[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, Aug 22, 2015 at 05:11:12PM +0000, mr meowski wrote: > On 21/08/15 09:12, Julian Hall wrote: > > Hi All, > > > > Received this from a friend. > > You're all a bit late on this - it's been in the wild for months and in > the tech news for weeks. There's an incredibly vague news article today > noting that Lenovo are probably just about to get busted *again* for > some kind of unsavoury crapware shenanigans: > > http://yro.slashdot.org/story/15/08/22/0723225/yet-another-compromising-preinstalled-glitch-in-lenovo-laptops > > Nothing to worry about for this crowd, 'cos you're all going to be > installing Linux over the pre-installed Windows on your Lenovo laptops > right? This is a windows-only thing: the UEFI can be set to > automatically trigger actions such as file upgrades/reinstalls but > relies on an actual windows install being in place to hand over it's > trigger commands to and actually carry out - it's not like the lifecycle > controller functionality you get on a modern Dell rack server for > example which can boot to UEFI and then use ftp to contact Dell > repositories and upgrade all of it's own firmware/BIOS/UEFI/etc components. > > So feel free to keep your tin foil hats on but you don't need to throw > out your computers quite yet: this is just Lenovo being absolute morons. > You also only get this on bargain basement cheap-as-chips Windows Home > models - your nice expensive business orientated ThinkPad's will be free > of this financially motivated crapware. > > I know there's a fair amount of FUD about UEFI around here, but this is > just a single stupid OEM inappropriately leveraging a legitimately > useful feature for their own gain: they've already been caught, making > it considerably less likely than any other manufacturers will try the > same trick. I for one don't miss the stupid brain-dead legacy BIOS one bit. > > I guess what I'm saying is don't fear UEFI, don't buy Lenovo and keep > calm and carry on. Oh, and install Linux, obviously. Very good post. It's worth noting that pre-installing software on laptops isn't inherently wrong: there's a huge pay-per-install market for this kind of software. It makes the thing a little cheaper for consumers. If you don't like it, don't buy the computer. Or do buy it and install a fresh operating system of any kind. What was evil is that the software they installed introduced vulnerabilities onto the laptop, which happened in two instances, which I believe is unrelated. The fact that this kind of thing lowers the price and gets computer manufacturers some money is also one of the reasons that they tend to be reluctant to sell them with anything other than Windows, as such software doesn't exist for Linux. Nothing's stopping people from writing it though. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq