Lenovo caught using rootkit like techniques to install bloatware on laptops

Bad Lenovo. Bad bad bad Lenovo.

If you are like me the first thing you would probably do after buying a new laptop is to format it to base vanilla Windows image. All manufacturers be it Samsung, Lenovo or anyone else pre-installs loads of bloatware crap on their factory built laptops which either degrades the whole laptop performance or turns into a major nagging annoyance asking users to buy licenses of anti viruses and what not.

Some users while doing this on their Lenovos noticed that somehow Lenovo’s pre-installed crapware kept coming back even after a clean install. Just to be clear these guys weren’t using Lenovo’s recovery images and such media. They were using native vanilla Windows OS images produced by Microsoft. Yet no matter how many times they repeated the whole format, install cycle the crapware kept coming back.

How’s that even possible!?

Turns out Lenovo was (is?) using a rootkit like mechanism to sneak this bloatware back onto the laptop irrespective of what you were doing with it. Lenovo was using a Windows feature called Platform Binary Table (WPBT). This feature is provided to the OEMs such as Lenovo so that they can use it to install trusted software that is necessary for the system to run properly. This software is stored on a physical medium inside the machine for e.g. in a hidden partition on an SSD or HDD and…..Windows is instructed to install it automatically!

One and only one piece of software can be published this way and instead of using something critical for the system to properly run on Lenovo opted to deliver an executable that would constantly nag the users to install the other bloatware that is now missing.

Just so I am clear here Lenovo isn’t the first company to have used WPBT but they are the first company to have been caught misusing WPBT this particular way.

Microsoft’s official guidelines on WPBT states taht users should have a way to opt out the WPBT feature however on Lenovo’s systems there is no way users can do that. Well at least not easily. There is a rather convoluted way to do that as explained here but you run the risk of bricking your system so ONLY do that if you really really know what you are doing.

Leave a Comment

Your email address will not be published.

2 Trackbacks