazards.
Known hazards.
FOSS Force has extensively covered open hardware for the past two years, not because we needed content on a slow news week or because our writers are lazy. We’ve discussed open hardware because it is quickly becoming obvious that we cannot trust a growing number of OEMs. To my way of thinking, this nasty business uncovered with Lenovo is nothing but the camel’s nose under the tent. Organizations such as the Open Compute Project (OPC) are leading the way in design and development of enterprise-level equipment.
Those who are concerned about the personal computers they purchase are not being paranoid. As hardware consumers, what guarantee do we have? Actually, the amount of accurate information pertaining to open source desktop and laptop consumer products is pretty good, and a number of us can tackle the job of building a computer from the desk up, but we are a minority. The every day computer user has no clue as to what open hardware is. Worse yet, they have no clue of the dangers that await them when the Lenovos and Sonys of the world decide to poison their computer via their hardware.
The best thing we can do is educate those around us. Outside of that, the only thing we can realistically do is not buy stuff from asshats.
When Sony was busted for their rootkit incident in 2005, I made it a point to completely boycott Sony products. There are those of you who think that product boycotts do not have any bearing on sales for that company or item, but after polling family and extended family members in Texas, it came to light that the majority of those family members were Sony customers. Almost every one of them had a large Sony appliance such as a TV or other media device. Others had two or more Sony products in their home — products they purchased due to the “reputation” of the company. They had no clue what kind of jerks are at the helm at Sony.
I made it a point to educate them and to back that information up with printed or online examples. An encouraging number of said family members vowed to follow my boycott.
In 2013, I took the time to re-poll my family and see just how much they had taken my advice to heart concerning Sony products. About 70 percent of them had purchased a new television during that period and only one of them was from Sony. Everyone else had purposely avoided Sony products. Doing the math: That eight year period had deprived Sony of just over 60K in purchases. Is that a big deal? No, not by itself. But extend that out to your families and then it can begin to make a difference.
Just sayin’…
Help keep FOSS Force strong. If you like this article, become a subscriber.
Ken Starks is the founder of the Helios Project and Reglue, which for 20 years provided refurbished older computers running Linux to disadvantaged school kids, as well as providing digital help for senior citizens, in the Austin, Texas area. He was a columnist for FOSS Force from 2013-2016, and remains part of our family. Follow him on Twitter: @Reglue
Good article Ken.
The NSA, Microsoft, Sony, Lenovo, Intel, Google, Facebook, HP, and others are all complicit in this new era of “snoop everywhere, steal everything”.
We need 100% open platforms running 100% open software to end this BS.
I am tempted to say: “What’s your point Ken”.
But then, I realize, not all Folks who benefit from Reglue donated computers will want to use Linux.
That’s part of the education challenge as we attempt to climb Microsoft’s slippery slope.
They have done it again. Now they are ‘luring’ a new generation of users by tempting them with Windows 10 and a free year’s subscription.
A subscription-based model emerges. Even more sinister, is the fact that Windows 10 is covert spying tool. Of course, the news headlines point to that fact but I don’t think the masses are getting the message. Cognitive dissonance? Yep.
Most people when asked the question “Do you like being taken advantage of unfairly?” would reflexively answer “No”, with a look of surprise on their faces and might say. Hurrumpf. “Why would you ask such a question.”
Yet, when it comes to ‘Free’ Windows 10 upgrade users are getting exactly that. I call it outright exploitation on many levels.
Proprietary Software = Exploitation
Open Source Linux = Free as in Freedom
It’s a pig with lipstick. All gussied up perty like but behind the scenes it contains the same legacy Windows 2000 WinNT kernel.
Why?
It has to. Enterprise applications would cease to run otherwise and that’s what has Microsoft cornered and now seeing the sales curve turn downward with diminishing returns. So, they get desperate and offer a one-year ‘FREE’ as in ‘NOT’ subscription to cling onto their installed user base.
This time, however clever going with a subscription model may be, I am not sure it’s going to work in their favor.
Me: I agree with your passion for Lenovo Laptops and found about a month ago a T510 m560 refurbished on eBay for around $200. Needless to say, I grabbed it and am typing this comment on this ‘tank’ of a laptop.
My first step was delete all partitions and install Antergos (Arch) Linux with GNOME-Shell using their NUMIX Icon Theme.
I chose Antergos because it has a live cd that lets you install any of 5 GUIs. And it packs the arch repo with pacman, which I have grown to like. A lot. That and Fedora are my two recommended Distros.
But when I fired up Antergos, since my core i5 supports Intel-VT bare metal virtual machines, I loaded GNOME-Boxes and installed the refurb Windows 7 Pro licensed iso into it.
Today’s Windows 10 takes more and more away from the end-user. You loose control of patch management effectively.
With Windows 7 less so and now that its in a qemu-kvm qcow2 image format, I have incrementally taken ‘snapshots’ of the phases of installation of different software on top of a ‘clean install’. Thus, if need be, I can rollback in 5 seconds and all snapshots are self-contained in the qcow2 format. I can even set Windows to be ‘immutable’ so that each time it is started it uses a pristine copy of Windows to which it reverts after shutdown.
So, I can have my cake and eat it to. I have few uses for Windows, but it’s there if/as/when needed and it’s under my full control, despite what MS may want to have happen.
Be Well. Be Safe.
Dietrich
Your Linux Advocate
Thanks for the peek behind the curtain, Ken. And you are correct. We need to continue trying to educate the public. Maybe at some point they’ll begin to understand and take action.
Realistically you’d have to boycott nearly every hardware vendor to fully correct this, since nearly all share the delusional monopolistic preference for proprietary-extreme licensing. Of course, there aren’t many alternatives, since most other options are just as extreme, and none support a robust market platform.
How many chips include back-doors? Most are documented … but not all.
Thanks for noting the Open Compute Project, which recognizes the benefits of a more open approach.
Hey guys, I just came across this web site, and I have to comment here (luckily it still allows anonymous comments).
I just came from Linus Tech Tips (the website/forums) and an the forum entries on an ArsTechnica story about Check Point Software discovering a new vulnerability (different from Stage Fright). What I saw pretty much made me lose the remainder of my faith in convincing people to get off winblows. A separate Ars story recommended that Google follow–be sitting down for this–Microsoft’s model of software updates. I think my blood ran cold when I read that.
I’ve given up a while ago on trying to help family and such with computer problems because they expect it and yell at you when it doesn’t work perfect (“You screwed it up!”). I want to get my family on FOSS, but I can’t do the remote support; worse, I think the proprietary software my nephew’s school gives him will only work on winblows. (I’m in that situation at work–our proprietary software won’t even run under Mono and needs Active-X.)
I’m very, very depressed tonight. Everyone is out to get you. Welcome to 1984, 31 years later.
“…the rouge code…” [sic]
-> rogue
FOSS-GNU/Linux and all its tools have been steadily giving propriety software a run for its money.
On another note, if the API or coding used is not ‘blessed’ by FOSS, then it’s questionable.
@a d00d
Active-X is lock-in for IED(Internet Exploder Device); Mono is a sorry imitation of .net bloatware.
This is what I did with my nephews. I don’t suggest you do this if you’ve only one machine and no time to spare.
One had Vista, the other Windows 7. Both machines were infected with malware even though their anti-virus was working and up to date. They would get infected when connected to any public network.
I said to them that I’d had enough, no more support; It was the same old story every 2-3 months and I didn’t have the time to waste. Time to install GNU/Linux on their machines.
After an 1:15 min. of their whining on why they couldn’t have Linux on their machines they finally said OK. Moot point since I’d had already finished installing GNU/Linux Mint KDE on both machines when they said, “OK we’ll try it out”.
I showed them how the applications were organized on the menu, where and how the software manager, system settings worked, also changed the default search engine to StartPage.
After a few rough patches here and there it’s been smooth sailing for them. If they can root their phones I don’t know what’s the big deal.
This is disappointing because I have been tempted to wait for the next real sale at Lenovo and pick up a T450s because of its combination of screen, keyboard, and battery life (and also because I like having a trackpoint with physical buttons available). Of course, I would be running Linux on it, but that doesn’t change the fact that Lenovo is double crossing their customers.
The problem needs to be attacked at the root.
We need a CPU and chipset combination that is 100% open in design and supported by 100% open firmware. Until that happens, there will be openings for companies like Lenovo to work hand-in-hand with hardware manaufacturers and BIOS/EFI standards groups to undermine all the freedom built using FOSS.
It’s time to kick the data-slurping, privacy swallowing tech giants to the curb.
Good luck with that Mike.
The closest its been to a clean open firmware has been by Libreum and they’re having a very hard time of it with intel.
And if intel is that scared of Microsoft, where does that leave the smaller dogs like HP and ASUS. Everytime they bring out a Linux based laptop they get their hands whacked my MS. and they go scurrying, whimpering to a corner.
Best to support companies like System 76, Zareason and the like.
@Mac Taylor,
Sure it’s a huge task, but there are people trying to make things better here and there.
But the more awareness there is of the problem, the more resources will be brought to bear on it. We need to support any endeavor that push the agenda of freedom, while publicly calling out and shaming those who do not.
Like Intel – Despite being better at giving us open drivers for their graphics stack than Nvidia or AMD’s ridiculously pathetic showing, Intel still keeps a stranglehold on the firmware needed for the boot process, which undermines everything that comes after it. Modern Intel systems have a HUGE binary only blob that initializes everything and has the potential to control all of your hardware without the operating system ever knowing, to the point of covertly sending and receiving information over a network.
Looking in to how this works, and it’s using a Windows feature rather than actually being a conventional rootkit (which I guess makes sense considering a conventional rootkit would fall afoul of Secure Boot), it appears that its only purpose is to keep drivers on the machines up to date. So it does not appear to be as nefarious as Superfish.
Still, it installed without the user’s knowledge, and it contained exploitable security holes. It’s a bad move by a hardware company regardless. Of course, the whole feature in Windows seems questionable since it seems to only exist to allow hardware manufacturers to do things like this.
@CFWhitman,
It’s worse than you realize. It’s not using a Windows feature, it’s installing a Windows executable DIRECTLY FROM THE EFI to the hard drive. Yes, it needs Windows to function after that point to download more crap, but it is installing software without your consent or ability to prevent. I imagine the only reason it doesn’t install on Linux systems is in failing to detect the right kind of filesystem on the disk. It doesn’t have to worry about Secure Boot, because it already has the blessing of the EFI.
They are using the machine’s EFI as a delivery mechanism for crapware. That is WAY worse than Superfish.
@a d00d:
The Android model of updates is “you don’t get updates because hardware manufacturers don’t want you to get updates”, so of course the Microsoft way is better. Any method of distributing updates is better than no updates, as long as the updates are improvements.
@Ken:
I too had a laptop that made me really sad by breaking. A little MSI thing, just big enough for normal size keys, sensible keyboard layout, and doesn’t feel like it will bend if you sneeze at it. I eventually managed to find a replacement part for the fan that was making scary noises, but only after I had bought a new laptop :/ . I made a mistake while putting back the heatsink so I consider it too unreliable for important things, but it actually is in use again.
As for the new laptop – I first tried to find one with Linux, but those are way overpriced around here. Boycotting Windows is a good idea in theory, but getting one laptop for the price of two just to not have Windows is silly. So I bought one with FreeDOS, also made by MSI by complete coincidence. The BIOS was configured in a way that prevented FreeDOS from booting, they’re not even pretending that anyone actually wants to use FreeDOS. I think it’s funny they sell computers that work perfectly fine with Linux, and then install FreeDOS. I guess Microsoft lets them get away with that without raising prices because a pirated Windows is better than someone finding out Linux exists, plus the users who choose to buy their preferred version of Windows separately are paying for the pirate copies used by others…
@Tanja,
No, Microsoft’s way is not better.
Tanja, MSI sells products with FreeDOS because they don’t want to support Linux (or herd cats).
@Mike
No, that’s incorrect. This firmware in Lenovo products completely relies on WPBT (Windows Platform Binary Table). If Windows didn’t go looking for the instruction to install software in the firmware of the machine, then nothing would happen. Yes, the instuction for WPBT to add the software exists in the EFI firmware (the software itself may be on an SSD or HDD, possibly in a hidden partition), but it is Windows that inititates the action of installing it, not the firmware itself. This can’t effect Linux because Linux never looks for the instruction, so it just sits there in the firmware doing nothing. This only effects Windows 7, 8, 8.1, and 10 because those are the only operating systems that include WPBT.
Also, the software that gets loaded isn’t exactly my favorite type of thing, but it is an automatic updating tool, not necessarily including all the shovelware that might be on the machine to begin with (I’m not sure if it nags you about re-installing any of the shovelware or not, but it doesn’t actually install or update it without your permission).
Like I said, this is stupid because it is intrusive (some people actually aren’t incompetent and really don’t want OneKey Optimizer installed, Lenovo), and it opens a security hole, but it’s not as intentionally nefarious as the Superfish preload.
@CFWhitman,
You are right about it using a Windows specific mechanism. I read more about it after commenting previously. However, the executable code doesn’t reside on a disk or hidden partition, it resides in the BIOS/EFI itself and is loaded into memory (not executed) before Windows. Windows copies the binary to disk and executes it upon booting.
I don’t use Windows any longer, so this kind of stupid crap doesn’t affect me thankfully. The idea of OEM’s putting random secret executables in the machine’s firmware is very disturbing, no matter how innocuous it MAY seem. It’s just another tool being used to subvert users’ machines to obey the will of the manufacturers rather than the owners.
@Mike
Yes, that is correct. The intial binary gets loaded into memory along with typical ACPI information. However, that memory space can only contain one binary, and it is of quite limited size. In order to get OneKey Optimizer loaded, this needs to chain install a larger executable which is saved in a place with more storage. This could be a hidden partition on the hard drive, or a small SSD type drive installed on the motherboard, or anything which the computer uses for storage. I was referring to the initial binary as the ‘instruction’ because it is small and just loads the more complex software from another place.
According to Microsoft’s documentation, WPBT is only supposed to be used for binaries which are essential to the operation of the hardware for its intended purposes, for example, a driver without which Windows couldn’t initially boot. This is not how Lenovo was using it. Microsoft’s new WPBT guidelines specifically prohibit using it as Lenovo was using it because it creates a security risk, which seems to be what prompted Lenovo to update their firmware and remove this “feature.” It could also have been the negative publicity from people noticing OneKey appearing on clean systems or a combination of those factors.
Incidentally, the documentation that I saw didn’t mention Windows 7 as having the WPBT feature, only 8 and 10. I read elsewhere that it exists in 7 as well. It’s possible that it was added to Windows 7 as part of an update, or, I suppose, that the documentation didn’t list 7 for some other reason.
“rouge => rogue”
I saw a Charlie Brown cartoon about this; “Just two letters mixed up and your whole post is urined”.
Actually there are two mechanisms used to put malware on to a clean install machine; the other one uses a check of the autochk.exe file in the \windows\system32 directory. Lenovo looks for a non Lenovo version and then replaces it — this is without ACPI and WPBT doing anything.
We can’t trust so many brands now, it isn’t funny. But I too want Librium [or similar] to be able to provide great machines with a reasonable price tag.
Anti-theft software also used the autochk.exe method to “secure” machines and make them trackable after a clean install.
Oh and you can’t trust websites either, there is so much tracking and other garbage being presented with so many websites.
You can only lock them down so much if you want any of the content to be useful. It really annoys me when a website will use content from all over the place, lots of scripts, lots of extra garbage. Ad blocking is a necessity these days too.
I also hate it that even public broadcasters refer to Twitter and Facebook, as if they are nothing without them. My view is that a public broadcaster should be as neurtal as possible and that means NOT supporting proprietory social networks.
About Open/Free hardware, check out what RMS uses:
https://www.stallman.org/stallman-computing.html
Oddly, he uses a ThinkPad currently but my point was about his previous laptop: the Lemote Yeeloong (https://en.wikipedia.org/wiki/Lemote) that uses the MPIS64-based Loongson processor (https://en.wikipedia.org/wiki/Loongson).
Cheers.
“MPIS64” -> “MIPS64”, sorry 🙂