0
kallend

Superfish malware?

By kallend, in The Bonfire

Recommended Posts

ryoder    1,590

ryoder
Yes, it's real.
Less about ethics, than the technical cluelessness of the idiots who make their way into corporate management.
"There are only three things of value: younger women, faster airplanes, and bigger crocodiles" - Arthur Jones.

Share this post

Link to post
Share on other sites

FlyingRhenquest    1

FlyingRhenquest
Yup. They've been installing it on their laptops apparently since around 2010.

Whenever you buy a new computer through consumer channels you can pretty much assume it's coming loaded with a bunch of crapware that you don't want at best and is actively harmful at worst. You have to do your own operating system install, which consumers typically don't want to get involved in.

The manufacturer is the last and most prominent actor in a large web of trust that goes into the construction of your computer (phone handset et al,) that the average consumer never puts any thought into. If you pay attention to the news this week, one of the headlines was about someone finding virusses in hard drive firmware recently, presumably put there by someone with three-letter-initials. If I wanted to spy on everybody, I'd target drive firmware, computer BIOS and network cards. Any compromise in any of those areas would be damn-near undetectable and extremely useful to have in place.

Any of those manufacturers would also quite happily fuck you for a large enough briefcase full of cash. Or in some cases, a bag of M&Ms. That's what happened in the story you cited. You can vote with your wallet to some extent, but good luck finding a corporation that has what you'd consider to be "Integrity." Their only obligations are to their shareholders. Corporations seem to feel that they're obliged to break the law if they think they can get away with it and it will be profitable enough. Until we start consistently sending CEOs and CFOs and directors to jail when that happens, this isn't gong to change.
I'm trying to teach myself how to set things on fire with my mind. Hey... is it hot in here?

Share this post

Link to post
Share on other sites

kallend    2,147

kallend
FlyingRhenquest

Corporations seem to feel that they're obliged to break the law if they think they can get away with it and it will be profitable enough. Until we start consistently sending CEOs and CFOs and directors to jail when that happens, this isn't gong to change.



+1
...

The only sure way to survive a canopy collision is not to have one.

Share this post

Link to post
Share on other sites

sfzombie13    324

sfzombie13
the only problem is that it was the nsa with the malware on hard drives, and they said it was currently 12 different manufactures of them. good luck buying a new hard drive with no malware, unless you want to roll your own firmware, and talk about above the technical level of the average user. hell, most techs can't do that. and how about the nsa just outright collecting the crypto keys from sim cards for all phones since what, 2007? sometimes i would just rather be in a different line of work and be clueless to this, rather than trying to protect people from it....
_________________________________________
Si hoc legere scis nimium eruditionis habes

Share this post

Link to post
Share on other sites

bob.dino    1

bob.dino
How this came to be:

In the consumer market, there is next to no profit on PCs and laptops, unless you're Apple. I wouldn't be surprised if Lenovo were making $10-50 a laptop in profit. That's not a lot.

The differences between various brands of PC laptops are so small (they all have nice screens and run Windows), that you can't get away with charging more - if you do, consumers buy an Acer / Dell / etc instead.

So, about a decade ago, computer manufacturers started accepting money to pre-install programs on their consumer PCs. This started with programs like McAfee Anti-Virus - McAfee/Symantec would pay the computer makers to install it. This payment was the difference between profit and loss for the computer maker, so it became extremely important.

Over time the quality bar dropped and dropped (gotta hit those quarterly numbers), and now adware installed on a brand-new machine is really common. This is why Microsoft started the signature program: http://www.microsoftstore.com/store?SiteID=msusa&Locale=en_US&Action=ContentTheme&pbPage=MicrosoftSignature&ThemeID=33363200


How this specific fuckup happened:

Lenovo took money from a company to insert ads into the browsing experience of all purchasers of their consumer laptops. This was slimy, but not uncommon. They didn't do their technical due diligence, and the way Superfish operates makes a computer running it an easy target.


There are two easy ways to fix this: pay more for a Signature Experience machine, or buy a Mac. I would generally recommend the latter.

Share this post

Link to post
Share on other sites

kallend    2,147

kallend
bob.dino

How this came to be:

In the consumer market, there is next to no profit on PCs and laptops, unless you're Apple. I wouldn't be surprised if Lenovo were making $10-50 a laptop in profit. That's not a lot.

The differences between various brands of PC laptops are so small (they all have nice screens and run Windows), that you can't get away with charging more - if you do, consumers buy an Acer / Dell / etc instead.

So, about a decade ago, computer manufacturers started accepting money to pre-install programs on their consumer PCs. This started with programs like McAfee Anti-Virus - McAfee/Symantec would pay the computer makers to install it. This payment was the difference between profit and loss for the computer maker, so it became extremely important.

Over time the quality bar dropped and dropped (gotta hit those quarterly numbers), and now adware installed on a brand-new machine is really common. This is why Microsoft started the signature program: http://www.microsoftstore.com/store?SiteID=msusa&Locale=en_US&Action=ContentTheme&pbPage=MicrosoftSignature&ThemeID=33363200


How this specific fuckup happened:

Lenovo took money from a company to insert ads into the browsing experience of all purchasers of their consumer laptops. This was slimy, but not uncommon. They didn't do their technical due diligence, and the way Superfish operates makes a computer running it an easy target.


There are two easy ways to fix this: pay more for a Signature Experience machine, or buy a Mac. I would generally recommend the latter.



Microsoft sells Lenovo machines. Did they change the firmware?
...

The only sure way to survive a canopy collision is not to have one.

Share this post

Link to post
Share on other sites

bob.dino    1

bob.dino
Superfish isn't in the firmware. Superfish works by changing a) intercepting your internet traffic, and b) changing who your browser will trust to say "you're connecting to google.com". These don't require firmware changes.

If you buy from Microsoft, the promise is that you're getting a machine with Windows, the necessary drivers, and no other crap.

Share this post

Link to post
Share on other sites

FlyingRhenquest    1

FlyingRhenquest
I got out of building my own computers for a while, but I'm leaning toward doing that again. It's more of a bother, but I get exactly what I want and a pretty decent price. I usually just install Linux on my machines, which is fine as long as you're not looking to play a lot of games. There is actually some selection of games on Steam for Linux now, which is a lot more than you got the last time I was really into Linux.
I'm trying to teach myself how to set things on fire with my mind. Hey... is it hot in here?

Share this post

Link to post
Share on other sites

champu    1

champu
bob.dino

So, about a decade ago, computer manufacturers started accepting money to pre-install programs on their consumer PCs.



That timeline sounds about right. I vaguely remember helping my sister wipe her new Sony laptop and start from scratch in the 2004-2005 time frame. It was pretty appalling out of the box.

Share this post

Link to post
Share on other sites

sfzombie13    324

sfzombie13
why on earth would you recommend anyone pay more for a signature machine? you can download the iso for any windows os and burn a dvd and install it yourself. since they don't ship with restore discs anymore, this is the best solution. windows should be installed to a separate partition and reloaded every year, but that is a lesson for another time.
_________________________________________
Si hoc legere scis nimium eruditionis habes

Share this post

Link to post
Share on other sites

turtlespeed    226

turtlespeed
kallend


When I first came to the USA nearly 40 years ago it really did feel like "Home of the brave and land of the free".

Now, not so much.



THAT - is supremely and decidedly put on the back of the liberals.

But hey - this is bonfire -
I'm not usually into the whole 3-way thing, but you got me a little excited with that. - Skymama
BTR #1 / OTB^5 Official #2 / Hellfish #408 / VSCR #108/Tortuga/Orfun

Share this post

Link to post
Share on other sites

bob.dino    1

bob.dino
sfzombie13

why on earth would you recommend anyone pay more for a signature machine?



Because I said "easy".

If you're savvy and current-enough with tech to wipe-and-rebuild from an ISO without losing all your content, you definitely don't need my advice on how to deal with adware-laden machines.

Share this post

Link to post
Share on other sites

turtlespeed    226

turtlespeed
ryoder

Here come the lawsuits: http://www.theregister.co.uk/2015/02/23/lenovo_superfish_class_action_lawsuit/



Ha. And I just received a yoga pro as my work puter.:S
I'm not usually into the whole 3-way thing, but you got me a little excited with that. - Skymama
BTR #1 / OTB^5 Official #2 / Hellfish #408 / VSCR #108/Tortuga/Orfun

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing