[autoexec]

> reading & commenting from an old ThinkPad running OpenBSD

How old? IBM Thinkpads were often decent enough that I'd pick one up if I saw a good deal, but Lenovo makes them now and they've got a long history of pre-installing malware and backdoors in their products (often in exchange for money). It's a shame, because I hear they play very well with linux.

I'm not sure a Lenovo device would be any safer than the latest processors

[caned]

> they've got a long history of pre-installing malware and backdoors in their products (often in exchange for money)

Source for this?

[jamesy0ung]

Superfish, https://support.lenovo.com/us/en/product_security/ps500035-s...

[midasuni]

That looks like some windows malware. All OeMs bundle that sort of stuff in windows, I think Microsoft does too.

[autoexec]

Pretty much all OEMs preinstall adware. Microsoft infects their own OS with crapware.

They don't all ship with malware infested UEFI so that even reinstalling your OS won't remove the bloatware they installed. Also Lenovo has, multiple times now, installed adware on systems that seriously compromised the security of the user and/or the device.

Adware is bad, remote code execution is much worse.

[midasuni]

For what I read superfish is some crap spyware with a root certificate that’s wiped the minute you boot the machine from your usb install disk.

Any luck is to uefi based malware?

(Personally I prefer a nice old fashioned bios)

[autoexec]

I'd start here: https://en.wikipedia.org/wiki/Lenovo#Security_and_privacy_in...

Superfish was bad enough, but once the public became aware that the malware existed and was so insecure that it made their devices vulnerable to be hacked Lenovo provided people with a fix to remove the malware, but it left the security vulnerability that the malware introduced to the system in place leaving everyone to think they solved the problem when they were still vulnerable. People had to track down news articles and social media posts for information on how to correct the problem until Lenovo updated their instructions. (https://arstechnica.com/information-technology/2015/02/how-t...)

Further reading: https://www.eset.com/int/about/newsroom/press-releases/resea...

https://www.osnews.com/story/30736/lenovo-companies-working-...

https://news.ycombinator.com/item?id=18025645

https://www.theregister.com/2022/07/14/lenovo_uefi_vuln/

https://www.bleepingcomputer.com/news/security/lenovo-discov...

https://wccftech.com/lenovo-fingerprint-scanner-hardcoded-pa...

https://grahamcluley.com/lenovo-used-12345678-hard-coded-pas...