Since I usually run linux on the machines I buy, Superfish wouldn't be an issue. In fact, the current laptop I have is Lenovo. The hardware is what matters to me.
The matter of supporting them in this behavior gives me pause, though.
I might consider it given that I just run Linux on it anyways. Quality issues with the case of my current thinkpad, an E530, are likely to give me more pause.
I really do think there is a niche for linux compatible bare bones laptops. I know that some companies make them, but most are of low quality. Maybe Dell will come out with more options in the future.
But to answer your question, I would buy again, but would choose a competitor over them if all other things were equal.
Lenovo is a big company, and I'm pretty sure that the department responsible for the preloaded junk is completely separate from the people doing security (or, for that matter, any) testing on their regular drivers and utilities.
Unfortunately preloading of software with (to put it mildly) limited usefulness is epidemic in the whole industry, and we also learned that Superfish is only one of many products built with the "Komodia MITM toolkit"! So, I really see this as one outlier in a crappy business. This could have happened to every laptop manufacturer that has crapware in their default-install. Which is every single of them.
> the department responsible for the preloaded junk is completely separate from the people doing security
Lenovo's CTO stated, "We're not trying to get into an argument with the security guys. They're dealing with theoretical concerns." If the CTO and the department that's responsible for choosing the default software are both "completely separate" from everyone at Lenovo who has a clue about security, what does that say about Lenovo?
The CTO also claimed that the preinstalled software would be appreciated by users ;-). So better take his words with a grain of salt.
❝In general, we get pretty good feedback from users on what software we pre-install on computers.❞
And yes, I'm pretty sure that security in third party software is at most an afterthought. Security holes hardly every are as blatant as the one created here, and my guess is that the normal process is to "just get an update from the vendor, should any security holes become apparent."
With the constant change of bundled software, do you really think that a thorough security review takes place? I'm very sure that this will only be done on the utilities, tools and drivers that are built to operate on a much broader range of devices (e.g. the ugly "battery icon" power manager blemishing most Lenovo PCs' taskbars), will also be installed by "enterprise"-customers, and generally are maintained over longer time periods.
The decision on including crapware certainly is done somewhere in marketing, and then just passed on to whoever has to build the default image.
Interestingly enough, the company that wrote Superfish (Komodia) is based in Palo Alto, California.
I don't think it was malicious intent by Lenovo to install adware on user's computers, rather, they were negligent to the fact they were dealing with an incompetent software vendor.
> the company that wrote Superfish (Komodia) is based in Palo Alto, California
How do you reach this conclusion?
1) komodia.com/about doesn't have any geographic information on it.
2) Their whois entry says Israel, but is (deliberately?) misleading. Is that phone number real?
Registrant Phone: +00.6142772739
The leading digits "614" don't match the calling code for Israel which is 972, nor any Palo Alto area code. Instead it's Columbus, Ohio?
3) It's hard to be sure what was recently on their website, because of a claimed DDOS. But archive.org still has some old info
https://web.archive.org/web/20150220024525/http://www.komodi...
which points to a PO Box in Israel, and gives a phone number with an Israel calling code.
How can you still buy a lenovo product? Superfish was a VERY a dangerous software to have preloaded. I'm pretty sure lenovo engineers knew exactly how dangerous this is and did absolutely nothing about it. And if no one in lenovo knew then that is much worse.
In essence, the company installed software to spy on you, and I hear people defending their decision and say they will still buy their products. It does not matter if you use linux or not. This is not an honest mistake and I will never buy a lenovo product in my life. I will not sit here and defend them or try to associate with them and defend their incompetence/ignorance/maliciousness.
To me, the software that comes installed on a laptop is as relevant as the "special offer on peripherals and laptop bags" pamphlets in the box; immediately discarded without a look.
It's the hardware that counts and to date Dell and Lenovo have been pretty consistent in offering solid corporate hardware.
So personally I would buy Lenovo hardware particularly if payments made to them for including the irrelevant crap actually knocks a few dollars off the retail price!
ThinkPads rock(ed). The current generations (post 20, i.e. W520) have started to deteriorate in what I'd call developer friendliness (still need to pass a special boot line parameter to the kernel to get the system to boot up properly with the dedicated nvidia GPU) as they've changed the keyboard and mouse buttons (no longer 3 above the trackpad and 2 below, only 3 above) and trackpad itself. + quality issues with the modern models and the build feels weak compared to, e.g., the T61.
25 comments
[ 2.0 ms ] story [ 63.8 ms ] threadThe matter of supporting them in this behavior gives me pause, though.
I really do think there is a niche for linux compatible bare bones laptops. I know that some companies make them, but most are of low quality. Maybe Dell will come out with more options in the future.
But to answer your question, I would buy again, but would choose a competitor over them if all other things were equal.
Unfortunately preloading of software with (to put it mildly) limited usefulness is epidemic in the whole industry, and we also learned that Superfish is only one of many products built with the "Komodia MITM toolkit"! So, I really see this as one outlier in a crappy business. This could have happened to every laptop manufacturer that has crapware in their default-install. Which is every single of them.
Lenovo's CTO stated, "We're not trying to get into an argument with the security guys. They're dealing with theoretical concerns." If the CTO and the department that's responsible for choosing the default software are both "completely separate" from everyone at Lenovo who has a clue about security, what does that say about Lenovo?
❝In general, we get pretty good feedback from users on what software we pre-install on computers.❞
And yes, I'm pretty sure that security in third party software is at most an afterthought. Security holes hardly every are as blatant as the one created here, and my guess is that the normal process is to "just get an update from the vendor, should any security holes become apparent."
With the constant change of bundled software, do you really think that a thorough security review takes place? I'm very sure that this will only be done on the utilities, tools and drivers that are built to operate on a much broader range of devices (e.g. the ugly "battery icon" power manager blemishing most Lenovo PCs' taskbars), will also be installed by "enterprise"-customers, and generally are maintained over longer time periods.
The decision on including crapware certainly is done somewhere in marketing, and then just passed on to whoever has to build the default image.
I don't think it was malicious intent by Lenovo to install adware on user's computers, rather, they were negligent to the fact they were dealing with an incompetent software vendor.
I wouldn't hesitate to buy another Lenovo.
Was Lenovo's repeated downplaying of the problem also just negligence?
How do you reach this conclusion?
1) komodia.com/about doesn't have any geographic information on it.
2) Their whois entry says Israel, but is (deliberately?) misleading. Is that phone number real?
Registrant Phone: +00.6142772739 The leading digits "614" don't match the calling code for Israel which is 972, nor any Palo Alto area code. Instead it's Columbus, Ohio?
3) It's hard to be sure what was recently on their website, because of a claimed DDOS. But archive.org still has some old info https://web.archive.org/web/20150220024525/http://www.komodi... which points to a PO Box in Israel, and gives a phone number with an Israel calling code.
It's the hardware that counts and to date Dell and Lenovo have been pretty consistent in offering solid corporate hardware.
So personally I would buy Lenovo hardware particularly if payments made to them for including the irrelevant crap actually knocks a few dollars off the retail price!
* Good Linux support.
* Good price / performance ratio.
* Trackpoint.
Note that I only look at T series. The corporate-oriented T and X series were not affected with Superfish at all.
So, to be honest, I'm not sure.