ThinkPads never had Superfish nor the Lenovo Service Engine (the Windows Platform Binary Table thing you're referring to).
Of course you're right that Lenovo never should have put those on any of their machines, but my impression is that ThinkPads and the consumer line are run by very different groups within Lenovo.
Unfortunately, even a recent (Aug 2016) new Thinkpad T460p included a Lenovo Windows app that apparently runs daily to send "usage data" to Lenovo. It is easily disabled, but still troubling because most customers will be unaware that it exists.
> As of September 2015: Lenovo systems may include software components that communicate with servers on the internet - All ThinkCentre, All ThinkStation, All ThinkPad
To be fair, if it comes with a preinstalled version of windows you can never really be sure what is on the machine, can you?
I suspect that if a company really wanted to hide something they probably could. So unless you install windows or another OS on it yourself, you don't know what the manufacturer put on it.
I guess it would not be too hard to find in general if it shows up in the list of processes, but they could make it quite obscure and hard to find.
But yeah, I agree that this is quite an annoying move from Lenovo. The least they could do is make it opt-in instead of on by default.
If you are not sure if it has spyware installed, you also do not know what the spyware is doing exactly and it could potentially be worse than what the spyware you know of is doing.
I guess I could argue that the former is actually worse. If you know spyware is installed, you can opt to remove it. If you are not aware of the existance of spyware on the system, and it happens to have spyware, you are more vulnerable.
You could of course take the risk and assume that it does not have spyware, and maybe you're right and everything is fine, but you can not _know_ that it is fine.
That is completely inane. You're telling me that a superset of something is worse than the thing itself, which can only be true if "I know it has no spyware" is worse than "I know it has spyware".
The rest of your comment disingenuously assumes that a computer can only have one piece of spyware, and if you know what it is you can remove it and now you're safe. What if there's more spyware you don't know about? And if your remover is completely safe, why not just run it on all your computers, safe or not?
Not to mention that removing spyware from a computer turns it into a computer that might or might not have spyware.
Lenovo have been repeatedly caught doing this. They have shown that they do not want or plan to have this as an opt-in - instead they are trying to hide it better. It's obvious that it's their strategy, not some one time "mistake". (They put it in BIOS even! (!)).
http://thehackernews.com/2015/09/lenovo-laptop-virus.html
Of course you're right that Lenovo never should have put those on any of their machines, but my impression is that ThinkPads and the consumer line are run by very different groups within Lenovo.
https://support.lenovo.com/us/en/product_security/superfish
https://support.lenovo.com/us/en/product_security/lse_bios_n...