The recent fiasco involving Lenovo and what has come to be known as Superfish that amongst other things performs a MiTM attack on TLS encrypted HTTP traffic so that it can still insert advertisments into encrypted pages.
The story broke on Feb 18 when major tech sites and even mainstream media began speaking of a security issue affecting recent laptops from Chinese vendor Lenovo. Given the large amount of negative publicity the company has reacted quite swiftly an has even provided a list of affected laptops and portables along with an easy to use Superfish removal tool. LastPass has a third party tool which will quickly identify the presence of Superfish on your machine. Given that it does not actively hide its presence, there are likely far more straightforward ways to identify the presence of the malware.
Of course this isn’t the first time OEMs have saddled their customers with preinstalled junk that is either annoying or worse compromises the confidentiality of any data on that machine. An excellent example would be the multiple vendors who include a variety of Popcap games which include the perennially problematic OpenCandy advertising engine and trial copies of software that you have no realistic chance of ever requiring let alone purchasing on a whim.
I have a big problem with Microsoft Windows, particularly 8x so any time I purchase a new machine I typically do the following:
- Boot the machine, skipping the sysprep/OOBE screens so that i may enter Device Manager and note down the hardware within the machine (generally done only if the unit’s manual does not list full specifications and there is no reliable information online).
- Reboot whilst pressing the boot selection hotkey so that I can boot the clonezilla DVD, which is relatively lightweight and includes the tools we need. Obviously you could substitute any similarly equipped Linux, *BSD or Solaris live CD/DVD.
- Using hdparm(8) a master password is set on the HDD and if the disk appears frozen, the power connector is temporarily disconnected. An ATA SECURE ERASE (enhanced) is then executed. This ensures that there is no chance of any data remanence (particularly important if your new PC is ex-display and there have been myriad of people playing with it in the store).
- Following the conclusion of the ATA SECURE ERASE command, smartctl(8) is used to run a long self-test and the outcome of this is noted.
- I go ahead with the installation of FreeBSD or Debian Linux.