Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Rtp_Theme has a deprecated constructor in /home/gotmopanel/public_html/nikgupta/wp-content/themes/rtpanel/admin/rtp-theme-options.php on line 21

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Rtp_Ogp has a deprecated constructor in /home/gotmopanel/public_html/nikgupta/wp-content/themes/rtpanel/admin/lib/rtp-deprecated.php on line 145
Lenovo caught using rootkit like techniques to install bloatware on laptops | Nik's Blog Lenovo caught using rootkit like techniques to install bloatware on laptops – Nik's Blog

Lenovo caught using rootkit like techniques to install bloatware on laptops

Bad Lenovo. Bad bad bad Lenovo.

If you are like me the first thing you would probably do after buying a new laptop is to format it to base vanilla Windows image. All manufacturers be it Samsung, Lenovo or anyone else pre-installs loads of bloatware crap on their factory built laptops which either degrades the whole laptop performance or turns into a major nagging annoyance asking users to buy licenses of anti viruses and what not.

Some users while doing this on their Lenovos noticed that somehow Lenovo’s pre-installed crapware kept coming back even after a clean install. Just to be clear these guys weren’t using Lenovo’s recovery images and such media. They were using native vanilla Windows OS images produced by Microsoft. Yet no matter how many times they repeated the whole format, install cycle the crapware kept coming back.

How’s that even possible!?

Turns out Lenovo was (is?) using a rootkit like mechanism to sneak this bloatware back onto the laptop irrespective of what you were doing with it. Lenovo was using a Windows feature called Platform Binary Table (WPBT). This feature is provided to the OEMs such as Lenovo so that they can use it to install trusted software that is necessary for the system to run properly. This software is stored on a physical medium inside the machine for e.g. in a hidden partition on an SSD or HDD and…..Windows is instructed to install it automatically!

One and only one piece of software can be published this way and instead of using something critical for the system to properly run on Lenovo opted to deliver an executable that would constantly nag the users to install the other bloatware that is now missing.

Just so I am clear here Lenovo isn’t the first company to have used WPBT but they are the first company to have been caught misusing WPBT this particular way.

Microsoft’s official guidelines on WPBT states taht users should have a way to opt out the WPBT feature however on Lenovo’s systems there is no way users can do that. Well at least not easily. There is a rather convoluted way to do that as explained here but you run the risk of bricking your system so ONLY do that if you really really know what you are doing.

2 Comments

 Add your comment
  1. God dammit. I just want to use my thinkpad. I like thinkpads. They re cheap and durable and have nice keyboards. Why the fuck you gotta do this Lenovo? Why you gotta fuck me like this?

    • ThinkPad line of devices were not using this technique. It was their more direct consumer focused and cheaper options which had this problem. If you are using Thinkpad you are probably OK.

Leave a Comment

Your email address will not be published.