Lenovo used a hidden Windows feature to ensure its software could not be deleted

Discussion in 'other security issues & news' started by BoerenkoolMetWorst, Aug 12, 2015.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,767
    Location:
    Outer space
    http://thenextweb.com/insider/2015/...-to-ensure-its-software-could-not-be-deleted/
     
  2. PallMall

    PallMall Guest

    On the way to means of checking autochk.exe ... BIOS, the core. This is getting terrifying. Starting the point a formatted driver may not be truly formatted is frightening. And it is actually initiated by manufacturers themselves, for noble reasons perhaps but remains the techique which, once again, demonstrates that today's evil is not that we've known by the past, honest evil in a way, frank, straightforward. No: nowadays vice dresses up with virtue in order to bypass ethics by pseudo-ethics induced. We are in a dialectical world more than ever. To be and to look, to be or not to be. Virtual world.

    I am he as you are he as you are me
    And we are all together


    Funnier even with mirrors. Mankind is indeed strange.
     
  3. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,875
    Location:
    Australia
  5. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    Lenovo have released LSE WINDOWS DISABLER TOOL to disable the Lenovo Service Engine.
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    My system isn't listed as supported on Lenovo's site. How do I check if I have it & how to remove/fix/replace/disable it?
     
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    @zapjb If it's not listed then I don't think your system would have the issue. However, you can still run the LSE Windows Disabler Tool to be on the safe side.
     
  8. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    That's the thing the tool wouldn't run. I have a G780 & I want to be able to scan for it's absence or presence.
     
  9. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    It ran fine on my T400, which I knew didn't suffer from the issue, but I ran it just to test it. It opened a command window while it attempted to do the fix.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Since I only have bought the "Thinkpad" series I was glad to see they did do that stuff on those machines.
     
  12. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Ok I reread the readme.txt followed the instructions & restarted.

    ----------------------------------------------------------------------
    INSTALLATION INSTRUCTIONS
    ----------------------------------------------------------------------

    For Windows 7 in any mode, or Windows 8, Windows 8.1 and Windows 10 installed in legacy mode:
    1. Please update your system to run at the latest level BIOS. The systems listed below need to be running at or above the following BIOS versions:
    System Name BIOS Version
    Flex 2 Pro-15/Edge 15 (Broadwell) A9CN46WW
    Flex 2 Pro-15/Edge 15 (Haswell) B9CN17WW
    Flex 3-1470/1570 BDCN30WW
    Flex 3-1120 C0CN25WW
    G40-80/G50-80/G50-80 Touch/V3000 B0CN75WW
    S21e C4CN14WW(V1.04)
    S41-70/U41-70 BDCN30WW
    S435/M40-35 BBCN15WW(V1.06)
    Yoga3 14 BACN33WW
    Z70-80 / G70-80 ABCN75WW
    Yoga 3 11 B8CN30WW(V2.0:cool:
    Y40-80 B5CN36WW(V2.02)
    Z41-70/Z51-70 C2CN18WW(V1.04)

    2. Run the lenovo-lse-disabler.exe file as an administrator. A command line window will pop up, stay for approximately 30 seconds and then close automatically.
    3. Restart your PC

    For Windows 8, 8.1 and 10
    If the user is running Windows in UEFI mode:
    1. Run the lenovo-lse-disabler.exe file as an administrator. A command line window will pop up, stay for approximately 30 seconds and then close automatically.
    2. Restart your PC




    After restart - nada. No indication if my system was affected & if it was, was it disabled? I want to know.
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I am pretty sure you just made a typo here! For those that may get confused:

    The website states that NO THINK-brand equipment came with that software. e.g. - no Thinkpad laptops!
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Are not the Thinkpads THINK brand equipment?
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I think it's quite obvious by now that it's quite a bad idea to buy a Lenovo.
     
  16. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    The thing that is really scary here is that this bios rootkit technique is something that is actually supported by windows with a feature called Windows Platform Binary table.
    http://download.microsoft.com/downl...27CF905A80/windows-platform-binary-table.docx

    It's an ACPI data table that could, potentially reside, if they wanted to, in any laptop maker bios :eek:
    So microsoft is as guilty as any crooked laptop maker that uses this #¤&%#¤% thing in their bios.

    There are some tools that can read bios ACPI tables like RWEverything (http://rweverything.com) and try to find if there is WPBT acpi table.
    If the thing is found then it's time to get new laptop or maybe, if possible, try to find alternative bios firmware to flash it (could be impossible, depending of laptop)
     
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    If your computer was not listed on the download page, and you didn't have the OneKey Optimizer software install on your computer, you haven't have been affected.

    It will have been disabled if you ran that fix. If you weren't affected then al that will happen is that the (already clean) autochk.exe file will be repalced with another clean copy.
     
  18. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Since I image & backup. I did not reinstall OneKey Recovery [not OneKey Optimizer] after a fresh retail copy 7x64 pro. OneKey Optimizer is not available on model G780 nor 3rd gen i CPUs.

    Could you link to Lenovo's statement, of your summation "....and you didn't have the OneKey Optimizer software install on your computer, you haven't have been affected."? Thanks
     
  19. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    @zapjb I haven't got any links, it's just a logical conclusion. If you haven't got OneKey Optimizer installed, you won't have the issue, because as the article in the top post explains, if you are affected, OneKey Optimizer will be downloaded and install automatically.

    In my case, since I'm not affected, I had to download and install OnyKey Optimizer myself.
     
  20. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    @roger_m Thanks I missed or skipped that article. Doh! My G780 is aok. Thanks.
     
  21. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    @roger_m,
    Post #5 linked to Lenovo blurb and shows some files they will remove
    C:\windows\system32\wpbbin.exe
    C:\windows\system32\LenovoUpdate.exe
    C:\windows\system32\LenovoCheck.exe
    I didn't run the LSE disabler, never had that OneKey thing, and on T430s Thinkpad, I don't have those files. So I guess not being in the list and not seeing the files is sufficient. Right?
     
  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    @act8192 ThinkPads are not affected.
     
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
  24. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Some news - good or bad - about Lenovo pc ?
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
Loading...