Lenovo begs users to uninstall its very own software program due to big protection flaws

Closing yr, protection researchers determined Lenovo was shipping laptops with the worst safety flaw for the reason that notorious Sony rootkit debacle of 2005. Lenovo to start with promised that it would avoid shipping all such programs with home windows 10, and declared it’d make adjustments to its own evaluation process to make sure it most effective shipped cleanser, safer pcs (Emphasis original).

Lenovo

It hasn’t taken the company very lengthy to interrupt that promise. Lenovo has released a high priority security replace, informing users that one application it ships, the Lenovo software Accelerator, has a essential flaw. The notification states:

A vulnerability was identified within the Lenovo Accelerator software software that can lead to exploitation by using an attacker with man-in-the-center capabilities. The vulnerability is living inside the update mechanism in which a Lenovo server is queried to become aware of if software updates are to be had.

The Lenovo Accelerator utility is used to speed up the launch of Lenovo applications and become installed in some purchaser notebook and laptop systems preloaded with the home windows 10 running machine. Lenovo is calling for users to put off the software as a result of a Duo Labs investigation that found that the update mechanism used within the Lenovo application Accelerator is essentially broken, with no protection towards guy-in-the-middle attacks. It also carries a flaw that permits for arbitrary code execution on the target system .

OEM-vendor-issues

the whole record with the aid of Duo Labs notes that at the same time as one of the Lenovo update retailers was without a doubt hardened in opposition to assaults, the whole loss of security around the other “exemplifies the incoherent mess that is the OEM software atmosphere.”

The file keeps:

Lenovo’s UpdateAgent changed into one of the worst updaters we looked at, offering no safety features whatsoever. Executables and manifests are transmitted in the clean and no code signing assessments are enforced… Lenovo UpdateAgent does now not validate signatures of packages it downloads and executes. No attempts are made to implement the authenticity or writer for executables retrieved by using the updater… Lenovo UpdateAgent does now not make use of TLS for the transmission of the manifest or any finally retrieved executable files. Executables and manifests can easily be modified in transit.

The document additionally notes that Lenovo’s answers center is one of the best updaters from a main OEM. unfortunately, each have been transport out on Lenovo systems for quite some time; Lenovo’s listing of affected systems contains 78 laptop variations (even though a few are in the identical product line) and 39 computers.

Why unmarried out Lenovo?
One factor we need to hit head-on is why we’re specializing in Lenovo whilst every producer had severe flaws. roughly 15 months in the past, Lenovo pledged itself to building cleaner, safer computers. It declared that the ones pcs would be ready for windows 10. It in addition promised to solicit feedback from “our user network and enterprise professionals to ensure we have the right programs and nice consumer enjoy. We view these movements as a starting point. We consider that these steps will make our technology higher, more secure and greater cozy.”

here’s the honestly telling line from Lenovo’s security declaration: The Lenovo Accelerator software became never set up on ThinkPad or ThinkStation devices. In other phrases, it wasn’t mounted at the organisation’s enterprise-elegance product lines; handiest its consumer-elegance lines like Yoga and IdeaPad. That’s exactly the identical protection Lenovo provided with Superfish. remaining 12 months, I stated i would never recommend any other Lenovo system till the agency supplied proof that it had cleaned up its act and stuck its software assessment procedure. The absolutely hardened Lenovo answer center shown above? Lenovo’s personal internet site describes it as: “LSC comes preloaded on systems with windows 7, home windows eight, home windows 8.1 and home windows 10, 32- and sixty four-bit, consisting of ThinkPad, ThinkPad tablet, ThinkCentre and ThinkStation, IdeaCentre, and select IdeaPads. (Emphasis brought).

in case you own a assume-branded commercial enterprise system, Lenovo takes your security critically. in case you don’t, it doesn’t supply a shit. moves speak louder than words, and the fact that the enterprise remains selling substandard software program extra than a yr after it pledged to improve its security is evidence that nothing has modified.

No, the hassle isn’t particular to Lenovo. Acer, Asus, Dell, and HP all want to easy their very own homes and cozy their software, as soon as and for all. commencing customers to attacks through established software need to by no means be considered a cost of doing enterprise. as the Duo record notes, those programs are all considered sincere, given that they arrive directly from the manufacturers themselves, meaning they’re blanketed — even on “Signature” pc versions bought by means of the Microsoft keep. This isn’t only a Lenovo trouble, and the safety file makes that clean. though, Lenovo is the handiest computer business enterprise nevertheless throwing its clients below the bus 15 months after a vital security breach. in case you’re searching out a pc, we nonetheless endorse searching some place else. just due to the fact those flaws aren’t present on suppose-branded structures doesn’t suggest Lenovo ought to be rewarded for delivery substandard client products.

Windows 10 November Update Resets Settings to Re-Enable Data Collection

Several Windows 10 users are complaining that the November update, which Microsoft released last month, has overwritten their previously saved privacy settings. As a result of this, many who had altered telemetry, error reporting, or any other privacy centred feature that come as part of Windows 10, have been re-enabled.

Users have taken it to Reddit to note that after installing Windows 10 on their systems, data collecting features that Microsoft enables by default in the new operating system get re-enabled. Some note that this is because the company is “literally re-installing Windows 10” on their computer as opposed to upgrading it.

“The November (Fall) Update literally reinstalls the entire operating system, which is why program defaults and a lot more end up reverting and disabled things may come back,” the top most popular comment reads. “Yeah, and what’s weird is they removed it from being pre-packaged with the ISO for a clean install. Which is like offering SP1 for Windows 7 but not slipstreaming it into a new build,” another user chimed in.

Some users of a third-party application, which lets users disable all data-harvesting features in Windows 10, have posted screenshots to reaffirm that November update has indeed reverted the settings. Understandably some users who use third-party apps to block automatic Windows updates are also facing a similar issue. A developer discovered that the settings of the application were resetting several times a day.

It is not clear exactly how valid these claims are, but a growing number of complaints do add some weight to it. We’ve reached out to Microsoft for a comment and will update the article when we hear back from them.

Microsoft Will Support Windows 10 Mobile Till January 2018

If you’re planning to purchase a Windows 10 Mobile smartphone or thinking of upgrading your existingWindows Phone handset to the new software version, you should know that Microsoft has committed to support the operating system until 2018.

Over at its product lifecycle page, the company has made available the date till which it plans to offer upgrades and security patches to its mobile operating system. As per which, Windows 10 Mobile for Business, Windows 10 Mobile for Consumer users are covered till January 9, 2018.

For years, Microsoft sold Windows operating system as a product. Windows 10, which it released earlier this year, is a service, however. The company has previously noted that Windows 10 will be the last version of Windows. It will be interesting to see how it goes about Windows 10 Mobile.

“Microsoft will make updates available for the Operating System, including security updates, for a minimum of 24 months after the lifecycle start date. These updates will be incremental, with each update built on the update that preceded it. Customers need to install each update in order to remain supported,” the description reads.

“The distribution of these incremental updates may be controlled by the mobile operator or the phone manufacturer from which you purchased your phone, and installation will require that your phone have any prior updates. Update availability will also vary by country, region, and hardware capabilities.”

As for other versions, Windows Phone 8.1, which the company rolled out last year will be supported till June 24, 2014. Mainstream support for Windows Phone 7.8 ended last year. All Windows Phone 8 handsets are eligible to get Windows Phone 8.1 firmware update. Windows Phone 8.1 handsets with at least 8GB of internal storage will support Windows 10 Mobile.

Media reports this week mentioned January 8, 2019 as the end of support date for Windows 10 Mobile. However, the official page now states it as January 9, 2018, essentially reducing the lifecycle from 36 months to 24 months. It is not known why Microsoft has updated the page.

Pantel Penta T-Pad WS802X Tablet With Windows 10 Launched

Pantel Technologies on Friday launched the Penta T-Pad WS802X tablet in India priced at Rs. 5,499. The new tablet is exclusively available via Homeshop18. The company last month launched the Penta T-Pad WS802Q 3G tablet.

The company’s first Windows 10 tablet, the Penta T-Pad WS802X tablet features 3G network compatibility. It comes with an 8-inch IPS display offering a resolution of 1280×800 pixels. There is an Intel Atom quad-core processor under the hood clocked at 1.3GHz coupled with 1GB of DDR3 RAM and Intel HD Graphics. It also comes with 16GB of inbuilt storage, which is expandable via microSD card (up to 64GB).

As per the listing, the Windows 10 Home-based Penta T-Pad WS802X sports a 2-megapixel rear camera and also houses a 2-megapixel front camera. Apart from 3G, the tablet offers Wi-Fi 802.11b/g/n, Bluetooth, USB OTG, and Micro-USB connectivity options. The tablet is backed by a 4000mAh battery.

Commenting on the launch, Vijender Singh, MD, Pantel Technologies said, “Pantel is proud to launch Penta T-Pad WS802X with Intel and Microsoft in the market. We want our products to reach one and all without compromising on their budget. We also look forward to introduce more innovative and affordable products.”

Looking at the specifications, the Penta T-Pad WS802X features the same specifications like seen in the Penta T-Pad WS802Q 3G tablet. However, the only difference here is that the latter runs on Android, has 8GB of inbuilt storage, features 8-megapixel rear camera, 5-megapixel front camera with flash, and includes voice-calling support. The tablet is priced at Rs. 6,999.

Asus Announces Affordable Windows 10 Convertibles

Asus is having another go at finding the best convergence between tablet and laptop form factors. The Taiwanese computer manufacturer has launched a new convertible device called the Transformer Book T100HA, which runs Windows 10 out of the box. The company has also launched the Transformer Book Flip TP200SA, which as the name suggests can flip 360 degrees around its hinge.

The Asus Transformer Book T100HA is a tablet that comes with a detachable keyboard. In terms of the specifications, the Book T100HA comes equipped with a rather moderate hardware modules. It sports a 10.1-inch display with a 1280×800 resolution at 129 pixels per inch.

It is powered by an Intel Atom x5-Z8500 processor clocked at 2.24GHz. For memory, users have an option to choose between 2GB and 4GB, whereas for storage they can choose between 32GB, 64GB, and 128GB. For operating system too, you can choose between Windows 10 Home and Windows 10 Pro. On the connectivity front, there is a USB Type-C port, a USB 2.0 port, a Micro-USB 2.0 port, a Micro-HDMI port, and a 3.5mm headphone jack.

(Also see: Windows 10 Home vs. Windows 10 Pro: What’s the Difference, and Which One Is for You?)

The Book T100HA comes with 30Whr battery, which as the company claims, could last for 12 hours on a single charge under ‘normal’ usage. There is a keyboard too when you want to use the Book T100HA as a laptop. It connects to the Book T100HA using neodymium magnets. The hybrid comes in tin gray, silk white, aqua blue, and rouge pink colour options. On the camera front, there’s a 2-megapixel front-facing camera, and a 5-megapixel sensor placed at the rear end.

The Asus Transformer Book Flip TP200SA sports an 11.6-inch display of 1366×768 pixels resolution. The display can flip over 360 degrees around its hinge.It is powered by an Intel Pentium N3700 quad-core processor. Users also have a choice to get the device with a Celeron N3050 dual-core chipset. You can have up to 4GB of RAM, and either a 32GB eMMC or 64GB eMMC for internal storage. Alternatively, there is also an option for 128GB SSD drive.

On the connectivity front, you get a USB 3.0 port, a USB 2.0 port, a USB Type-C port, and a Micro-HDMI port. The Book Flip TP200SA runs Windows 10 – though you have the option to decide which edition of Windows 10 it should run. It packs in a 38Whr battery, which can last up to 8 hours on a single charge, the company said. There’s a web camera in there as well.

The Asus Transformer Book T100HA will be available in some regions at a starting price point of $299 (roughly Rs. 19,700). The Book Flip, on the other hand, starts at $349 (roughly Rs. 23,000). There’s no confirmation on their Indian availability as yet.

Windows 10 In China Will Come With Baidu Instead Of Microsoft’s Bing

Windows 10

Microsoft has announced a new partnership for Windows 10 in China, the company will use China’s Baidu in China rather than its own Bing service.

Baidu is very popular in China, so it makes sense for Microsoft to use the company’s services rather than trying to promote Bing in China.

Baidu has over 600 million active users in China, so you can see why Microsoft has partnered with the company for Windows 10.

Together, we will make it easy for Baidu customers to upgrade to Windows 10 and we will deliver a custom experience for customers in China, providing local browsing and search experiences. Baidu.com will become the default homepage and search for the Microsoft Edge browser in Windows 10. Baidu’s new Windows 10 distribution channel, Baidu “Windows 10 Express” will make it easy for Chinese Internet users to download an official Windows 10 experience. Additionally, Baidu will deliver Universal Windows Applications for Search, Video, Cloud and Maps for Windows 10.

Microsoft also said that  they are still committed to developing Bing, but they also mentioned that they are committed to delivering ‘locally relevant experiences – like Baidu in China’.

This is not something the old Microsoft would have done, things are certainly different at Microsoft since their new CEO Satya Nadella took over.