D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS

 


On 21/08/2015 12:07, Paul Sutton wrote:
> There was something about this a while back or related.  Lenovo
> had installed spyware or other malaware on the actual computers.
> 
> I guess as they got caught out and decided to find some other
> tactic
> 
> There was also a report that their sales are down,  this is
> usually attributed to people using phones and tablets more,
> however after reports such as this,  perhaps we should read in to
> that differently, The original exposure damaged their reputation,
> so is it any wonder that people don't trust them,  or may not trust
> them,  perhaps people are starting to wise up,  esp after what
> Snowden revealed about mass surveillance.
> 
> Paul
> 
> 
> 
> On 21/08/15 09:12, Julian Hall wrote:
>> Hi All,
> 
>> Received this from a friend.
> 
>> Julian
> 
> 
>> -------- Forwarded Message -------- Subject:         HP and Lenovo
>> caught installing malware in the BIOS Date:  Fri, 21 Aug 2015
>> 08:53:36 +0100
> 
>> So it can't be removed even by reformatting your hard drive...
> 
>> Apparently this was mandated by Microsoft...
> 
>> I always said that UEFI was a thoroughly bad concept as it allows
>>  individual OEMs (as well as hackers and spies) to install 
>> non-removable crapware.
> 
>> The bottom line is that you're much better off with old machines 
>> with a traditional BIOS. UEFI is just a hacker's paradise :(
> 
>> http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/
> 
>> Fortunately, this time it only affects systems running Windows 8 
>> or above. Windows 7 and Linux are unaffected as the malware is
>> run from the Windows stack, but they could have just as easily
>> run it from the UEFI itself and then it would be cross-platform
>> :(
> 
>> Lenovo have released an updated firmware patch that (allegedly) 
>> removes this.
> 
>> This seems to be a feature of Windows 8 OEM machines (desktops
>> as well as laptops), not specific to Lenovo or HP (They were just
>> the ones where it was discovered first)
> 
>> Not sure if it exists in the UEFI of OEM motherboards - that
>> would seem unlikely, but you never know.
> 
>> --
> 
>> All government snoopers have very small penises
> 

This 'snooping' is noticeable on some PC at a place I work where the
Windows 8 machines downgraded to a Windows 7 image try on boot up to
update Lenovo software which is not installed.

I may pay more attention in future. However the Win 7 and company
software is supported from an Indian outsourced help desk, who do not
know what is on the computer before the 'log in' to the company VPN.
No possibility to check hardware.

-- 
regards
Eion MacDonald

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq