Lenovo Ushers in a New Era of Mobile Workstation Power and Performance with Lenovo ThinkPad P50 and P70
-
@Dashrender said:
You linked saying that the Lenovo stuff downloads before the OS is loading - and I said Of course it does.. just like the HP and Dell stuff.
But if you knew that it loaded before the OS... why were you talking about the guy getting the popup which had to be from something else then, since a popup can't happen until the OS is running?
-
@scottalanmiller said:
@Dashrender said:
Just like Dell and HP installing Drivers before the OS loads!
Do you have any links to this? I'm not saying it doesn't exist, just don't have any details on it to compare. Do they really have no means of disabling this?
This is a function of "Windows Platform Binary Table (WPBT)" Until today I'd never heard of this, and presently I have no idea if it can be disabled or not.
Quoted from the Ars page, this tells you that you can search some (don't know which ones) Dell and HP machines and find the wpbbin.exe file which indicated that they are using this technology.
I would like to know if any non-Lenovo pc's have used this "Windows Platform Binary" method to run software from the firmware, because when I searched for it, I saw people with Dell's and HP's who thought they might have a virus, posting scan logs that contained the text "wpbbin.exe" (which would only be there if Windows found it in the BIOS and put it there) For example see https://www.google.com/search?q="wpbbin.exe"+site%3Aforums.malwarebytes.org (as early as 2013)
-
@scottalanmiller said:
@Dashrender said:
You linked saying that the Lenovo stuff downloads before the OS is loading - and I said Of course it does.. just like the HP and Dell stuff.
But if you knew that it loaded before the OS... why were you talking about the guy getting the popup which had to be from something else then, since a popup can't happen until the OS is running?
Because presumably even though the installer is already there, it won't do something if you tell it NO don't help me.
You're really completely OK with Dell and HP silently installing NIC or whatever drivers using these methods, but not OK with them installing a component that asks for permission to install itself?
-
@Dashrender said:
Though I might have stand corrected when it comes to Dell and HP - BUT when enabled, the LoJack stuff DEFINITELY did the same thing, installed software before the OS loaded.
It is only relevant if they did it without the user's knowledge or permission. That's what this is about. Not that there is technology to do this, but how it is used.
That's where I keep comparing to normal installers. Normal OS software installers can be used to install normal software OR malware. It's not the installer that makes the difference but how it is used.
The technology here can be used for legitimate reasons or for malware. This case is malware because of how it was done. LoJack, I'm quite sure, has the users make the decision about installing it to the UEFI or not.
-
@Dashrender said:
Because presumably even though the installer is already there, it won't do something if you tell it NO don't help me.
But it is too late, the rootkit action has already happened. That you get choices about something else later doesn't matter. I can see what you are saying, but you are talking about asking permission after the issue is said and done. The rootkit is what got us to the point of asking permission, there was no permission asked before that point.
This is like someone breaking into your house and then asking if you want they to make dinner. Sure, it's great that they asked permission before putting the pot roast in. But people are upset because they found a rogue cook in their kitchen.
-
@Dashrender said:
You're really completely OK with Dell and HP silently installing NIC or whatever drivers using these methods, but not OK with them installing a component that asks for permission to install itself?
No, I'm really not which is why I keep asking for a link to show me that this happens!
I'm totally okay with it if they ask permission, make it well known and/or have it able to be disabled. Which, I'm led to believe, we have no reason to doubt that they do at this point.
-
@Dashrender said:
Quoted from the Ars page, this tells you that you can search some (don't know which ones) Dell and HP machines and find the wpbbin.exe file which indicated that they are using this technology.
So you have no reason to believe that HP and Dell are doing this secretly or forcibly and are not talking about the same thing that we are talking about here? Or you just assume that they are doing those things?
We are talking about Lenovo's malicious behaviour, not optional behaviour. Unless you have a reason to believe that Dell, HP or LoJack are doing something similar to Lenovo (again: secret, without authorization and no ability to stop - until they got caught) then I don't think it is right to keep mentioning them as doing "the same thing." Sure they might be, but unless we know that they are we should not accuse them.
-
@scottalanmiller said:
@Dashrender said:
You're really completely OK with Dell and HP silently installing NIC or whatever drivers using these methods, but not OK with them installing a component that asks for permission to install itself?
No, I'm really not which is why I keep asking for a link to show me that this happens!
OHHHHHhhhh K! now we're getting somewhere You're completely against the idea that something - literally anything could happen before you the user has a chance to approve it. Now that I can completely stand behind.
But if that's the case, then you have to say that "Windows Platform Binary Table (WPBT)" is a horrible idea and needs to be removed from Windows, because it allows just this type of action - the ability of the vendor to install something into your computer without your knowledge or consent - and this is a Feature of Windows 8 and higher.
-
@Dashrender said:
OHHHHHhhhh K! now we're getting somewhere You're completely against the idea that something - literally anything could happen before you the user has a chance to approve it. Now that I can completely stand behind.
Yes, but to be clear, if I can go into the BIOS and enable/disable that feature then I'm totally onboard with it. Or if I can choose between firmware versions that do or do not do this. Whatever. If I am given the choice in some manner, then it is fine. So the pure installation of drivers silently is okay, as long as I am aware and could have stopped it (even if that meant proactively disabling it via the BIOS or whatever)
-
@scottalanmiller said:
@Dashrender said:
OHHHHHhhhh K! now we're getting somewhere You're completely against the idea that something - literally anything could happen before you the user has a chance to approve it. Now that I can completely stand behind.
Yes, but to be clear, if I can go into the BIOS and enable/disable that feature then I'm totally onboard with it. Or if I can choose between firmware versions that do or do not do this. Whatever. If I am given the choice in some manner, then it is fine. So the pure installation of drivers silently is okay, as long as I am aware and could have stopped it (even if that meant proactively disabling it via the BIOS or whatever)
LOL again on this we agree - though I'm sure the media would still rain fire and brimstone.
-
@Dashrender said:
But if that's the case, then you have to say that "Windows Platform Binary Table (WPBT)" is a horrible idea and needs to be removed from Windows, because it allows just this type of action - the ability of the vendor to install something into your computer without your knowledge or consent - and this is a Feature of Windows 8 and higher.
Well, I can see why you might feel that way. But that's just not a reasonable action and here is why...
You can say that about anything. You can say the same thing about being able to install software in the OS the old fashioned way. You can say it about JavaScript in web pages. You can say it about Word documents.
It's not reasonable to stop all means of software deployment because they could be used for malicious activity. Maybe this one is so problematic that we need to reconsider it, I'd agree with that. But the key issue here is a vendor that did something wrong given a tool that they had at their disposal. There will always be tools for wrongdoing, we can't take them all away.
What needs to happen is some combination of legal action, market pressure, awareness, etc.
-
@Dashrender said:
LOL again on this we agree - though I'm sure the media would still rain fire and brimstone.
I don't think that they would, because presumably this has been going on and hasn't been an issue until now. Only once it was secret and out of the end user's control did it flair up.
And that it was a vendor with a track record of issues specifically around security and hijacking the control of the end use.
-
You asked for a link to something showing something...
https://forums.malwarebytes.org/index.php?/topic/124460-unknown-virusmalware/
This link appears to be a Dell PC from some of the drivers installed, and has the wpbbin.exe, which Microsoft claims is part of their "Windows Platform Binary Table (WPBT)", and if I recall correctly, is only on the machine if the "Windows Platform Binary Table (WPBT)" pulled it from the BIOS.
-
Hey, we can always assume this trend is caused at least in part by IT pro outrage regarding their questionable practices right?
If there's one thing studying psychology taught me, it's that correlation = causation ✓
-
@scottalanmiller said:
@Dashrender said:
But if that's the case, then you have to say that "Windows Platform Binary Table (WPBT)" is a horrible idea and needs to be removed from Windows, because it allows just this type of action - the ability of the vendor to install something into your computer without your knowledge or consent - and this is a Feature of Windows 8 and higher.
Well, I can see why you might feel that way. But that's just not a reasonable action and here is why...
You can say that about anything. You can say the same thing about being able to install software in the OS the old fashioned way. You can say it about JavaScript in web pages. You can say it about Word documents.
It's not reasonable to stop all means of software deployment because they could be used for malicious activity. Maybe this one is so problematic that we need to reconsider it, I'd agree with that. But the key issue here is a vendor that did something wrong given a tool that they had at their disposal. There will always be tools for wrongdoing, we can't take them all away.
What needs to happen is some combination of legal action, market pressure, awareness, etc.
You're right, that was my knee jerk reaction to your comment, before your additional post indicating that you're OK with drivers, etc from the BIOS as long as you can go into the BIOS and disable the function. So I'm completely on board with this.
-
@WingCreative said:
Hey, we can always assume this trend is caused at least in part by IT pro outrage regarding their questionable practices right?
If there's one thing studying psychology taught me, it's that correlation = causation ✓
It might be premature to declare that. that would be great if that were the case but lots of their losses are coming from divisions that people do not realize are associated with them like Motorola phones. Honestly their product lineup is weak, not terrible, just not strong. When's the last time you saw a Lenovo product and went "oh wow, that's what I need to buy." Their servers are not very good, their desktops are okay, their laptops are decent but nothing like they used to be and their tablets are mediocre. They have good products, but overall their lineup has been in decline it seems, at least relative to the competition.
Hard to say if it is outrage, a general embarrassment at using their products, general market pressure, collapse of their core market (largest market collapse in recent history), poor performance after buying IBM's server division... it's a huge company with a lot of factors at play.
-
Did anyone even notice that part of the issue, that almost no one mentions, is that this software was also sending data out to Lenovo?
-
Also, there was enough time on this before this went public that they already knew that there were exploits possible of it..
The utility also sends non-personally identifiable system data to Lenovo servers.
Lenovo, Microsoft and an independent researcher have discovered possible ways this program could be exploited by an attacker, including a buffer overflow attack and an attempted connection to a Lenovo test server.
-
Sure, but insecure software doesn't make it malware, or nearly every piece of software ever written would have to be considered malware
As for the sending of data - yeah this is pretty bad - though I see tempering of this by the fact that this software would be installed directly on the machine that a consumer would get anyway, and it would be buried in the EULA that the information would be sent to Lenovo, just like it is for Dell and HP, etc - All of them do that! and have for years.
-
@Dashrender said:
Sure, but insecure software doesn't make it malware, or nearly every piece of software ever written would have to be considered malware
Correct, it is not that the software is poor that it is malware.
