Some Lenovo PCs reload software even with a clean Windows install, but there is a fix

Lenovo has been found to be installing software on their Windows PCs that cannot be removed by their users unless they download a special patch and tool. The software is automatically downloaded on those systems even if their owners perform a clean install of Windows.

Here's the summary of what those affected Lenovo PCs have been downloading and why, as reported by The Next Web:

"The mechanism triggering this is called the Lenovo Service Engine, which downloads a program called OneKey Optimizer used for "enhancing PC performance by updating firmware, drivers and pre-installed apps as well as "scanning junk files and find factors that influence system performance."

Lenovo used the "Windows Platform Binary Table" developed by Microsoft, to deliver its software on its PCs. It's designed to send and install software from the BIOS to the system and will stick around even with a clean install of Windows.

As it turns out, Lenovo was apparently aware of a "security vulnerability" earlier in 2015 in its Lenovo Service Engine after it was alerted by a researcher. It has since released a BIOS update to disable the service engine, along with a software tool designed to remove any services and files sent via that engine. The files are available for Lenovo notebooks as well as the company's desktops. A list of affected Lenovo PCs are available at both download sites. Lenovo added that the service engine is no longer being installed on the company's new PCs.

From the Lenovo Press Release on the issue:

"The vulnerability was linked to the way Lenovo utilized a Microsoft Windows mechanism in a feature found in its BIOS firmware called Lenovo Service Engine (LSE) that was installed in some Lenovo consumer PCs. Think-brand PCs are unaffected. Along with this security researcher, Lenovo and Microsoft have discovered possible ways this program could be exploited in the Lenovo Notebook implementation by an attacker, including a buffer overflow attack and an attempted connection to a Lenovo test server.""As a result of these findings, Microsoft recently released updated security guidelines (see page 10 of this linked PDF) on how to best implement this Windows BIOS feature. Lenovo's use of LSE was not consistent with these new guidelines. As a result, LSE is no longer being installed on Lenovo systems. It is strongly recommended that customers update their systems with the new BIOS firmware which disables and or removes this feature."

Lenovo specifically mentions that the "software does not come loaded on any Think-branded PCs."

This is the second time this year Lenovo has been found to have installed software on their PCs without previously informing their customers. In the fall of 2014, the company pre-installed the Superfish software on some of its notebooks. Users later discovered the application placed third-party ads on Google search results and other websites, and also used a root certificate that was quickly cracked by security researchers. After this was revealed to the public in 2015, Lenovo apologized and offered PC owners with the Superfish program a way to delete both the software and the certificate.

Source: The Next Web

John Callaham