We received the following email from our Lenovo Partner Channel today, discussing the Superfish malware they were pre-installing on some models of residential laptop. 

Dear Valued Partner,

As you may have heard, select Lenovo consumer notebooks shipped after September 2014 included Superfish Visual Discovery software as a shopping aid to customers. Superfish is a TrustE certified third-party software vendor, with offices in Palo Alto, CA.

User feedback on the software was not positive and we received some reports of security concerns.

Please note that Lenovo has NOT loaded this software on any ThinkPad notebooks, nor any desktops, tablets, workstations, servers or smartphones. The only impacted models are the following consumer notebook series: Z-series, Y-Series, U-Series, G-Series, S-Series, Flex-Series, Yoga, Miix and E-Series. If you use any of these Lenovo consumer models in your enterprise, please refer to the Customer Support information below.

While this software does not impact the models typically used by businesses, we wanted to let you know that we take user feedback seriously at Lenovo. We know that millions of people rely on our devices every day, and it is our responsibility to deliver quality, reliability, innovation and security to each and every customer. We make every effort to provide a great user experience for our customers.

We recognize that the Superfish software has caused concern. Lenovo has taken steps to address that concern.


Though we do not condone Lenovo's decision to install suspicious software, we should note that when we run malware scans on new computers from almost any manufacturer, suspicious files and malware-associated bloatware is discovered. It is a good idea to remove unwanted software and/or scan your new devices for malware-associated files when you get it.


InfinIT Technology Group

 

 

 



• 

Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the software is no longer active.

 

 

 

 

• 

Lenovo has stopped preloading the software and will not preload this software again in the future.

 

 

 

 

• 

Lenovo has provided instructions for uninstalling this software and will soon provide a software removal patch.

 

 

 

For more information on this, or for instructions on Superfish software removal, please visit http://support.lenovo.com/us/en/product_security/superfish.

We appreciate your confidence in Lenovo.

A battery problem in some models of Sony VAIO Flipbook PCs can lead to overheating, leading to fire and burn hazards. If you have or know someone with a Flipbook, please advise them to contact Sony immediately.

http://www.cpsc.gov/en/Recalls/2014/Sony-Recalls-VAIO-Flip-PC-Laptops/

Following their recent acquisition of Nest, Google has purchased the company that makes Dropcam, a streaming webcam/security camera and associated Cloud Service.

The Interface is slick and simple, the devices and services are reasonably priced, and there's a lot of peace-of-mind that such an offering can provider.

However, as Extremetech points out, "Just imagine what Google could do with a real-time, high-res video feed of your home. Where the Nest thermostat might give Google some behavioral data — how warm/cold you like the house, your comings and goings — it pales in comparison to Dropcam. With Dropcam, Google would know exactly what you’re up to at any given time. If you’re preparing dinner, Google Now might automatically prompt you with “tips on how to make the perfect souffle.” If you’ve just brought a newborn baby back from the hospital, you might suddenly find lots of Google ads for diapers and strollers. If it hears you shouting at your game console, it might tailor your search results to show some different, less-antagonizing games."

We tend to fall more into the "Google is helpful" rather than the "Google is evil" category, but I have concerns about systems such as this and the current generation of gaming consoles, which is constantly streaming data off to some server somewhere else, with the only thing protecting me from how that data is used being the privacy policy that I didn't read and likely wouldn't understand in its nuanced legalese. Moreover, even if Google can be trusted, recent events have shown that once data is online, it can be hacked, and I'm not certain how comfortable I'd be with 7-30 days of my comings and goings available online for a would-be thief to study prior to breaking into my house.

Then again, this line of work has gone a long way to making me paranoid. So perhaps I'm overreacting. That Nest smoke detector does sound nice...

Cryptolocker is a form of ransomware that encrypts data on the infected computer, rendering the files unreadable without the decryption key. Affected users are prevented with a screen with a countdown timer informing them that unless they pay the ransom for their data in a certain number of hours, the decryption key will be deleted.

Initial Infection: The initial infection is usually received via an email attachment or "drive-by" download on an infected website. Once installed, the malware contacts its "command and control" center for instructions, which provides the malware with the encryption key and its list of targeted file types.

Repair: While the infection itself can be removed without much difficulty by qualified IT professionals, without the decryption key, restoration of the encrypted data is impossible. Without paying the ransom, there is no way to obtain the decryption key, and due to the large key size, brute force decryption techniques are generally considered impossible. Early versions of Cryptolocker could be circumvented with a good system restore point, but later versions also encrypt or delete the pre-existing restore points, rendering that repair option useless. Aside from paying the ransom, the only reliable way to recover encrypted data is from a good backup of the user files.

Prevention and Remediation: While there are no guarantees in regards to malware, having a reliable and up-to-date antivirus program running on a computer can help prevent the initial infection by Cryptolocker malware. Similarly, utilizing a high-quality firewall or network monitoring service that prevents the malware from contacting its command and control center can stop an infected machine from receiving its encryption key and instructions. Finally, if an infection with Cryptolocker does occur, having a reliable backup of critical information, or (even better) a disk image to restore from is the only way to recover data lost to encryption.

InfinIT Technology Group offers Managed Antivirus ($3/device/month), 24/7 Remote Monitoring ($3/device/month), and Web Protection & Content Filtering Services ($3/device per month), or bundle all three services for $7/device/month. InfinIT can also help design a local backup strategy, make a baseline disk image, or set up an offsite backup for customers interested in protecting their most important data.

If you are worried about the Heartbleed security flaw but don't know what passwords you need to change, mashable has provided a short list of major websites, and whether or not they were affected by the flaw. If you have any doubts or concerns about a site not on this list, better safe than sorry: change your login password to something new and secure.

Microsoft has finally admitted defeat and will be returning a Start Menu (a seemingly usable hybrid of the Windows 7 start menu and the Windows 8 tiles) to a future update to Windows 8. Which update? What release date? None of that is known yet, but here's a detailed article on the resurrection of the Start Menu.

Have Windows 8 and don't want to wait for a Start Menu? Call InfinIT Technology and we can help you find a third party alternative.

Though long self-branded as the operating system that "Just Works", OSX and iOS may be losing ground to Android (and Linux in General). Follow the link to read more about Crittercism's Mobile Experience Benchmark Report, which shows that Android KitKat is the most stable mobile OS by a wide margin. Or if you prefer to skip the statistics, just read Techrepublic's Summary of the report.

Due to its security, growing ease of use, and particularly price (FREE!), Linus has seen rapid growth over the last year. But is the world ready for a Linux Phone? Ubuntu Phone is on the way, and it may be more than ready.

Has Google done what no other company has been able to do? Have they taken the relatively obscure (but free and highly useful) Linux operating and popularized it? Jack Wallen of Techrepublic thinks so.

By developing both ChromeOS and Android from the Linux kernel, and then making sure to properly support it, Google may be overcoming the public's fear of Linux. Could they also be responsible in some part for Apple giving away its operating system for free as well? Or Microsoft's recent decision (no doubt only because their hand is being forced) to significantly reduce the price of Windows 8?

It turns out it doesn't matter, since 95% of the top 200 free iOS and Android apps have at least one risky behavior. But iOS apps were 8% more likely overall to exhibit risky behavior.