Lenovo Has Been Using A Windows Anti-Theft Feature To Prevent Its Software From Being Deleted

Lenovo had better prepare for another round of backlash against its pre-installed software practices. The company has been discovered to have been using an anti-theft feature on all Windows computers to ensure that it’s own software is not removed; even if the user performs a completely fresh reinstall of the operating system.

The problem stems from something called the OneKey Optimiser, which is installed through the Lenovo Service Engine (LSE). The optimiser is a reasonably harmless piece of software as it automatically updates firmware and drivers, while also cleaning out junk files. The big problem is that the OneKey Optimiser also sends user data to a Lenovo server to “help us understand how customers use our products”. While Lenovo claims that the information is not personally identifiable, the fact that it tracks the users in secret is a major problem.

A bigger problem is that fact that the software will replace key Windows files, and cannot be removed by regular methods. On a Windows 7 or 8 system, the BIOS will check ‘C:\Windows\system32\autochk.exe’ to see if it’s a Microsoft file or a Lenovo-signed one. In the case of a Microsoft file, it will be overwritten by the Lenovo version. After this is done, two more files – LenovoUpdate.exe and LenovoCheck.exe- are created. Because this was written into the BIOS, the process will survive even if the operating system is wiped.

Microsoft actually allows manufacturers to do this as part of the Windows operating system, but the original intention was to facilitate anti-theft features. Essentially, this is to allow users to shut down the laptops in the event it gets stolen. Lenovo has apparently taken a different definition of “anti-theft”.

Lenovo has already removed the feature from newer laptops, saying that there was a security vulnerability involved. However, it has not pushed out an update to automatically remove it from older machines; millions at risk. A removal tool was published to help these users out, but Lenovo did not publicise the matter and many have no idea that such a thing exists; or that they had a security risk for that matter.

If you are running on any of the following Lenovo machines please visit this link to download the LSE removal tool and run it.