Superfish for Thinkpads

So, you might remember that Lenovo caught a lot for trouble for installing Superfish spyware on their IdeaPad lineup and other consumer-class laptops. Well, apparently they're crippling their professional laptops' security as well...

http://www.computerworld.com/articl...hinkpad-thinkcentre-and-thinkstation-pcs.html

Just an FYI.

 

Why oh why am I not surprised?

With everyone and their seventh-cousin-five-times-removed jumping on the old Google's "we must know everything about you" ship I suspect that we'll be seeing more of this nonsense, and not just from Lenovo...

 

Just scanned for the task, found it(!) and disabled it.

 

Wow, great way to get some clicks - nice clickbait-article.

On the other hand, when you really look at this, its on a completely different level than Superfish. Why? Well, lets read that Lenovo Support article: https://support.lenovo.com/us/en/documents/ht102023

The software is on every ThinkPad with the following applications installed:
a. Lenovo Companion (including Lenovo Dependency Package)
b. Lenovo Support (including Lenovo Dependency Package)
c. Lenovo Settings (including Lenovo Settings Dependency Package)
d. Lenovo System Update
e. Lenovo QuickControl
f. Lenovo QuickDisplay
g. Lenovo SHAREit
h. Lenovo Experience Improvement
i. Lenovo Solution Center
j. Lenovo Simple Tap"

What this software does, is sending non-personal usage data about the Lenovo applications listed above to Lenovo. And it is only doing so, if you agree to that. For example: Every time you use Lenovo Settings for the first time after a clean install, you will be asked if you want to send the feedback data to Lenovo - and if you do agree, that feedback will be send to Lenovo via this program.

A pretty standard software feature, found in many software packages.

What a scandal. Superfish was a real scandal - adware that created a big security hole in the system. This on the other hand is really nothing, but a "tech journalist", who tries to cash in on the privacy angst going around right now....

 

A tad sensationalist to say it affects security. Privacy maybe..... But you would think Lenovo would be a bit clearer about these things rather than burying them in the T&Cs

 

Agreed that it's a little sensationalist, though it's still an unwanted operation on (what I imagine) most ThinkPad users' laptops.

It's one thing to collect "non-personal" data about computer usage (even though personally I don't want that sort of thing), it's a completely other thing for the collection software to throw you on a round-about trying to find an opt-out (as pointed out in the article).

 

The opt-out is in the individual Lenovo software, some examples (in German, though):



As for the Lenovo Settings and Companion app, you have to opt-in to the data collection...not sure about system update.