Microsoft Subnet An independent Microsoft community View more

Is Lenovo trying to undo all of its success?

After rocketing to the top spot in PC sales, its bloatware policies are infuriating people.

Lenovo bloatware firmware PCs
Credit: Michael Kan

Lenovo, the Chinese PC giant that bought out IBM's PC business a decade ago and soared to the top of IDC and Gartner's PC sales charts, now seems to be sabotaging its success with increasingly obnoxious bloatware. 

Gartner's most recent figures (Q2) put Lenovo at number one in PC sales, with 13.4 million units sold and 19.7% of the market. HP was number two at 11.9 million units and 17.4% share, and Dell was third with 9.5 million units and 14.0% share.

But it won't stay that way for long. For months now, people have complained about the bloatware in Lenovo products, much more so than any other OEM. This past February the company was taken to task over Superfish, a "visual search" tool that includes adware that fakes the encryption certificates for every HTTPS-protected site you visit.

Now Lenovo has been caught doing something even worse. In 2011, Microsoft added a feature to Windows called Windows Platform Binary Table, which allows computer vendors to store software in a PC’s firmware and inject it into the Windows system files upon startup.

This means the software can't be removed at all because it's in the firmware. Unless the OEM issues a firmware update that removes it, you're stuck with it.

WPBT was supposed to make PCs more secure by allowing OEMs to put in firmware-level security and anti-malware software, where it can't be overwritten or removed. At least Microsoft's head and heart was in the right place.

So guess what Lenovo has done? If you said "Used WPBT to install unwanted crapware," you win a prize. Not sure what it is, though. 

Tech guru Bob Rankin was first to note something going on with the Lenovo Service Engine (LSE) utility, which is built on the WPBT platform and was embedded in the firmware of desktops and laptops manufactured between October 23, 2014 and April 10, 2015. 

LSE behaves differently on Lenovo laptops than it does on desktops, according to Rankin. When a laptop is booted up, LSE copies two files, LenovoUpdate.exe and LenovoCheck.exe, to the \Windows\system32 folder if they don't already exist. These files download drivers, a system optimization utility, and whatever else Lenovo wants to put on your machine. 

And if that's not bad enough, he notes that last February, a Kaspersky Labs security researcher found a buffer-overflow vulnerability in LSE so severe it would allow an attacker to gain administrator-level privileges on any computer with the LSE utility, desktop, or laptop.

Rankin said Lenovo quietly discontinued LSE in April and released two utilities that will uninstall LSE from machines that have it, but it was not pushed out to customers. You have to manually download a fix from Lenovo. He has all the information on his site. 

If this isn't a squandering of consumer goodwill, I don't know what is. Consumers despise bloatware and Lenovo seems to be in a rush to add more of it. You can find many guides on the Net on how to remove Lenovo bloatware, even one from Consumer Reports. It will also anger professional users because their IT departments are trying to keep the PC locked down, and here you have the OEM shoving unwanted software on it that they can't uninstall.

Back when Lenovo was trying to buy out IBM's x86 server business, there was concern in military circles because they were big customers of IBM's x86 products. There was concern that the Chinese military, already so brazen in its attacks on the Pentagon, might hide backdoors or Trojans onto the servers. It was dismissed at the time as paranoia.

Still trust them?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.