Lenovo Accused Of Using ‘Rootkit-Like’ Methods To Sneak Software Onto Clean Windows Installs

When acquiring a new notebook or desktop, one of the first things many power users do is wipe it clean. No one likes the "junk" that comes preinstalled, and if time is available, sometimes it's just preferable to start fresh. But what if that was easier said than done? What if that preinstalled junk became more like a plague, persisting even through a fresh install of Windows?

You might think, "That's crazy. Impossible." Well, it is crazy, but it's definitely not impossible.

It seems that installing some asinine malware on customer PCs wasn't enough to satisfy Lenovo's insatiable appetite for intrusion, as it's recently been discovered that the company's installed what's effectively a rootkit onto a range of its notebooks, including Flex and Yoga models.

The root of this problem, no pun, is something called Lenovo Service Engine, in effect low-level firmware that's able to detect whether or not certain files exist in the installed OS. In this case, it seems only Windows 7 and 8 are affected. In the event files this rootkit wants are not present, they'll automatically be fetched from the Internet, and subsequently installed.

Lenovo Flex Edge

Lenovo's goal here is to make sure its customers have the official tools for the sake of keeping up to date and secure - the latter point being humorous given the Superfish debacle. Nonetheless, the way in which the company goes about forcing this on its customers is far from being OK.

Interestingly, Lenovo's implementation is actually kosher with Microsoft, as this is an explicitly laid-out mechanism supported by Windows. Up to this point, though, this is the first known case where that mechanism has been used.

Lenovo has since issued firmware updates to get rid of its Service Engine, although the company hasn't made it a point to highlight it - or the issue in general - to customers. If you own one of the following models, be sure to head to Lenovo's support site and grab the update.

Flex 2 Pro-15/Edge 15 (Broadwell/Haswell models), Flex 3-1470/1570/1120, G40-80/G50-80/G50-80 Touch/V3000, S21e, S41-70/U40-70, S435/M40-35, Yoga 3 14, Yoga 3 11, Y40-80, Z41-70/Z51-70 and Z70-80 / G70-80.