甚麼!?買 Lenovo 電腦還會附送廣告軟體

過新年買新電腦好像是一件不錯的事情,而且現在買入電腦有可能附送廣告軟體呢!有使用者在 Lenovo 官方討論區中發文指出電腦會在搜尋結果中摻有經贊助的連結(就像電腦感染廣告軟體或間諜軟體一樣),它們包括 Kelley Blue Book 和 JetBlue 等跟搜尋關鍵字不相關的東西。Facebook 工程師 Mike Shaver 就為以上奇怪現象找到了答案。這似乎跟預載軟體 Superfish 有關,它是一個中間人憑證(Man-in-the-middle),可讓外來者窺視使用者可能到訪的安全網頁(例如銀行網站)。

而有關電腦的製造商 Lenovo 承認了是他們在上月底起安裝到旗下的產品(包括被使用者發現有問題的 G40、Y40 和 Z50),並發出聲明指已經暫時從新出貨的產品中移除該軟體,直至 Superfish 的開發者能釋出可解決事件的更新。Lenovo 的這種行為已經超越 OEM 為使用者預載軟體的範疇,而是把有潛在問題的軟體放進產品中。The Next Web 更指有防毒軟體把 Superfish 定義為病毒,並建議移除。對於載有這類有問題的軟體,網民當時不會坐視不管,已經有影片教導其他使用者移除有關軟體呢。
http://chinese.engadget.com/2015 ... xtlnkusaolp00000595

Lenovo taken to task over 'malicious' adware

本帖最後由 toylet 於 2015-2-20 00:11 編輯

Source: http://www.bbc.com/news/technology-31533028

Computer maker Lenovo has been forced to remove hidden adware that it was shipping on its laptops and PCs after users expressed anger.

The adware - dubbed Superfish - was potentially compromising their security, said experts.

The hidden software was also injecting adverts on to browsers using techniques more akin to malware, they added.

Lenovo faces questions about why and for how long it was pre-installed on machines - and what data was collected.

The company told the BBC in a statement: "Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in the market from activating Superfish.
Complaining

"Superfish was preloaded on to a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."

Users began complaining about Superfish in Lenovo's forums in September.

Last month, forum administrator Mark Hopkins told users that "due to some issues (browser pop up behaviour, for example)", the company had "temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues".

He added it had requested that Superfish issue an auto-update for "units already in market".

Screen grab of how Superfish issues certificates Was Superfish given permission to issue its own certificates?

Superfish was designed to help users find products by visually analysing images on the web to find the cheapest ones.

Such adware is widely regarded in the industry as a form of malware because of the way it interacts with a person's laptop or PC.

Security expert Prof Alan Woodward said: "It is annoying. It is not acceptable. It pops up adverts that you never asked for. It is like Google on steroids.

"This bit of software is particularly naughty. People have shown that it can basically intercept everything and it could be really misused."

According to security experts, it appears that Lenovo had given Superfish permission to issue its own certificates, allowing it to collect data over secure web connections, known in malware parlance as a man-in-the-middle attack.

"If someone went to, say, the Bank of America then Superfish would issue its own certificate pretending to be the Bank of America and intercept whatever you are sending back and forth," said Prof Woodward.

Ken Westin, senior analyst at security company Tripwire, agreed: "If the findings are true and Lenovo is installing their own self-signed certificates, they have not only betrayed their customers' trust, but also put them at increased risk."
Clean install

Although Lenovo has said that it has removed Superfish from new machines and disabled it from others, it was unclear what the situation would be for machines where it had already been activated.

Prof Woodward said: "Lenovo is being very coy about this but it needs to explain how long it has been doing this, what the scale is and where all the data it has collected is being stored.

"There will be remnants of it left on machines and Lenovo does not ship the disks that allow people to do a clean install."

It raises wider questions about the deals that computer manufacturers do with third parties and the amount of software that comes pre-installed on machines.

Mr Westin said: "With increasingly security and privacy-conscious buyers, laptop and mobile phone manufacturers may well be doing themselves a disservice by seeking outdated advertising based monetisation strategies."

Users were particularly angry that they had not been told about the adware.

One Lenovo forum user said: "It's not like they stuck it on the flier saying... we install adware on our computers so we can profit from our customers by using hidden software.

"However, I now know this. I now will not buy any Lenovo laptop again."

The problem also caused a storm on Twitter, where both Lenovo and Superfish were among the most popular discussion topics.

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

強國貨本色

TOP

我部yoga table 2 win8 好彩沒事
沒發現超級魚的存在

TOP

大陸....垃HI圾

TOP

本帖最後由 takayo72 於 2015-2-21 07:06 編輯

幾年前有一單,強國barcode scanner 都有植入後門

http://www.tomsguide.com/us/chinese-barcode-scanner-spyware,news-19157.html

TOP

我一直買NOTEBOOK都會 REINSTALL ...再DL DRIVER...

TOP

聯想技術唔夠, 無奈只能係軟件入手
老美直接從硬件入手, 你洗機再裝都一樣爆你後門

TOP

E+既Len記都本是垃圾,係d大公司用佢

TOP