Lenovo installs persistent crapware

[digidog]

While Lenovo isn't a big name in NZ computing, there are currently 14 Lenovo listings on TM. Ars Technica warns that Lenovo have installed "crapware"which overwrites system files, replacing them with their own insecure versions which perform performance "optimisations" and clean "system junk files" without the user's permission. Even worse, the methods they use are insecure causing security issues, including buffer overflows and insecure network connections.

Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed.

The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that "most" is not "all." Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, calling the feature the "Lenovo Service Engine."

Lenovo say they have ceased installing crapware on their latest systems.