HackGh Community Forum

Log in

I forgot my password



Who Is Online?
Guests : 0
Hidden : 0
Registered : 0
Users Online :
Refresh View the whole list

Latest topics
Keywords

9  21  8  DumsormustSTOP  Critical  7  HackGh  google  keepCalmAndLOVEHACKGH4life  Unlimited  terms  1  11  3264  5513  4  intl  5  2000  6  3  phAnt0m_DrAcON  2  10  30  policies  

Top posting users this month
obzeva
 
PhAnt0m
 



Free counters!
Staff Online
Staff Online
Members2046
Most Online179
Newest Member
BBC alternative

You are not connected. Please login or register

 » Computer Tricks And Technology Tips » Windows1O OS Downloads, Trick and & Tips » 

Lenovo Removes Another Pre-Installed Feature over Security Fears

View previous topic View next topic Go down  Message [Page 1 of 1]

kbasante

avatar
Support Moderator
Support Moderator
Half a year ago, Lenovo had to apologize to its consumers for pre-installing security-busting malware Superfish on its laptops. Today the company has again had to remove another pre-installed feature from its machines over security fears.


This time, the component is called the “Lenovo Service Engine (LSE)” and is built into BIOS. This feature launches after the machine is turned on and replaces Microsoft’s start-up diagnostics program with Lenovo’s version. The latter does all the same things as Microsoft’s, and two more: it makes sure that Lenovo’s own software update tools are still present on the PC or laptop and re-installs them if they were removed. Then the software update tools run to download and install drivers to keeping the machine up to date, along with other software preinstalled on Lenovo devices – the so-called “crapware”.

Like the earlier controversial feature, the LSE also provides almost no benefits to the end user: the software is buried so deeply into the system that it’s very hard to remove. And it also goes beyond annoyance, into pure security vulnerability: the researchers discovered how to use it to perform a “privilege escalation” attack. The latter would allow a hacker to gain greater control over a vulnerable machine.

So, Lenovo had to release updates to uninstall the LSE code, both for laptops and desktops. The company announced the release of Lenovo Product Security Advisories highlighting the new BIOS firmware. The computer manufacturer strongly recommended its users update their systems with the latest BIOS firmware. Lenovo also published a list of the affected models. It is known that no ThinkPad range of business machines was affected.

Shortly after that, Microsoft released new guidelines on how software like LSE should work, thus literally banning Lenovo from shipping it. Microsoft said that Lenovo’s use of LSE was not consistent with the updated guidelines and therefore cannot be installed on Lenovo systems any longer. Microsoft also recommended all users update their systems with the new BIOS firmware, which disables or removes LSE.

By the way, last time Lenovo promised to install no more bloatware on its devices. However, as the most recent problem shows, understanding of what exactly that entails varies.

View user profile

View previous topic View next topic Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum