Slash Boxes

SoylentNews is people

posted by martyb on Saturday February 21 2015, @03:46PM   Printer-friendly
from the fishing-for-answers dept.

Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers. According to an alert released through its National Cyber Awareness System, the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites, and perform other attacks on Lenovo PCs with the software installed.

Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability. "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement to Reuters early on Thursday. On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling "Superfish". "We should have known about this sooner," Tingler said in an email. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on."

[Editor's Note: For background information on this threat, Ars Technica has coverage here, here, here, and here.]

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by fritsd on Saturday February 21 2015, @05:21PM

    by fritsd (4586) on Saturday February 21 2015, @05:21PM (#147811) Journal

    The U.S. government on Friday advised Lenovo Group Ltd customers to remove a "Superfish," (...)

    (emphasis mine)

    In every other country, the government would just advise the consumers to return the defective computer to their retailer for a full refund, and the retailer to the malicious seller (including postage and transport insurance) -- or else revoke that seller's license to sell in that country.

    Doesn't the USA have consumer laws? I thought it was a capitalistic country?

    If Toyota accidentally sells cars with dodgy brakes in the USA, does the U.S. Department of Road Traffic (don't know what it's called) provide the consumers with a list of instructions how to remove the dodgy brake, and a link to to order a replacement one?

    Bullshit, those cars are recalled, it's the problem and responsibility of the seller to sell functioning wares.

    A car with dodgy brakes is worse than no car, and a PC that makes your bank and social security logins world-readable is worse than no PC.

    Starting Score:    1  point
    Moderation   +2  
       Troll=1, Insightful=1, Interesting=2, Disagree=1, Total=5
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 5, Informative) by Anonymous Coward on Saturday February 21 2015, @06:03PM

    by Anonymous Coward on Saturday February 21 2015, @06:03PM (#147825)

    I'm in the US, and your car analogy is spot on.

    My Toyota had 5 recalls last year. Toyota decided to only fix two of them (one that causes the airbags to not deploy, and one that causes the front seats to come free of the floor in an accident-- nice combo). One of the ones they decided not to fix unless it is already broken / breaks before 100K miles is a bolt that holds the suspension together. Presumably, our government was OK with this decision.

    We *are* a capitalist country. That is the problem. Capital has complete control of *everything* in this country. There is a silly ritual of voting for pre-selected (by money) candidates periodically, but it is all sham. The U.S. elite have achieved Mussolini’s ideal of fascism.

  • (Score: 5, Interesting) by frojack on Saturday February 21 2015, @06:06PM

    by frojack (1554) on Saturday February 21 2015, @06:06PM (#147827) Journal

    Returning Computers to the store is WORSE advice than taking your car in for a recall.

    You're suggesting everyone who purchased a Lenovo hand all their data to some local retailer, who in turn hands it over to Lenovo, which is located in China. Nice windfall for them. Customer is left without both their data AND their computer. Thanks a lot buddy.

    Fortunately the Government isn't that stupid, and knows that removing all traces of sensitive data from a computer is a tougher job then the average housewife can handle, and doesn't make such silly mandates.

    The automatic removal tool and/or the manual removal steps [] are simple enough, and Microsoft Security Essentials (which also comes pre-installed) will remove it for you.

    A nice fat fine for Lenovo is all that is required here.

    No, you are mistaken. I've always had this sig.
    • (Score: 2) by fritsd on Saturday February 21 2015, @06:56PM

      by fritsd (4586) on Saturday February 21 2015, @06:56PM (#147847) Journal

      Hm.. good point.. to continue the car analogy, it is advised to first take your child out of the car before you bring the latter to the garage for recall. Unfortunately your computer doesn't protest as loudly when you bring it back to the shop where you bought it.

      And one of the first things you'd want to do with a new computer is put all the stuff from the old computer on it, so what you describe is probably quite common.

      So what's the solution? Some local company that specializes in trusted wiping of computers? (Fee to be sent to Lenovo) and then return it to the retailer?

      • (Score: 2) by frojack on Saturday February 21 2015, @07:08PM

        by frojack (1554) on Saturday February 21 2015, @07:08PM (#147851) Journal

        The solution was pointed out in my first reply. Maybe re-read that?

        Remove the malware, and get on with your life.

        No, you are mistaken. I've always had this sig.
      • (Score: 3, Interesting) by JNCF on Saturday February 21 2015, @08:14PM

        by JNCF (4317) on Saturday February 21 2015, @08:14PM (#147875) Journal

        Well if we're going to be statists about the thing, the recall could simply instruct consumers on how to remove their hard-drives. I don't know how difficult that would be on the affected models, but on my ThinkPad it's about as difficult as swapping out batteries on a normal consumer device. You'll need a screwdriver, but it's a world of difference from trying to wipe the thing clean before returning it. Let Lenovo eat the cost of not getting their hard-drives back.

  • (Score: 1, Funny) by Anonymous Coward on Saturday February 21 2015, @08:25PM

    by Anonymous Coward on Saturday February 21 2015, @08:25PM (#147880)

    Doesn't the USA have consumer laws?

    Yes, but generally the corporations are the "consumers" protected by the laws passed by the US government. This is a totally reasonable definition of "consumer" seeing how most companies are giving money to the legislators for these laws.