A Lenovo press release today:
The events of last week reinforce the principle that customer experience, security and privacy must be our top priorities. With this in mind, we will significantly reduce preloaded applications. Our goal is clear: To become the leader in providing cleaner, safer PCs.
We are starting immediately, and by the time we launch our Windows 10 products, our standard image will only include the operating system and related software, software required to make hardware work well (for example, when we include unique hardware in our devices, like a 3D camera), security software and Lenovo applications. This should eliminate what our industry calls “adware” and “bloatware.” For some countries, certain applications customarily expected by users will also be included.
A step in the right direction, but still way too much wiggle room. Why, for instance, do they insist on shipping third party antivirus crap when Windows has its own, faster security software built right in? And what are “Lenovo applications”?
Forgive me, Lenovo, if I don’t believe you. It might have been more credible if you hadn’t installed one of the nastiest pieces of adware yet seen. Now suddenly you want a cleaner, safer PC? Sure, I really believe that.
Translation: Shit, we got caught. Quick, we need to say something that sounds good but doesn’t restrict what we can actually do… and someone find a better piece of spyware and hide it better!
Meh. I have a Thinkpad T540p. It runs Linux damn well. Hell, I can’t even get Windows 7 *or* 8 to run reliably without crashing and burning either on boot, on shutdown, or at some random time shortly after starting up (and 8.1 and 8.1 Update are even worse). No malware bullshit on my machine, at least my main partition, because I run an OS that is not prone to it.
That’s because that’s the way they run. Windows isn’t the crash happy mess it was 15 years ago. 15 years ago is a long time.
Windows hardly ever crashes these days, really, and for those rare times when it becomes unresponsive it can usually be fixed by logging off.
In fact, it crashes way less often than linux running Xorg. Yes, I know it is probably Xorg fault, but when mouse and keyboard is unresponsive I really don’t care.
If you have Linux/Xorg crashing, there must be something wrong with your hardware.
For the record, on my Thinkpad T430s, neither Windows (8.1), nor Linux (Ubuntu 14.04) crashes.
Sure I did. Considering that it never crashed under Windows, I suspect crappy i915 driver.
Oh, and under Linux waking up from suspend would not work about one time in ten (no problems under windows).
I guess this was also ‘something wrong with my hardware’ and not buggy acpi under Linux?
Well, 2 years ago I bought a new laptop and switched to windows as primary OS (with linux only in VM).
Edited 2015-02-28 18:29 UTC
“Buggy ACPI under Linux” would be manufacturer fault. It is in BIOS or UEFI firmware, not in Linux!
There is a reason why some time ago, Linux started to claim that it is Windows when using ACPI. It was to work around firmware bugs.
And whatever you say, I’ve never had a problem with any Thinkpad I’ve owned (that is, T400 and T430s). Neither had any problem with graphics or suspend.
No, not really. Window still crashes a bit more but it still happens so seldom that it doesn’t really matter much.
Edited 2015-03-01 02:34 UTC
I don’t know about Windows, but I find X.org really, really stable at least on Ubuntu’s LTS releases.
How can we make the PC vendors happy by letting them get their $5 from the vendor hoping you will buy the full version while still making the consumer happy by not loading it down with crapware? The solution is simple: 1 click installs. Installers on the desktop. If you double click on it, it does the install so you can try out this software if you want it, but if you don’t ever click it, it is not installed or running to bog things down and open security holes. Everyone wins, even the consumers if they want to try the software out. If you know you don’t want it, just delete the installer from the desktop and free up some space. On a factory refresh of the machine, there they are waiting for you to use or not use again.
Shipping another AV solution isn’t entirely unfounded. MSE is probably the nicest to deal with of all the alternatives, but from the latest benchmarks I’ve seen it’s not especially good at stopping threats. Which is sort of important in an AV program.
Ref:
http://www.av-test.org/en/antivirus/home-windows/windows-7/december…
(I believe most other reviews reference AV-test – at least it’s hard to find a solid comparison that doesn’t.)
Edited 2015-02-27 23:02 UTC
Antivirus software does not stop viruses. They cannot patch the holes in Flash no more than Microsoft or Google can.
Once a virus is already on the machine, Then the anti-virus may recognise it and might be able to handle it.
I have to explain this daily to users — your anti-virus almost doesn’t matter. Preventing the viruses getting in in the first place is what matters. Use Chrome (for auto updating of Flash) and Adblock / Web Of Trust to minimise attacks.
Actually they can. Though doing so is why so many of them are shit. The constant scanning of incoming content means they recognize attacks and contain them. IF they recognize it, but it requires them to be constantly scanning and constantly consuming resources and constantly be a pain in the ass, and constantly be useless to anyone with an uptodate machine because what they recognize is what is already patched.
Yeah, MSE has fallen behind to the point that even Microsoft doesn’t recommend using it anymore.
As for the crapware, I’ve read that this is the only way PC vendors can make a profit, since the margins are already razor thin. However, I’d pay a little more for a ‘signature’ setup that just has the OS, drivers, and nothing else. I wish more PC vendors would give customers this option, as even the restore partition/install DVD has the crapware slipstreamed in.
It’s such a shame, from convenience and usability standpoint it’s the best AV out there. It is very, very light on resources and since it’s a free product it doesn’t have to try to sell you subscriptions or any “related” products from the company or anything like that; it just simply works.
I really wish Microsoft didn’t have to bow to the AV-vendors on this, it only harms everyone. Well, except the AV-vendors themselves, of course, but that’s the point..
Well, Microsoft could stop waiting 90 days to patch vulnerabilities when they found them. That’d go a long way. Drop the “patch tuesday” crap and push fixes out immediately.
Yeah, push them out immediately, with no testing, no Q/A, no research. I agree that 90 days is too long, but immediately is too short. You can’t be breaking things either.
Yeah, that really sucks. I like how MSE only does what it needs to do and none of the other bullshit features AV vendors sells you (email scanning, link scanning etc).
Edited 2015-02-28 03:23 UTC
How so? It was replaced by Windows Defender.
The history and relations here are oddly confusing. If I’m parsing wikipedia right:
First, there was GIANT Antispyware, renamed to MS Antispyware when they bought them. In 2006 it changed name to Defender, still without a virus scan component.
MSE is a separate product that does more than Defender (e.g. having a virus scanner), and if you installed it on Win7, it would remove Defender and take over its role.
In Win8, Defender was upgraded to also have virus scanning … by importing the scanning code and most of the interface from MSE, to the point where it’s arguably a rebranding.
MSE is still, I believe, the right name for the newest product on Win7, while it’s Defender in 8/10.
Edited 2015-02-28 12:02 UTC
Vendors ship antivirus software because it is additional stream of revenue. I guess they get their interest for bringing additional [potential] customers to antivirus software developer.
P.S.: Lenoveo software are their tools for configuring TrackPoint, APS, additional keyboard buttons and similar stuff. APS software is actually useful, but the rest of it is mostly bloatware.
I don’t know about other Lenovo apps, but the ThinkVantage System Update software is actually kinda useful.
It automatically updates your drivers and BIOS – and nothing more. Doesn’t try to sell you anything, doesn’t have ads, doesn’t nag you about other Lenovo stuff.
Windows Update will update drivers, sure, but drivers from Windows Update might not be the latest (IIRC, the Lenovo App won’t replace newer drivers from other sources), and Windows Update definitely won’t find the latest BIOS for you, either.
It beats having to hunt around for individual drivers, especially if you need a less-than-common free-fall sensor driver, or something like that.
It’s easy enough for somebody like me to find driver, though, but for a lot of people, they have no idea what they’re doing.
I have no experience with their other software, though. The last Lenovo laptop I owned, I quickly wiped after just a few minutes of poking around. But, it did grab the drivers for me, and I did save them for later use
Wow, it’s almost like using Linux or a BSD, but more brittle and less reliable!
Yeah, I get BIOS updates via Linux all the time.
… or not.
True, firmware updates are definitely one area where using Linux & BSD won’t help you much, although that’s largely down to the firmware vendors themselves.
It’s still far better and less brittle when it comes to driver & system updates, though. I guess as long as Windows has a solution that isn’t complete crap it’ll look good up against Windows Update though, so the Windows users will lap it up and think they’re lucky.
I suppose all the people here on OSNews, as well as other places, are just imagining things when they complain about updates breaking sound, or WiFi, or power management, or existing software?
It’s been a long time since I’ve had hardware breakage as a result of updates in Linux (Longer than most people, it seems), but I’ve had plenty of broken software as a result.
Though, I’ve never had any of those problems with FreeBSD.
No, but then I’ve had Windows updates break stuff, too. Was that imaginary?
I can’t recall any software ever breaking. Nor do I recall any drivers working worse as a result of updates; I’ve had changes in behaviour, but never a worse result.
As an aside your complaint is with the quality of the drivers, which directly hangs on the hardware vendors who don’t write or maintain their drivers for Linux properly. In exactly the same way there’s a bunch of hardware vendors who don’t keep their drivers up to date with Windows or OS X either.
Of course not. But, then, I didn’t imply that Windows updates were always problem free, where you implied that that was the case with Linux.
I’ve experienced breakage with VMware Workstation, VMware guest drivers, Bumblebee (needed for somewhat useful NVidia Optimus support), various emulators. I’ve had nginx break because they decided to rename/move my existing config and replace it with the default, or because they switched a slightly newer version that has a minor change to the config file syntax.
To keep things reliable, since regressions sometimes happen, I have to maintain a list of software that I don’t want to update for various reason, meaning I lose the usefulness of the GUI for updating, and have to remember to manually update via console so I can tell yum or whatever package manager I’m using to skip updating those packages, which of course means the notifications I get telling me of packages I need updating never go away, so the update notifications quickly become useless.
I didn’t, but read what you like into it to verify your own biases. Go wild.
You should really pay more attention to what dpkg asks you during an upgrade.
Wait, are we talking about Windows or Linux here?
In 15 years, across thousands (at a time) servers, I have never experienced or had to deal with the scenarios you outline. Yet I’ve had to do it for Windows when I only had 50 machines to manage. Go figure. What an impasse. Etc.
And then, later in the exact same post…
You again make the same implication in the exact same post you said you weren’t doing so.
Also,
I don’t use dpkg. Ubuntu is a lousy distribution, being the distribution that broke nginx for me by switching to a newer version that had a slightly different syntax to a couple config options, and Debian moves too slow for me to want it on my desktop.
I spent a while using CentOS, and also Fedora, experienced some of the problem I mentioned on those, but I use OpenSUSE now, which so far I haven’t experienced those problems.
Yet. Linux isn’t my primary OS anymore – Windows is again, with IIS serving my need for the personal web server I run for my own use.
Oh, I wish FreeBSD’s power management worked properly on my laptop. But, it doesn’t. Maybe soon I’ll have the space room for a proper desktop.
Maybe the point is too subtle for you: either of us using anecdotes in place of data doesn’t mean shit. Mine is just in response to your original lazy debating that employed your own. I figured we’d reached the point where facts didn’t matter.
Hey yeah look at that, more anecdotes in the place of actual facts. Strange isn’t it?
Have you ever managed a fleet of servers, and have you ever managed both Windows & Linux or BSD? Because I have, and I can (WARNING: more anecdotes ahead!) say that I’ve found the 50 Windows servers were FAR more effort to manage properly than the couple of thousand Linux systems. Yes even with SCE & AD (AD being the entire reason we had any Windows servers at all). Managing updates to Windows was a much more brittle and difficult experience; exactly the thing I said right at the start of this thread. Apparently though, you updated nginx once and it broke and that trumps anyone else’s experiences to the contrary, so what do I know?
Does my experience invalidate your experience? Yours invalidates mine? Or perhaps we’re both doing the exact same thing, but apparently I was the only one who knew it?
Edited 2015-03-01 12:11 UTC
Drumhellar,
You too huh? I like nginx, but configuration changes have caused a few breakages for us. It’s hard for me to fault OS maintainers over upstream application changes, it’s not exactly their fault application changes break local configurations. The same problem would probably exist with nginx installed on windows.
I’d also like to mention a different time when one nginx “feature” caught me off guard:
proxy_pass http://remotehost:80/proxyurl
proxy_pass http://$1/$2;
The first form of proxy_pass uses the libc resolver, the second form uses the internal resolver, even when the string expansions are identical. This causes a subtle problem, because the libc resolver is synchronous it happens once at startup and the entire nginx server goes down if DNS resolution is unavailable at that time. Well, as you can guess, that happened to us on a production system. The failure of an external third party DNS server caused all our local nginx hosts to fail.
This behavior is hard coded, and it is not possible to explicitly override without patching the code. As far as I’m concerned there’s never a good reason for nginx to choose glib’s blocking resolver over it’s own internal one. The internal resolver is asynchronous and has exactly the expected behavior, it starts successfully but returns 500 errors when the proxy is unavailable. I’m tempted to call this one a bug, but officially it is not.
Drumhellar Consider Zeroinstall
http://0install.net/pkg2zero.html
This I find useful for taking particular versions of packages and making independent to current distribution.
This allows you core update to proceed without trouble. Holding back 1 to 2 packages in main distribution will long term cause you big trouble.
A lot of people complain about Linux not being able to keep older versions of programs. The problem is mostly that Zeroinstall and equal are not as tooled as the normal package manager
Gnome project is also working on sandbox applications that should help in future.
“VMware guest drivers” without version I don’t know if this was the case where it turned out VMware was using something Linux internal without notifying anyone. I know this is fun under debian based systems if you did not install open-vm-dkms and use the VMware own files as kernel updates don’t result in automatic readding of Vmware drivers..
VMware Workstation is like the Vmware guess drivers issue but worse. 1 there is no package solution so nothing tells the distribution package manager what files Vmware depends on 2 the VMware workstation does not register with dkms to restore drivers in case of kernel update(yes Vmware uses its own unique network loopback driver mostly because they can). 3 VMware has not gone through the process with Linux knerel developers to make the functions in kernel space they use be exported to user-space so making them stable. So I cannot help you here. When it a case the application is done incorrectly there is not much anyone can do bar get in vendors back and hope they fix it.
nginx configuration disrupted never had that under Debian. Sometimes I wonder if some of these issues just happen to people using Fedora or rpm distrobutions.
Various emulators I could have a nice explain for some of that. 16 bit x86 segments were disabled for a while in the Linux kernel due to security reasons. Of course pure native code never need these bits. The other is some version updates to emulators just result in incompatibles. Solution for incompatibles caused by emulator version change zeroinstall the emulators and remove them from distribution package install.
The Bumbleebee issue I file this under trying to run Linux on random hardware. You can buy proper Linux supporting laptops that you don’t have to put up with the Optimus problem.
https://wiki.archlinux.org/index.php/NVIDIA_Optimus
Things are changing on the Optimus front but it still not great.
Most its just using the right management methods and right hardware.
Optimus support from Nvidia on Linux has been partly delayed by the formal arguments how particular features should and should not be handled.
As you can see some of these issues are vendor some are user not thinking of Zeroinstall and some are user attempting to use incompatible hardware.
Those of us who are using Linux compatible hardware avoiding software from vendors who have not done job properly and using zero-install for those odd applications we need to lock versions on we don’t suffer many issues at all.
I have had a Windows 8.1 recently on incompatible hardware result USB keyboards and Mice did not work. Incomparable hardware is never fun. Linux or Windows it does not matter. Badly done software is also never fun.
Basically just like there is a group of Window users who never suffer a single problem there is a group of Linux users who never suffer a single problem.
Part of the problem is people refer to Linux not the Distribution as well. Could turn out a large percentage of those having lots of trouble are using a particular distributions. How will we know if people always just call it Linux when they complain.
For VMware, there was a third party patch available that I found in the VMware forums. It was a simple matter to unpack the source, apply the patch, and re-pack it. Workstation would then correctly install the kernel modules it required and run.
AFAIK, NVidia’s support of Optimus is merely allowing the NVidia chip to be used and output via the ports hooked up to the Intel graphics. Bumblebee lets me choose between Intel and NVidia graphics on a per-app setting. It’s only broken once on me, and it was only a short time before the Bumblebee folks got it taken care of, though.
As for Nginx, it was Ubuntu that decided it was okay to break compatibility with the config file. That was the proverbial straw that broke the camel’s back, and caused me to switch. Of course, now that I think of it, it might have been when I was upgrading versions of Ubuntu. Still a pain in the ass, though.
Fedora likes to replace config files, but it at least saves the old ones. CentOS I like, but, it can be sometimes hard to find packages compared to Fedora – lots of building software by hand.
Drumheller the third party patch is required because vmware with Vmware Workstation has not gone through the require processes to be stable on Linux. Yes there are linux kernel mailing list processes for driver to make sure the functions your driver uses is stable.
As for Nginx, it was Ubuntu that decided it was okay to break compatibility with the config file.
No that was upstream Nginx that decided to break configuration compatibility between versions. Unfortunate it was part of security patches. Server failed vs hacked. I know what one I would prefer.
This is part of the common fallacy Distributions isolate you from change but there are limits.
The replacement of configuration files is not a major debian thing or Debian based.
Drumhellar notice you said major version change. No distribution include Fedora promise that your configuration files will be 100 percent Ok after a major version change.
People who have installed upgrade between versions of Windows have also had historic gremlins come out of registry due to incorrect values.
I do find debian package mainainers a little better than Ubuntu in regard that if you are installing a package that breaks configuration compatibility debian throw up a warning screen with description of what will be broken.
This is part of my reason I have a very high suspect that a lot of these problems are Distribution related.
I normally live in Debian Testing. Reasonable modern.
Main reason why I like Debian it has the most packages out of any Distribution in existence so building stuff is a rare..
Me too. I download a file, put it on a usb stick and reboot. 🙂
It is a tedious, highly, technical challenge that Linux users have to deal with every time Lenovo creates a BIOS update. If you by a new ThinkPad model, you might have to suffer through it two or three times. Four if you don’t like poorly worded help texts in your BIOS (seriously. That’s the last thing Lenovo bothered to update on mine).
TSU offers also “Lenovo applications”, not only drivers. For example, Lenovo SHAREit and other junk.
The first thing we do is to archive a system image of a new model. Then we remove any and all crapware, and the preinstalled trial antivirus program (and replace it with 360 Total Security or Avira Free), and then make a base image that gets loaded onto any remaining PC’s of the same model, at the time of purchase. A clean machine and full service is what customers expect when buying a computer from a small business, not preinstalled crapware. I suspect that many small PC shops do similar things to help their customers and build a solid reputation.
I was with you, right up until this part
That is most definitely crap ware for me. There are a couple antivirus vendors I trust, but not those.
I love crapware. The more the better. Since I always wipe the system and install Linux, I figure the fees paid by the crapware vendors cover the cost of the Windows Tax. Everyone is happy, except maybe the crapware vendors.
The problem with the statement is that nowhere are any of the words “sorry”, “apologise”, “never”, “again”, or “regret” found in that statement.
Literally. CTRL+F. Search for those words. You won’t find them.
So, yeah, f__k you Lenovo. Not only are they dancing around what they did, but there’s no indication the company really gives a damn about its users. I’m going to actively recommend against Lenovo perpetually.
Edited 2015-02-28 00:33 UTC
Would the presence of those words have made a difference? Has the presence of those words in any press release or speech made by anyone or any company been sincere?
I find actions to be better than apologies, so let’s see if this happens again first.
The events of last week reinforce the principle that fire safety, security and air worthiness must be our top priorities. With this in mind, we at Air-Hindenberg will significantly reduce the size of our matches. Our goal is clear: To become the leader in non-flammable, safer transportation.
The reasons:
1) OEMs get kickbacks for every subscription renewal made to the pre-installed security solution. With a cut-throat race-to-the-zero going on in PCs, the kickbacks are vital.
2) Windows Defender for 8 (aka MSE) is terrible. It fell below 90% in tests, and it will decline more because MS reduced the team to half. And everyone knows that, most of the “zoo samples” used in tests are easy-to-identify malware, so the detection rates for the really dangerous malware in the wild are lower. If OEMs didn’t stop pre-installing AVs when Security Essentials had 99% detection rates, they won’t know. Because now OEMs are actually right when they say you need third-party protection.
3)McAfee is owned by Intel. I ‘ll let your imagination run wild about this when it comes to chip pricing and kickbacks.
PS: I am actually thinking of paying for the pre-installed McAfee that will come with my new PC. There is always something “off” with free solutions. Defender for 8 is terrible and takes a long time to parse big executables, Avast makes PCs boot slower, and BitDefender Free is buggy and amateurish. Instead McAfee has decent detection rates and is fast because it has to match Intel’s self-imposed performance metrics for Ultrabooks. I am getting too old for experiments with AVs.
Edited 2015-02-28 12:10 UTC
It sounds to me that Lenovo are going to continue to include “adware” and “bloatware” in their future installs, directly contradicting their claim to be eliminating it.
Why not offer the bloatware as part of the first-time boot dialogue, with (unticked by default) options to install each bloaty item individually and then a global option to “never ever install” (this would delete the bloatware installers entirely with a warning that it was irreversible).
‘what are “Lenovo applications”?’
It’s all the preloaded crap manager applications that we uninstall from our T-series laptops at work. Like Access Connections (or Connection Manager, whatever they call it now). Especially their “support” applications.
All my laptops in the last years have been Fujitsu-Siemens models, none of them included any other preloaded software other than the OS and drivers.
Lenovo’s cleaner, safer PC will be shipped by flying cars, that use room temperature superconductors to power their quantum computers responsible for AI that pilots them and it will happen in the next 5 to 10 years
The whole “black-list” block known threats and let everything else in is bass-ackwards.
The opposite “white-list” approach would do far more for security. I think most IT companies (Microsoft included, but not just them) refuse it because it means having the end user make decisions! Too hard, easier to let them mess it up and wipe, bonus lots of revenue for everyone involved in cleaning up/reinstalling.
This was one of the strengths of Mac OS 9 and below. It had almost nothing in the way of servers (telnet/ssh/ftp/etc.) turned on by default. Built in yes, but turned off, you had to enable it yourself, even if it was point and click.
As for “are they sorry?” Of course not! That will be if/when this fiasco makes their bottom line tank! How sorry was Sony after the “CD Rootkit” fiasco, aside from losing money?
Edited 2015-03-02 20:22 UTC