Lenovo Ushers in a New Era of Mobile Workstation Power and Performance with Lenovo ThinkPad P50 and P70
-
@Dashrender said:
You're wondering if what breaks certain OSes? The BIOS/UEFI (I'll call it a) authorized hack?
The forced push of drivers. Sorry that was pretty ambiguous. Even when it isn't doing something "bad" does it, for example, push a version of the NIC driver to Windows 10 even if you have Windows 8 or what about when 11 comes out? How does it do the "forced push" without adding new risks just around reliability?
-
@scottalanmiller said:
@Dashrender said:
You're wondering if what breaks certain OSes? The BIOS/UEFI (I'll call it a) authorized hack?
The forced push of drivers. Sorry that was pretty ambiguous. Even when it isn't doing something "bad" does it, for example, push a version of the NIC driver to Windows 10 even if you have Windows 8 or what about when 11 comes out? How does it do the "forced push" without adding new risks just around reliability?
The previously linked forums posts indicated that a single system was able to tell the difference between Windows 7 and Windows 8 and as such did something different for each system.
Also with rare exceptions Windows 7 drivers work in 8 and 10.
The manufacturer could release a new BIOS update for a new OS that could then support several versions of Windows if needed.
-
@Dashrender said:
The previously linked forums posts indicated that a single system was able to tell the difference between Windows 7 and Windows 8 and as such did something different for each system.
Could do it, yes. But that something is doing detection and force pushing leaves a lot of room for error, right? Does a simple typo case the system to force Windows drivers into ESXi for example? How does it do the detection? How does it ensure it doesn't do the wrong thing? Lots of questions to ask given that traditionally we had humans verifying this stuff.
-
I would assume that any legitimate usage of this function would be heavily marketed as a time-saving measure, something like:
"Many of our customers prefer to start off with a fresh install of Windows. We understand that hunting down drivers just to get hardware working after a reinstall is frustrating and time consuming. Now, we're using cutting-edge technology to ensure your computer has a direct line to automatically download the latest drivers even after a complete reinstall of Windows! System administrators: If you'd rather have a completely blank slate upon reinstallation, this option can be disabled in the BIOS."
You don't just spend time and money getting a feature like this set up without some sort of return on your investment, and in an ideal world this would actually be a pretty decent selling point. I would love to be able to do a fresh install without worrying about driver downloads & updates immediately afterwards. It's not a huge thing but it would be nice.
In contrast, Lenovo's implementation got shut down by Microsoft, and was only discovered by someone doing some deep diving into their own system. Otherwise it would have quietly been a thing until they had to patch it out. It was also difficult to disable, implying Lenovo didn't plan on allowing it to be disabled.
-
@WingCreative Great perspective.
-
@WingCreative said:
"Many of our customers prefer to start off with a fresh install of Windows. We understand that hunting down drivers just to get hardware working after a reinstall is frustrating and time consuming. Now, we're using cutting-edge technology to ensure your computer has a direct line to automatically download the latest drivers even after a complete reinstall of Windows! System administrators: If you'd rather have a completely blank slate upon reinstallation, this option can be disabled in the BIOS."
This would make me SO happy....
-
@WingCreative said:
I would assume that any legitimate usage of this function would be heavily marketed as a time-saving measure, something like:
"Many of our customers prefer to start off with a fresh install of Windows. We understand that hunting down drivers just to get hardware working after a reinstall is frustrating and time consuming. Now, we're using cutting-edge technology to ensure your computer has a direct line to automatically download the latest drivers even after a complete reinstall of Windows! System administrators: If you'd rather have a completely blank slate upon reinstallation, this option can be disabled in the BIOS."
You don't just spend time and money getting a feature like this set up without some sort of return on your investment, and in an ideal world this would actually be a pretty decent selling point. I would love to be able to do a fresh install without worrying about driver downloads & updates immediately afterwards. It's not a huge thing but it would be nice.
In contrast, Lenovo's implementation got shut down by Microsoft, and was only discovered by someone doing some deep diving into their own system. Otherwise it would have quietly been a thing until they had to patch it out. It was also difficult to disable, implying Lenovo didn't plan on allowing it to be disabled.
This tech isn't for businesses, it's purely for consumers. Businesses have people like you and I do make images that contain all the drivers needed, etc.
The vendors don't need to sell this to consumers, as the consumers won't understand what it means, and I'm sure they won't understand the value. Instead the vendor will use it because it CAN (but might not) help them reduce costs of support.
-
@Dashrender said:
This tech isn't for businesses, it's purely for consumers. Businesses have people like you and I do make images that contain all the drivers needed, etc.
The vendors don't need to sell this to consumers, as the consumers won't understand what it means, and I'm sure they won't understand the value. Instead the vendor will use it because it CAN (but might not) help them reduce costs of support.
With that in mind - the general idea of what Lenovo is now being accused of I find in poor taste because the technology is actually a really clever and useful idea. Of course this is Lenovo we're talking about, a completely untrustworthy company - who has shown yet again by their implementation that they don't care about the security of it's customers by deploying the tech in an extremely insecure fashion.
-
@Dashrender said:
With that in mind - the general idea of what Lenovo is now being accused of I find in poor taste because the technology is actually a really clever and useful idea.
Poor taste by whom? What they've been accused of is using this neat idea to actually deploy malware. They've secretly rootkitted people's machines.
Neat or useful or not, it's a breach of trust and ethics.
-
@scottalanmiller said:
@Dashrender said:
With that in mind - the general idea of what Lenovo is now being accused of I find in poor taste because the technology is actually a really clever and useful idea.
Poor taste by whom? What they've been accused of is using this neat idea to actually deploy malware. They've secretly rootkitted people's machines.
Neat or useful or not, it's a breach of trust and ethics.
What what we are reading, this is no more a rootkit than what Lo Jack has been doing for years - and currently there is no evidence that this solution is being used to deploy malware - only Lenovo's own tools. You may not like their tools, but those tools haven't been proven to be malware or spyware yet, least not in the postings I've read.
-
@Dashrender said:
What what we are reading, this is no more a rootkit than what Lo Jack has been doing for years
You are telling me that you've been buying computers where LoJack has taken control of your machine without your knowledge or authorization and has been using it to push unwanted software to your machine that you cannot control?
-
@Dashrender said:
only Lenovo's own tools. You may not like their tools, but those tools haven't been proven to be malware or spyware yet, least not in the postings I've read.
Um, by definition what they've done makes those malware. Software for Lenovo's benefit, withtout the permission or desire or authorization of the customer... that's malware by any definition I've ever heard. What else could it be? It's malicious, it's ware. Just because it hasn't yet been shown to have a dramatic impact doesn't change what it is.
Spyware no, that it is not. That's a specific type of malware. But malware it is. It is not bloatware alone because there is the added condition of this being a malicious intrusion to customers' systems without their knowledge or consent.
Breaking and entering isn't excused just because the person gets caught before they get away stealing something. Breaking and entering alone is enough to arrest them. Malware is malware before it spies on your or damages your machine.
-
@Dashrender said:
@WingCreative said:
I would assume that any legitimate usage of this function would be heavily marketed as a time-saving measure, something like:
"Many of our customers prefer to start off with a fresh install of Windows. We understand that hunting down drivers just to get hardware working after a reinstall is frustrating and time consuming. Now, we're using cutting-edge technology to ensure your computer has a direct line to automatically download the latest drivers even after a complete reinstall of Windows! System administrators: If you'd rather have a completely blank slate upon reinstallation, this option can be disabled in the BIOS."
You don't just spend time and money getting a feature like this set up without some sort of return on your investment, and in an ideal world this would actually be a pretty decent selling point. I would love to be able to do a fresh install without worrying about driver downloads & updates immediately afterwards. It's not a huge thing but it would be nice.
In contrast, Lenovo's implementation got shut down by Microsoft, and was only discovered by someone doing some deep diving into their own system. Otherwise it would have quietly been a thing until they had to patch it out. It was also difficult to disable, implying Lenovo didn't plan on allowing it to be disabled.
This tech isn't for businesses, it's purely for consumers. Businesses have people like you and I do make images that contain all the drivers needed, etc.
The vendors don't need to sell this to consumers, as the consumers won't understand what it means, and I'm sure they won't understand the value. Instead the vendor will use it because it CAN (but might not) help them reduce costs of support.
In the perfect world where companies use technological developments like this correctly, why not have it be for business too?
SMB and nonprofits rarely have imaging processes in place from what I have seen, and are more okay with buying the cheapest workable hardware instead of sticking to a standard hardware deployment.
If you could trust a system like this, you could use the same image across a variety of hardware without setting up and maintaining a driver repository. This would also allow places with mixed hardware to more easily integrate a standard imaging process without spending time finding the right drivers and keeping them up to date.
Instead, it was used like some sort of hidden DRM to ensure Lenovo software persisted when one assumed only Microsoft software would remain. This DRM-like system did not use SSL, allowing anyone sharing your connection the opportunity to intercept and modify the connection and traffic created every boot cycle. Boo to that.
-
@scottalanmiller said:
@Dashrender said:
What what we are reading, this is no more a rootkit than what Lo Jack has been doing for years
You are telling me that you've been buying computers where LoJack has taken control of your machine without your knowledge or authorization and has been using it to push unwanted software to your machine that you cannot control?
Where is Lenovo taking control of your machine without your knowledge or authorization? Heck, the first thing all these people are talking about is the prompt about the install.
And yes, if LoJack is enabled (granted it's most often not) it does all those things completely silently.
-
@Dashrender said:
And yes, if LoJack is enabled (granted it's most often not) it does all those things completely silently.
I don't think you understand what I am saying. What devices have you ever heard of where LoJack was put on there without the customer's knowledge or consent?
-
@scottalanmiller said:
@Dashrender said:
only Lenovo's own tools. You may not like their tools, but those tools haven't been proven to be malware or spyware yet, least not in the postings I've read.
Um, by definition what they've done makes those malware. Software for Lenovo's benefit, withtout the permission or desire or authorization of the customer... that's malware by any definition I've ever heard. What else could it be? It's malicious, it's ware. Just because it hasn't yet been shown to have a dramatic impact doesn't change what it is.
Spyware no, that it is not. That's a specific type of malware. But malware it is. It is not bloatware alone because there is the added condition of this being a malicious intrusion to customers' systems without their knowledge or consent.
Breaking and entering isn't excused just because the person gets caught before they get away stealing something. Breaking and entering alone is enough to arrest them. Malware is malware before it spies on your or damages your machine.
But the users are notified by a popup, and given the chance to say NO.
-
@WingCreative said:
Instead, it was used like some sort of hidden DRM to ensure Lenovo software persisted when one assumed only Microsoft software would remain. This DRM-like system did not use SSL, allowing anyone sharing your connection the opportunity to intercept and modify the connection and traffic created every boot cycle. Boo to that.
I already agreed that Lenovo did a poor implementation of this solution, but the claim that this is malware - it's no more malware than Dell installing it's own solutions to the computer. They get off the hook ONLY because they prompt before the install actually takes place.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
only Lenovo's own tools. You may not like their tools, but those tools haven't been proven to be malware or spyware yet, least not in the postings I've read.
Um, by definition what they've done makes those malware. Software for Lenovo's benefit, withtout the permission or desire or authorization of the customer... that's malware by any definition I've ever heard. What else could it be? It's malicious, it's ware. Just because it hasn't yet been shown to have a dramatic impact doesn't change what it is.
Spyware no, that it is not. That's a specific type of malware. But malware it is. It is not bloatware alone because there is the added condition of this being a malicious intrusion to customers' systems without their knowledge or consent.
Breaking and entering isn't excused just because the person gets caught before they get away stealing something. Breaking and entering alone is enough to arrest them. Malware is malware before it spies on your or damages your machine.
But the users are notified by a popup, and given the chance to say NO.
Are you sure? That's not what is being reported.
-
@Dashrender said:
I already agreed that Lenovo did a poor implementation of this solution, but the claim that this is malware - it's no more malware than Dell installing it's own solutions to the computer.
Unless these articles are lying (very possible) you and I have completely different definitions of malware and permission.
-
There is a reason why the media is using the term rootkit. This is insidious malware that they are reporting. Actual loss of admin level control.