First Superfish, now this: Some Lenovo users have discovered a secret “feature” in which Lenovo will ask you to re-install its bloatware, even if you do a clean install of Windows.
Photo by Maurizio Pesce.
The utility was discovered and popularised recently on the Ars Technica forums. The specifics are a little complicated, but it essentially works like this: many Lenovo models ship with something called the Lenovo Service Engine, which is a BIOS-level utility that installs itself after you install Windows — even if it’s a clean, non-Lenovo disc. Afterwards, it prompts you to download all of Lenovo’s bundled utilities, even if you aren’t connected to the internet. (If you are connected to the internet, it will send some system data back to Lenovo as well).
In addition, this is a feature Microsoft built into Windows 8 for manufacturers — so both Lenovo and Microsoft are to blame here.
For end users, this seems like more of a mild annoyance than anything (since you can choose “cancel” at the prompt), but it’s also a security risk — especially considering it has some vulnerabilities that won’t get patched unless you do it yourself.
To see the models affected and view instructions on how to remove the Lenovo Service Engine, click the link below. You can also see a more detailed analysis of the story over at TechWorm.