Lenovo: researchers find 'massive security risk'

It seems from the article that the best way to handle this is to uninstall all the trash that comes with a new computer (or hell, reinstall windows from scratch). Do I need Lenovo's power management tools? No. Do I need its Wifi connection manager? No. Windows has all this stuff already and it works really, really well.

Lenovo has, for years, been banned from US government use. They even have a patent on recovering TPM keys (<a href="http:&#x2F;&#x2F;www.google.com&#x2F;patents&#x2F;US8908867" rel="nofollow">http:&#x2F;&#x2F;www.google.com&#x2F;patents&#x2F;US8908867</a>).<p>It is well known (via Snowden) that the US installs backdoors into US hardware and software for export to China, and it has for at least 15 years warned about the same from imports.<p>So none of this is particularly new. What is new is that the US is now moving against China on all fronts to prevent it from acquiring superpower status - to isolate it economically and politically, to block its trade and international investment programs, and to increase the risk of its using its military (with the second largest funding of any nation) to project power lawfully in the Asia Pacific.<p>So these articles come at a good time for the US.<p>You should not trust pretty much any hardware - recent revelations have shown that products come with backdoors; that is the article does not establish the absence of &#x27;security flaws&#x27; by other manufacturers.

I&#x27;ve had a bunch of Lenovo Thinkpads. Each time, the first thing I do is wipe it and install Linux.

&gt; The other two flaws would allow attackers to gain a greater level of control over a system than they should have.<p>What level of control should an attacker have ?

Kind of crappy title, and mostly old news.<p>Should be : Researchers: Lenovo computers contain &#x27;massive security risk&#x27;

So I feel like I missed a memo. Is there a list &#x2F; primer on what we do and do not know about hardware backdoors, firmware backdoors and software backdoors?<p>This bothers me - a16z podcast also threw up a reference to &quot;200 security hygiene&quot; functions - keeping patches up to date and encryption at rest. But Incan only get to about ten.<p>Is there an appendix in SysAdmin &#x2F; oReilly I should read or do I have to watch all the CEF notifications and work backwards to what preventative action Inshould stick in my sh file.<p>It&#x27;s a serious question - I just don&#x27;t feel I know what is dangerous out there anymore let alone have it automated.

I have a Lenovo ThinkPad, if I blow away the stock version of Windows 8 I&#x27;m currently running with an incoming Windows 10, will that blow away all the Lenovo bloatware?

<a href="https:&#x2F;&#x2F;support.lenovo.com&#x2F;us&#x2F;en&#x2F;product_security&#x2F;lsu_privilege" rel="nofollow">https:&#x2F;&#x2F;support.lenovo.com&#x2F;us&#x2F;en&#x2F;product_security&#x2F;lsu_privil...</a><p>If this is considered &quot;Medium&quot; Severity, how bad would it have to be to become High?

Yet another reason to wipe the drive on a new computer and just install Linux...

I really don&#x27;t think a privesc vulnerability on Windows can be considered a &quot;massive security risk&quot; at this point.