Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers. According to an alert released through its National Cyber Awareness System, the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites, and perform other attacks on Lenovo PCs with the software installed.
Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability. "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement to Reuters early on Thursday. On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling "Superfish". "We should have known about this sooner," Tingler said in an email. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on."
[Editor's Note: For background information on this threat, Ars Technica has coverage here, here, here, and here.]
(Score: 5, Insightful) by chperry01 on Saturday February 21 2015, @04:50PM
Even if you remove the Superfish crapware from your PC it will still exist in the Restore partition. So if you ever need to do a system restore you get the crapware. It is time PC makers started providing restore media with the machines that includes a clean install of the operating system, a driver disk, and a separate crapware disk.
(Score: 4, Interesting) by frojack on Saturday February 21 2015, @06:30PM
Even if you remove the Superfish crapware from your PC it will still exist in the Restore partition. So if you ever need to do a system restore you get the crapware.
Well, since Microsoft Security Essentials removes it automatically, and MSE is installed by default, you might actually NOT get it back when you re-install.
Besides, that restore partition dies with the rest of the disk, and disk failure is the usual reason you'd ever need that partition. So I agree we should go back to requiring a DVD rather than an install partition, but I don't see the re-introduction as an insurmountable problem.
No, you are mistaken. I've always had this sig.
(Score: 2) by fritsd on Saturday February 21 2015, @07:03PM
What is a Restore partition?? (serious question)
(Score: 4, Informative) by frojack on Saturday February 21 2015, @08:19PM
The actual name is usually a Recovery Partition.
http://www.pcadvisor.co.uk/how-to/laptop/3462995/factory-reset-laptop/ [pcadvisor.co.uk]
See also http://en.wikipedia.org/wiki/Recovery_disc#Recovery_partitions [wikipedia.org]
No, you are mistaken. I've always had this sig.
(Score: 1) by anubi on Sunday February 22 2015, @06:19AM
Frojack... I followed your link and found this text which I found rather troubling...
Ummm, I probably need that recovery disk because Windows won't work.
Right now, I am using "Clonezilla", with one of those Western Digital "Element" USB drives It seems to work, albeit I have never had to restore from it. Anyone here had any experience with it?
Admittedly I have about as much trust in my computer as I have in a whore. She's beautiful, but I can't trust her. I am always wondering what she is doing behind my back. I am afraid to leave her unsupervised, because at the weirdest times her CPU and memory use max out and I have no idea whose plans she is carrying out... all I can do is reboot her and hope she forgets what she was doing. I read daily of all of her really bad boyfriends on the 'net who are always calling her up to coax her to screw me up for them. Seems the only way to keep them from calling her is to pull the RJ45. It really surprises me businesses tolerate this kind of crap in their machines.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Informative) by TheRaven on Sunday February 22 2015, @09:50AM
Ummm, I probably need that recovery disk because Windows won't work.
The Windows bootloader will automatically boot from the recovery partition if Windows fails to boot a couple of times. It's also there as an option in the boot menu (not sure if you need to hold a key to make this appear).
sudo mod me up
(Score: 1, Informative) by Anonymous Coward on Saturday February 21 2015, @08:21PM
What is a Restore partition?? (serious question)
It's a small partition on the hard drive that ships with many Windows computers these days whose sole purpose is to restore your main partition (e.g., your C: drive) to its original state when the computer shipped. This is done by the computer manufacturers because:
- they are too cheap to supply an actual restore CD/DVD.
- they want to prevent a customer from wiping the factory installed crapware off their hard drive and reloading from clean media.
- they want to be able to reinstall their crapware no matter what happens to your computer (except for when your hard drive fails).
- they want to charge you to get a restore disk when your hard drive fails (if your hard drive fails then your restore partition goes with it *because they are on the same physical disk*).
For those of us running Linux a restore partition is something memes are made of.