Windows Update: Lenovo scandal, Microsoft’s finest hour

Lenovo found itself caught up in a major scandal with its computers over the past few days. It turns out they had been installing malware on their CONSUMER GRADE desktops and laptops for a few years. The name of the suspicious software was known as Superfish (might as well have called it SuperPhish). This software was particularly nasty. The problem would have only been half as bad if Superfish was simply a program that generated ads for you based on your habits. So for example, an ad-ware program could see that you were shopping for linens on and bath rugs on; it gives you ads from Bed Bath and Beyond. That’s a bit sneaky and other companies may do the same thing (even websites do it without any software installed on your computer). This kind of problem can be remedied easily. We can install an ad-blocker or remove the offending program installed by the manufacturer.

Lenovo crossed the line because Superfish actually installed a security certificate on the offending computers. We use security certificates all the time and don’t even know it. When you log into your online banking or any other secure website; their security certificate is verified against a security certificate stored on your computer (in layman’s terms). If the security certificates cannot “handshake” — you will get a warning on your computer. Those traditional warning mechanisms would have never stopped Superfish because it had it’s own phony certificate already installed.

There is some good news in all of this. This bit of trickery only applied to Lenovo’s CONSUMER GRADE system and not the BUSINESS CLASS models I have recommended to you. I have only recommended Lenovo’s Think products, which includes their Think Centre desktops and Thinkpad laptops. I still believe that they are some of the best models available, however I have to do a “shame on you Lenovo” and give them a couple of demerits here. I will now recommend Lenovo’s Think line AFTER Dell and HP  in my conversations with customers for however long it takes until I feel comfortable. Previously, I had recommended Lenovo above Dell and HP. This ordeal will also make me emphasize PC’s from the Microsoft Store a viable option. The Microsoft Store sells Dell, HP, Lenovo, and other brands through its Microsoft Signature program. These PC’s have no crap software installed; this is what the Signature program is all about. If a customer wanted a Lenovo tomorrow, I would have no reservation about picking one out directly from Microsoft (instead of through Lenovo).

Today was also Microsoft’s finest hour. Windows 8 and later (including Windows 8.1) ships with a built in anti-virus called Windows Defender. Windows Defender received an automatic update today and was instantly able to remove the Lenovo Superfish malware. You would not have gotten this benefit if you were on Windows 7. Even if you were on Windows 8, you would have not been the beneficiary of the Windows Defender update if you were using another anti-virus. Over the next couple of days, I am sure all of the major ant-virus programs will be updated to remove Superfish. Lenovo also posted a tool for removal. There are also manual instructions as well. I praise Microsoft for their “Apple like” security move here. There is no point in upgrading to Windows 8.1 today if you are on Windows 7. However, I am recommending that everyone upgrade to Windows 10 when it comes out. Windows 10 will also ship with Windows Defender pre-installed. All of you will have a year to upgrade to 10 for free when it comes out in a few months. Unless you have a good reason (a specific feature) for keeping your paid anti-virus program, and trust me there may be some good reasons, I would recommend that you just stick with Windows Defender when you upgrade to (or buy a new computer with) Windows 10.