Throwing the baby out with the bathwater

Story: Superfish means its time to get rid of your Lenovo computerTotal Replies: 9
Author Content
penguinist

Feb 23, 2015
4:48 PM EDT
Jim, you are missing the obvious when you advise people to discard their Lenovo computers, sorry.

I bought a Lenovo ultrabook a few months ago, one of those high end models with really ultra high resolution displays, very light weight, and hours+ of battery life. The first thing out of the box, I booted it into a Linux installation USB drive, made a dd backup of the disk (in case I ever needed to return this computer for warranty service) and then installed my favorite Linux distribution. The Windows OS, extra trash from Lenovo, etc were all completely wiped off the disk, never to see the light of day.

The end result is that I have a beautiful piece of hardware with all the security and openness that Linux has to offer. So the bottom line of my message here is that you don't have to accept trash software from vendors, nor do you need to discard a computer if you are unhappy with the software that comes with it. Just have the courage to take charge of your own computing environment.

Don't be afraid to format a Windows drive into oblivion. It feels good.
gus3

Feb 23, 2015
5:18 PM EDT
We should file this incident away as a case study against UEFI and/or Treacherous Computing.
number6x

Feb 23, 2015
6:44 PM EDT
@penguinist

Did you get a Yoga 2 Pro?

That's what I bought. Followed the same procedure you did. I loaded Linux Mint, after researching some forums. It works flawlessly.

Great computer, but I don't have a clue how it worked with the Windows 8.1 it came with, as I never booted to Windows.

albinard

Feb 23, 2015
6:49 PM EDT
And did you also remove the NSA firmware?

http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/f...
linuxscreenshot

Feb 23, 2015
7:52 PM EDT
Quoting:And did you also remove the NSA firmware?


Can you provide a summary?
penguinist

Feb 23, 2015
11:00 PM EDT
@number6x: Yes exactly, the Yoga 2 Pro Ultrabook decked out with all the bells and whistles, 2-core i7, 8GB memory, 256GB ssd, 3200x1800 pixel display, touchscreen. I couldn't be happier with this hardware, and it runs flawlessly under my favorite Linux distribution, all the hardware functionality is well supported.

@albinard: Are you trying to lead me down a time consuming dead end trail. I'm very security oriented, but I stopped reading your linked document after 20 out of its 40 pages after finding nothing a Linux user should be concerned about. I'll second lss's idea that you provide a summary if there is any substance that is relevant.

From the part of the report I read, these exploits are Windows targeted and rely on special modifications to the Windows boot sequence. You may not know, but when Linux is installed on a hard drive it is common practice to remove and replace everything right down to and including the master boot record. My personal practise is even more secure than most, I use dd to write 0's to the full disk before installation. It's as if you plugged in a factory fresh hard drive and started from the beginning. Unless I hear from you otherwise I'll consider your link to be something that Windows users should worry about, not Linux users.
jdixon

Feb 23, 2015
11:10 PM EDT
Searching the PDF file for the word "firmware" reveals that the malware in question supposedly has the ability to rewrite the firmware on a fairly large set of hard drives.
penguinist

Feb 23, 2015
11:46 PM EDT
@jdixon: Thanks, that info tidbit is probably enough to get me to read the second 20 pages (which in the meantime I have quickly scanned). It sounds as if the Windows exploit has the potential ability to hide its data in unused sectors of the disk. Still, unless you have the Windows exploit running, I'm really not seeing how that is a worry for a Linux user.

When disks get enough firmware space to support their own independent IP stack then I will start worrying. Until then I'll just feel sorry for all the unenlightened Windows lemmings who populate this world.
750

Feb 24, 2015
3:00 AM EDT
the model ranges involved seems to have all been ideapads.

Meaning that once more we see a whole brand getting the stick because their bottom of the barrel stuff do something dumb.
albinard

Feb 24, 2015
12:20 PM EDT
There has been a flurry of articles on this lately, most second- and third-hand reports, so I linked the original Kaspersky source. Here is a shorter summary from Reuters:

http://www.reuters.com/article/2015/02/16/us-usa-cyberspying...

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!