[architect64]

For what it's worth, the Superfish and LSE BIOS scandals didn't apply to ThinkPads. I think Lenovo understands that they have too many serious business and gov clients using ThinkPads to risk doing something silly like that to their professional-grade ThinkPad brand.

[RaleyField]

> For what it's worth

Not much in my book. The problem isn't Superfish, the problem is leadership that allowed it.

[Stratoscope]

ThinkPad is under rather different leadership from Lenovo's consumer division that had the Superfish debacle on IdeaPads and the like. Sure, they are part of one corporation at the very top, but you don't have to go very far down the org chart before they split into separate teams and leadership.

ThinkPad is from the old IBM teams in Raleigh and Yamato. Lenovo made their own laptops before buying IBM's personal computer division, and that line (and its management) became IdeaPad.

If you're troubled by leadership that would allow Superfish (as I am), buy a ThinkPad, not an IdeaPad.

Previous discussion:

https://news.ycombinator.com/item?id=20240533

[lone_haxx0r]

I shouldn't have to learn about the internal structure of a company in order to buy a laptop without malware.

Maybe Lenovo should have thought about their internal structure and their brand reputation before installing malware on their laptops, or maybe not (because they don't care about clients like me, they care about the 90% of bosses that buy bulks of Thinkpads and don't know what firmware is). But anyway, it wasn't a rogue engineer who did it, it was Lenovo, and in my eyes: Lenovo ships malware.

[Stratoscope]

Of course it's up to you to decide what computer to buy or not to buy, based on whatever criteria you see fit.

But I don't think you're doing yourself a favor by ruling out ThinkPads just because of a boneheaded decision that Lenovo's consumer division made a few years ago. ThinkPad and IdeaPad really are two separate organizations under one corporate umbrella.

Superfish was not something handed down from on high, it was the bright idea of the consumer group. The ThinkPad team would never go along with something like that; it's not in their DNA and it would destroy their business. Their bread and butter isn't you and me, it's large organizations with IT and security departments who deploy hundreds of ThinkPads at a time and look very closely at the software on them.

Only offering food for thought, it's cool with me whether you buy ThinkPads or something else. :-)

[patrick5415]

Personally, I agree with the op. If we want to send a message that malware in our BIOSs is absolutely unacceptable, it makes zero sense to give Lenovo any business.

[Stratoscope]

I don't see how boycotting ThinkPads sends a message that BIOS malware is unacceptable. ThinkPads never had that, and never would.

Anyway, I don't usually buy or not buy a computer to send a message. I buy one because it meets my business and personal needs. I've been using ThinkPads for over 20 years, and they have served me very well.

You may choose differently, and of course that's fine.

[zeveb]

> I think Lenovo understands that they have too many serious business and gov clients using ThinkPads to risk doing something silly like that to their professional-grade ThinkPad brand.

I think that they rely on their A team to develop the malware targetting business and government clients, rather than the C team responsible for Superfish.