Superfish wasn’t at the BIOS level, it was a root certificate preinstalled in the OS. Wiping the machine and installing Linux as your operating system would have prevented any exploit.
I can see why you’d still be rightfully put-off though, since it shows a lack of good security hygiene, and you have to assume if they screwed up once there’s no reason they won’t do it again for similarly profit-driven reasons.
My apologies, I conflated it with something else they embedded into UEFI around the same time. Lenovo Service Engine had security vulnerabilities and couldn’t be removed with a fresh Windows install, as UEFI would just execute it at startup.
I’ve had a few false starts with Linux. I’ve tried a couple different distros here and there over the last 20-ish years, but I never make it more than a week before falling back to Windows. That said, I hate Microsoft’s direction, and I’m holding onto Windows 10 as long as I can.
I permanently wrote off Lenovo after the Superfish factory-installed BIOS-level malware scandal.
Superfish wasn’t at the BIOS level, it was a root certificate preinstalled in the OS. Wiping the machine and installing Linux as your operating system would have prevented any exploit.
I can see why you’d still be rightfully put-off though, since it shows a lack of good security hygiene, and you have to assume if they screwed up once there’s no reason they won’t do it again for similarly profit-driven reasons.
Also other brands have been just as bad about using the correct certificate.
My apologies, I conflated it with something else they embedded into UEFI around the same time. Lenovo Service Engine had security vulnerabilities and couldn’t be removed with a fresh Windows install, as UEFI would just execute it at startup.
I’ve had a few false starts with Linux. I’ve tried a couple different distros here and there over the last 20-ish years, but I never make it more than a week before falling back to Windows. That said, I hate Microsoft’s direction, and I’m holding onto Windows 10 as long as I can.