D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS

 

And there's me who has just ordered a Thinkpad T520...

On Fri, Aug 21, 2015 at 9:12 AM, Julian Hall <linux@xxxxxxxxxxxx> wrote:
Hi All,

Received this from a friend.

Julian


-------- Forwarded Message --------
Subject: HP and Lenovo caught installing malware in the BIOS
Date: Fri, 21 Aug 2015 08:53:36 +0100
So it can't be removed even by reformatting your hard drive...

Apparently this was mandated by Microsoft...

I always said that UEFI was a thoroughly bad concept as it allows
individual OEMs (as well as hackers and spies) to install non-removable
crapware.

The bottom line is that you're much better off with old machines with a
traditional BIOS. UEFI is just a hacker's paradise :(

http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

Fortunately, this time it only affects systems running Windows 8 or
above. Windows 7 and Linux are unaffected as the malware is run from the
Windows stack, but they could have just as easily run it from the UEFI
itself and then it would be cross-platform :(

Lenovo have released an updated firmware patch that (allegedly) removes
this.

This seems to be a feature of Windows 8 OEM machines (desktops as well
as laptops), not specific to Lenovo or HP (They were just the ones where
it was discovered first)

Not sure if it exists in the UEFI of OEM motherboards - that would seem
unlikely, but you never know.

-- 

All government snoopers have very small penises





--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq