⬆️ ⬇️

Lenovo distinguished itself again: bloatware turned out to be embedded in the BIOS of the company's notebook





Lenovo was again in the center of the scandal associated with the modification of the operating system on laptops that this company produces and sells. The last time it turned out that their OEM operating system included the installed Superfish advertising program, which was notable for its obsessive behavior and complete disregard for safety. This time everything is much worse - even a complete reinstallation of the operating system from scratch will not save the user .



After installing a clean Windows system before its first launch, a special program stored in the BIOS replaces the autochk.exe system file, which is used to check the integrity of the file system and fix errors, with its bootloader. It creates system services that download the necessary programs from Lenovo servers. So this system works with Windows 7. In the case of Windows 8, everything happens even easier.

')

The fact is that the Windows OS, starting with the eight, supports the so-called. The Windows Platform Binary Table (WPBT) is a table whose format was developed by the company as an extension of the ACPI (Advanced Configuration and Power Interface) tables. The system works like this: a binary executable file can be stored in the computer BIOS. If the system when loading finds this file there, it copies it to disk and executes it.



Unfortunately, Microsoft, from the height of its position, has all the possibilities to push iron manufacturers to support such a system - which it did not fail to take advantage of. And all this is done, of course, for the benefit of users. Microsoft, without sparing itself, cares about the security of users of Windows operating systems. Therefore, in this way she decided to organize assistance in the search for stolen computers.



Suppose you have stolen a laptop. Even if you put a special program on it that helps to track it, then nothing will prevent the attacker from formatting his drive. However, if such a program is integrated into the BIOS, then installing a clean system on a computer will not stop its execution (unless the thief turns out to be a Linux fan).



Everything would be fine if the manufacturers and sellers of laptops did not seek to earn at any cost. Not only that the default systems swell from all kinds of bloatware (this bad tradition has successfully spread to smartphones). So now there is a way in which you simply cannot get rid of it.



So, in the case of installing Windows 8, the file “wpbbin.exe” stored in the BIOS is copied to C: \ windows \ system32 and executed. It ends with the same installation of proprietary services from Lenovo, LenovoUpdate.exe and LenovoCheck.exe, which download their files from the company's servers.



The company called this remarkable system “Lenovo Service Engine”. It not only sends information about the technical characteristics of your computer to the company's server, but also installs the OneKey Optimizer (OKO) software, which seems to fall into the crapware category. According to the company, he "cleans the system of unnecessary files" and "optimizes the computer." What he actually does is still very few people know, but judging by the majority of programs that hide behind such promises, this is hardly something good.



Not only are obscure programs that are impossible to get rid of, they are engaged in the replacement of system files - they download this “optimizer” of the JCE through the unprotected HTTP protocol. It is hardly necessary to explain what this is fraught with (see "MitM attack").



As it turned out, security specialist Roel Schouwenberg reported this alarming situation to Lenovo and Microsoft back in April. Now Lenovo claims that all computers, starting in June, are deprived of this remarkable feature. She also released patches and instructions to disable this feature in those computers in which it is present, and lists of computers affected by this problem ( desktop / laptop ). Interestingly, the company now calls the function, which itself has integrated, "vulnerability."



Microsoft’s response to these questions was an extension of the WPBT instructions, in which it explains to all software and hardware vendors that programs using this feature “should be written with an eye to security, otherwise they could be regarded as malware”.



Unfortunately, nowadays, when buying a smart electronic device, a person does not turn out to be its full owner - without any warning, he may find himself in a situation where his computer or smartphone is equipped with absolutely unnecessary programs, which at best eat off system resources, and worst - violate data security. It is difficult to say how justice can be restored in such cases - lawsuits, boycotts of products of certain companies, or other actions. It is clear only that this is necessary.

Source: https://habr.com/ru/post/356828/



All Articles