Most computers that ship with Windows also ship with some third-party software installed by the PC maker. Some of that software can be useful, including drivers for touchpads, cameras, wireless cards, and other hardware. Some is less useful, including pre-installed free trial security or office software.
You’d think that one way to get rid of all those apps would be to completely re-install Windows. But if you have a recent Lenovo laptop, that might not be enough: because as some users have noticed, Lenovo included a tool in the BIOS on many of its laptops that automatically replaces a Windows system file and causes the computers to download Lenovo’s software.
Don’t like the idea of Lenovo hijacking you clean install of Windows? There’s an optional update that disables the service.
Theoretically, Lenovo’s software could provide a way to make sure your computer has all the software it needs to run properly. Microsoft allows PC makers to do this sort of thing.
So why is Lenovo letting users disable the service? Because it’s also been identified as the source of a security vulnerability, since it opens the door for someone to install malware on your computer.
Lenovo says affected computers include a number of systems that have shipped with Windows 7, Windows 8.1 and Windows 10 software including the Flex 2 Pro, Flex 3 11, Flex 3 14, IdeaPad S21e, Yoga 3 11, Yoga 3 14, and others.
It’s worth noting that Lenovo could have opted to patch the security vulnerability and continued replacing Microsoft’s updater with its own software. But instead the company chose to issue a patch that disables the process altogether.
Maybe the company really did learn something from the Superfish debacle earlier this year.