Lenovo is now using rootkit-like techniques to install their software on CLEAN Window

[beginner99]

https://news.ycombinator.com/item?id=10039306

chuckup 18 hours ago

Lenovo is now using rootkit-like techniques to install their software on CLEAN Windows installs, by having the BIOS overwrite windows system files on bootup. Someone detailed this here: http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=dd...

I had this happen to me a few weeks ago, on a new Lenovo laptop, doing a clean install with a new SSD, Win 8 DVD + wifi turned off. I couldn't understand how a Lenovo service was installed and running! Delete the file and it reappears on reboot. I've never seen anything like this before.

Something to think about before buying Lenovo. I searched and found almost nothing about this, so it may be something they started doing in the last few months...

Read carefully and then decide if you eve want to buy a product from Lenovo again.

But it gets worse. This seems to be officially supported by Windows 8 and onwards:

No - see my reply to the Ars thread. Windows 8 introduced an "official" way to do this called "Windows Platform Binary Table". Every time Windows boots, it checks your ACPI table for an entry called "WPBT", writes that to disk as "wpbbin.exe", and executes it. There does not seem to be any way to disable this behavior in Windows. Truecrypt would not help in this case because it happens after boot.

So be prepared for never again being able to do a clean windows install on a laptop you fully paid for.

 

[VirtualLarry]

That's pretty insideous. Windows itself is basically malware at this point.

 

[TeknoBug]

Alot of gov't offices uses Lenovo computers... lol

 

[sm625]

If you replace these lenovo files with blank dummy files of the same name, will they be updated and repaired? The BIOS might simply be checking if these files exist, in which case replacing them with blank dummies would be enough.

 

[MWink]

This is so far beyond disgusting that I have no words. You can bet I won't be recommending Lenovo anymore. In a few years (at most) it probably won't matter, as all the hardware manufacturers will probably start doing similar things. It's bad enough that Windows 10 is malware (as far as I'm concerned) but now we get it built into the hardware to guarantee persistence.

I used to think technology was awesome. Now I find I'm more disgusted by it by the day. I have no interest in using, much less paying for, products/services that pull *expletive* like this.

 

[MWink]

If you replace these lenovo files with blank dummy files of the same name, will they be updated and repaired? The BIOS might simply be checking if these files exist, in which case replacing them with blank dummies would be enough.

Nope. The BIOS checks to make sure autochk.exe is the Lenovo version and not the Microsoft version. If it's not the Lenovo version it overwrites it at boot.

 

[Essence_of_War]

Windows itself is basically malware at this point.

I consider windows to be a malware wrapper around the DX API. 😛

 

[VirtualLarry]

http://liliputing.com/2015/08/some-...u-clean-install-windows-but-theres-a-fix.html

According to this article, there's a "patch". I don't think anything short of a BIOS update would be acceptable.

 

[holden j caufield]

Please tell me this is not on the Thinkpad line.

 

[skriefal]

According to Lenovo it's on consumer laptops only (Flex, Yoga, etc):
https://support.lenovo.com/us/en/product_security/lse_bios_notebook

 

[mxnerd]

Microsoft is the one to blame for opening this Pandora's box.

 

[skriefal]

Not entirely. They were most likely pushed by PC OEMs to add support for this. And Lenovo is the one who chose to actually use this feature.

 

[MustISO]

Stay classy Lenovo. Can't wait to see what you're crazy engineers come up with next.

 

[Raduque]

It doesn't seem to be present on my Y50. I'm lacking all 3 files listed in the Lenovo security bulletin.