Update 8/12/2015 1:20PM: Lenovo has released an official statement regarding this issue. In it, the company says “Lenovo’s use of LSE was not consistent with these new guidelines,” which references a recently released set of security guidelines from Microsoft. LSE is no longer being installed on Lenovo systems as a result, and updating to a new BIOS should disable or remove the feature.
Lenovo has been accused of automatically re-installing its own software even if the user has done a clean install of Windows.
The mechanism, called Lenovo Service Engine, allegedly downloads software for “enhancing” firmware, drivers, and pre-installed apps to improve system performance. When doing a clean install, the laptop’s BIOS overwrites the Windows files.
It also gathers up data and sends it to a Lenovo server, which it says is used to identify how customers are using the software. The company says there is no personal identifiable information collected.
The technique is not entirely new and is made possible by Microsoft and its Platform Binary Table feature, used to load up software that the manufacturers want to have on the computer. In this case, when a Lenovo user did a clean install of Windows, they would find pre-installed software (or bloatware) on the system regardless.
Lenovo’s practices will be disconcerting as users are supposed to have a means to opt out or at least be made aware that the manufacturer is using the Platform Binary Table. Lenovo has since removed the tool from PCs shipped after June and released a patch for disabling it yourself, but the company did so with little fanfare or attention.
Users on Ars Technica’s forums and Hacker News first discovered the issue over the last couple of days. One poster was confused as to why pre-installed software remained on his or her system. “I couldn’t understand how a Lenovo service was installed and running! Delete the file and it reappears on reboot. I’ve never seen anything like this before,” the user wrote.
This incident comes several months after Lenovo’s Superfish controversy, which was a piece of volatile adware that injected ads into the user’s browser. The company was heavily criticized for installing the bloatware, which drew the ire of security pros and regular consumers alike. This latest case is unlikely to endear Lenovo to customers, either.
