Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed.
The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that “most” is not “all.” Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, calling the feature the “Lenovo Service Engine.”
Microsoft provides more detailed on what, exactly, this functionality, dubbed the Windows Platform Binary Table, is supposed to be for (.docx file!), and how it works. From reading the document, it becomes clear that installing tracking software – which is what Lenovo is using this for – is not exactly what Microsoft had in mind.
The Windows PC world is such a mess.
I think it’s time to forget buying Lenovo anything. Ever. First Superphish, now this. This is malware and should be considered nothing otherwise.