Back to Home

Lenovo distinguished itself again: bloatware turned out to be integrated into the BIOS of laptops of the company

Lenovo is once again at the center of the scandal over modifying the operating system on laptops that the company manufactures and sells. Last time it turned out that their ...

Lenovo distinguished itself again: bloatware turned out to be integrated into the BIOS of laptops of the company



    Lenovo is once again at the center of the scandal over modifying the operating system on laptops that the company manufactures and sells. The last time it turned out that their OEM OS included the installed Superfish adware , which was distinguished by intrusive behavior and a complete disregard for security. This time everything is much worse - the user will not save even a complete reinstallation of the operating system from scratch.

    After installing a clean Windows system before its first launch, a special program stored in the BIOS replaces the autochk.exe system file, which serves to check the integrity of the file system and fix errors, to its bootloader. He creates system services that download the necessary programs from Lenovo servers. So this system works with Windows 7. In the case of Windows 8, everything is even simpler.

    The fact is that Windows, starting with the eight, supports the so-called. Windows Platform Binary Table (WPBT) is a table whose format was developed by the company as an extension of ACPI tables (Advanced Configuration and Power Interface). The system works like this: a binary executable file can be stored in the computer BIOS. If the system finds this file there at boot, it copies it to disk and executes.

    Unfortunately, Microsoft, from the height of its position, has every opportunity to push iron manufacturers to support such a system - which it did not fail to take advantage of. And all this has been done, of course, for the benefit of users. Microsoft, not sparing itself, cares about the security of users of Windows operating systems. Therefore, in this way she decided to organize assistance in the search for stolen computers.

    Let's say you have a laptop stolen. Even if you put a special program on it to help track it, then there is nothing stopping the attacker from formatting his drive. However, if such a program is integrated into the BIOS, then installing a clean system on the computer will not stop its execution (unless the thief turns out to be a Linux fan).

    Everything would be fine if laptop manufacturers and sellers were not eager to make money at all costs. Not only that, the default systems swell from all bloatware (this bad tradition has successfully spread to smartphones). So now there is a way in which you simply cannot get rid of it.

    So, in the case of installing Windows 8, the file “wpbbin.exe” stored in the BIOS is copied to C: \ windows \ system32 and executed. It ends with the same installation of branded services from Lenovo, LenovoUpdate.exe and LenovoCheck.exe, downloading their files from the company's servers.

    The company called this outstanding system Lenovo Service Engine. She not only sends information about the technical specifications of your computer to the company’s server, but also installs the OneKey Optimizer (OKO) software, which seems to fall into the crapware category. According to the assurances of the company, it "cleans the system of unnecessary files" and "optimizes the computer." What he actually does is not known to many so far, but judging by most of the programs that cover up with such promises, this is hardly something good.

    Not only do obscure programs that you cannot get rid of deal with system file spoofing - they download this "optimizer" OKO via an unprotected HTTP protocol. It hardly needs to be explained what this is fraught with (see "MitM attack").

    As it turned out, security specialist Roel Schouwenberg reported this alarming situation to Lenovo and Microsoft back in April. Lenovo now claims that all computers, starting in June, lack this wonderful feature. She also released patches and instructions in order to disable this feature in the computers in which she is present, and lists of computers affected by this problem ( desktop / laptops) Interestingly, the company now calls the function, which itself integrated, “vulnerability”.

    Microsoft's answer to these questions was the extension of the instructions for using WPBT, in which it explains to all software and hardware manufacturers that the programs that use this feature "must be written with a view to security, otherwise they can be regarded as malware."

    Unfortunately, in our time, often, when buying a smart electronic device, a person does not turn out to be its rightful owner - he may, without any warning, find himself in a situation where his computer or smartphone is equipped with absolutely unnecessary programs that consume system resources at best, and the worst - violate the security of working with data. It is difficult to say how justice can be restored in such cases - by lawsuits, boycotts of products of certain companies, or other actions. It is only clear that this is necessary.

    Read Next