← Back to context

Comment by eatingCake

4 years ago

I would like to get a thinkpad, but I'm not sure Lenovo can be trusted any more than Apple can, especially since Apple atleast pretends to care about customer security.

https://slate.com/technology/2015/02/lenovo-superfish-scanda...

Lenovo is junk for anything but business class laptops. That the thinkpads X P W and T. The rest is the disposable, unrepairable, bloated junk you’d expect from consumer level products.

  • "Disposable, unrepairable, bloated junk" describes pretty much all non-business laptops these days. I don't think Lenovo is special (and the Yoga often reviews as "good for the price")

  • Seems like I am working since four years now on my junk Lenovo Yoga 13 under Manjaro and didn't realize that.

    • Don’t feel bad, Lenovo intentionally blurs the line by calling everything a thinkpad. But they’re not all the same.

  • I work with thousands of their business class Thinkpads and they are also junk. They seem made for corporations to just churn through. I see harware/bios bugs that carry through generations.

    • Could be. I stopped at the 2011 and 2013 variants. Still powerful enough for me, cheap to repair, and the intel me can be entirely erased/corebooted. I don’t know about the more recent business class TP.

Well, if you immediately overwrite the hard drive of the machine with some Linux variant (as I think the GP implie), I think it will solve a lot of problems like this from any manufacturer.

  • No it doesn’t. If memory serves, Lenovo rootkits have been in the UEFI firmware which auto-install hooks into the OS after boot.

    Linux is not magically immune to this attack. One could argue it is more susceptible than other OS due to lack of binary signature checks on executables at runtime (at least by default).

That would be a worry. At least the people using Apple cares and tell you. And observe them very closely.