Moving On From Superfish

It’s true, RMS was right. The folks at LinuxBSDos.com are right. The world needs to use Free Software. “Superfish (the company) is an outfit that needs to make money, and VisualDiscovery is their main product. So the company is not going away any time soon. Just last year the company was voted 4th (out of 5000) on the list of fastest-growing private companies in America. Fastest-growing translates into “our product is red hot”, as in, very, very popular.

A real solution, a final solution, is one that does not involve the parties that caused the problem in the first place. And that solution is this: Find a good Linux distribution and install it over Windows. End of story. No more adware or other factory-delivered malicious software.”
They write about millions of computers shipped by Lenovo including malware but that’s just one of millions of malwares out there sucking the life from people and their IT systems. Not only does Free Software work for users it doesn’t work for the bad guys like M$ and malware writers.

I recommend Debian GNU/Linux. It’s easy to install and you can even get that other OS to help. You don’t need to wait until the next wave of malware strikes. You can do it now.

See How to delete Superfish from Lenovo computers permanently.

If your computer needs a bit of non-Free firmware to run devices like network interfaces, try Debian’s “unofficial” CD-images. Many computers have the possibility of adding a network interface that doesn’t require non-Free software, like some Atheros USB wifi devices.

The Free Software Foundation directs users to hardware that respects Software Freedom.

You can even buy brand new PCs installed with only Free Software, right down to the BIOS or plug in a wired Ethernet card based on Realtek 8139 chips that work at 100mbits/s. There must be 50 ways to leave your slave-master.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , , , . Bookmark the permalink.

57 Responses to Moving On From Superfish

  1. DrLoser says:

    I guess you were meaning qps. I remember that bug myself. It was nice and nasty. Mind you even without your code that fault did get fixed.

    A commendable guess, oiaohm, but wrong. I didn’t have the relevant libraries installed. Though I’m quite prepared to believe that qps was derived in some way from whatever I was looking at (which was a lot simpler, having checked out the details of qps).

    Which leads me to the obvious question.

    Which “nice and nasty” bug do you remember, oiaohm? Because you have no guarantee that it’s the same bug I fixed.

    I’ll give you a hint on mine. It stopped you configure/make/make installing the thing. And it was a single function call. And it was a deprecated function call.

    Now, out of idle interest, and since you are keen to prove that you are technically competent without actually providing any personal details like a resume, perhaps you would care to describe the “nice and nasty” bug in qps?

    Surely that’s not too much to ask.

  2. DrLoser says:

    DrLoser the reason why the new kernel live patching system is coming in Linux 4.0 is more the reality that rebuilding the kernel for security reasons it coming too often for the Linux world liking.

    Thrilling, Fifi, thrilling.

    Any particular reason you brought up this topic of Linux 4.0 kernel live patching?

    Is it relevant to anything at all?

    Let me guess.

    No, it isn’t.

  3. oiaohm says:

    DrLoser the reason why the new kernel live patching system is coming in Linux 4.0 is more the reality that rebuilding the kernel for security reasons it coming too often for the Linux world liking.

    I guess you were meaning qps. I remember that bug myself. It was nice and nasty. Mind you even without your code that fault did get fixed. Not everyone who find the fault submits a report also not everyone who finds the fault does not submits a report. Just because you do something DrLoser does not make your representative.

    To be truthfully you have put zero effort into fixing the backwards compatibility issue yet you keep on complaining about it.

    FOSS is the actions of the group not just the actions of the individual.

  4. DrLoser says:

    You can even buy brand new PCs installed with only Free Software, right down to the BIOS or plug in a wired Ethernet card based on Realtek 8139 chips that work at 100mbits/s. There must be 50 ways to leave your slave-master.

    It’s actually quite difficult to buy a Gluglug, Robert. And had you availed yourself of the chance in December 2013, you would have been ripped off for the outrageous price of £298 — ignoring the broken drivers and so on.

    Considering that a Gluglug is nothing more or less than a “repurposed” Lenovo X200, perhaps a better bet would be to buy the original for, say, £89 refurbished, and kit it out in much the same way that the Gluggies did?

    You can’t really say no to a product that meets your hardware specifications, comes in at £207 less than the FSF would charge you, and still gives you all the fun of welding free bits into the side, can you, Robert?

    I wouldn’t really recommend this obvious piece of crap to anybody other than you, however.

  5. LinuxGentlesir says:

    You do realise that this guy is a troll, don’t you, Robert? I mean, a genuine troll. Not a M$ one.

    Lovekindness is often viewed as disingenuous in those who are filled with loathing.

  6. DrLoser says:

    DrLoser wrote, “an OS with this stuff baked in at the hardware and driver level, Robert. We have no need to spin up a new kernel every other week.”

    I don’t have the need either. I enjoy it. My IT gives me joy every day.…

    Fair enough: I will rephrase.

    Normal people use an OS with this stuff baked in at the hardware and driver level, Robert. We get no enjoyment whatsoever from spinning up a new kernel every other week.

    In fact, 99+% of normal people would consider such an activity to be evidence of mild insanity. And certainly not anything useful or productive. More likely the sort of person who would end up on the front page of the National Enquirer.

    I can blast out a blog post in a few minutes without a thought to drivers and the like. Nor malware, re-re-reboots, EULAs …

    Which small happiness puts you in very august company, Robert.

    To whit: absolutely everybody else who can blast out a blog post in a few minutes without a thought to drivers and the like. Nor malware, re-re-reboots, EULAs …

    The only difference is that you continually bleat on about these non-existent problems.

    Which means that you appear to lapse, somewhat, from the Augustinian Meritocracy of blog posters … because none of the rest of the buggers give this stuff a single thought.

  7. LinuxGentlesir says:

    I don’t have the need either. I enjoy it. My IT gives me joy every day.

    This is exactly how I feel as well. Forward thinking projects like GNU/Linux exist in the true spirit the advancement of the human race. It’s the spirit of scientific collaboration applied to software. Free Software makes me optimistic about the future!!

  8. DrLoser says:

    DrLoser, after exercising his rights to be free to use FLOSS, wrote, “I therefore repeat: it is a practically worthless freedom.”

    I sense that you are not quite grokking the distinction here, Robert. Let me try to explain.

    A freedom that nobody uses is not a freedom.

    And if nobody uses it, then it’s not a “freedom” worth boasting about. And certainly not one that you could use as a Unique Selling Point when trying to convert the unwashed sheeples to the Linux Desktop.

    I’m not objecting to it. I’m just pointing out that it has no bearing whatsoever on your argument.

  9. DrLoser says:

    Exactly!

    You do realise that this guy is a troll, don’t you, Robert? I mean, a genuine troll. Not a M$ one.

  10. LinuxGentlesir wrote, “If Linux was not Free Software in this manner, it would have been a forgotten academic excerise by Linus Torvalds. The fact that the code can be legally modified is the basis of why Linux even exists!!!”

    Exactly!

  11. DrLoser, after exercising his rights to be free to use FLOSS, wrote, “I therefore repeat: it is a practically worthless freedom.”

  12. DrLoser wrote, “an OS with this stuff baked in at the hardware and driver level, Robert. We have no need to spin up a new kernel every other week.”

    I don’t have the need either. I enjoy it. My IT gives me joy every day. I can blast out a blog post in a few minutes without a thought to drivers and the like. Nor malware, re-re-reboots, EULAs, …

  13. DrLoser says:

    Isn’t it nice to be able to configure ECC RAM? What a wonderful benefit that must be!

    Or maybe not.

    Normal people use an OS with this stuff baked in at the hardware and driver level, Robert. We have no need to spin up a new kernel every other week.

    Never mind. Have fun in your Edwardian-era sandpit.

  14. DrLoser says:

    Let me, offering myself up as a personal example, offer the following observations.

    1. Unlike you, Robert, I actually fixed up a number of GEBC bugs. I kinda lost my enthusiasm when I realised that nobody uses the thing — which, btw, is another issue worth investigation and discussion — but the fixes are still there if anybody asks for them.
    2. There was an excellent X-Windows process visualisation tool a few years ago, called something like xps or psx (I forget). It broke, owing to Traditional Olde-Style Linux Backwards Incompatibility. I tracked that down to a single line (it was some sort of deprecated bit of glibc, as I recall) and fixed it. Once again, nobody uses the thing, so I couldn’t be bothered to submit the fix.
    3. Many a time I have stared at OpenOffice (now Libre And Even Tastier!) and thought, “that’s horribly wrong. Maybe I can fix it.” And then I realised that life is basically too short and that Libre is waaaaay too complicated to tackle.
    4. In the future, if I find an issue with part of the basic Gnu toolchain — bison and lex spring to mind as possibles — then I will fix it and submit a bug report.

    But in general, Robert, and in your specific case, Nobody much ever does this.

    I therefore repeat: it is a practically worthless freedom.

  15. LinuxGentlesir says:

    Gentlesirs,

    Some of the major entities take advantage of GNU/Linux’s ability to be modified and redistributed legally:

    Intel
    Red Hat
    Texas Instruments
    Linaro
    SUSE
    IBM
    Samsung
    Google
    Facebook
    Oracle
    Broadcom
    AMD
    ARM
    even Microsoft

    These major companies contribute code that are intended to benefit people who do not modify the code themselves. If Linux was not Free Software in this manner, it would have been a forgotten academic excerise by Linus Torvalds. The fact that the code can be legally modified is the basis of why Linux even exists!!!

  16. DrLoser says:

    I am not alone in observing that the work Debian does saves me a lot of work.

    The argument is not about whether some benign entity saves you a lot of work, Robert.

    The argument is about whether the ability to modify the C or C++ or whatever code that comprises your kernel, your C library, your service daemons, and so on and so forth, is ever useful to more than 1% of Linux Desktop users.

    It isn’t, is it?

  17. LinuxGentlesir says:

    GNU/Linux is Free Software! You can modify the code and even redistribute your modifications legally!!! It’s hard to believe, but it’s true!

  18. DrLoser says:

    Uh,… it happens quite regularly. I build new Linux kernels about every other week. I have my own configuration for it tailored to what Beast has for hardware and features I want like ECC RAM handling.

    Writing silly little configuration scripts in Bash doesn’t really count as “modifying the code,” Robert. You can do exactly the same thing on Windows. Oh look, I just twiddled a Registry variable! I am l33t!

    And, given your self-confessed inability to get a systemd init setup sorted out, you actually don’t seem to be much cop even at that basic level. Remember! Linux gives you all the tools you need! You have total access to the source!

    And as for spinning up a new kernel every other week … that’s just pitiful. Turning a compilation switch on or off, and futzing around with the odd environment variable, doesn’t qualify as “examining the code.”

    Because, quite honestly, you don’t really have a clue what is happening underneath, do you? You’re just taking it all for granted.

    But, to be fair, you are probably in the top 10% or so of Linux Desktop “I likes to play with me codez, me” types. The other 90% are even less likely to avail themselves of access to the code itself.

  19. DrLoser, having low blood-sugar this morning, wrote, “Ultimately that never happens, for all practical purposes. I’ve never done it. You’ve never done it.”

    Uh,… it happens quite regularly. I build new Linux kernels about every other week. I have my own configuration for it tailored to what Beast has for hardware and features I want like ECC RAM handling. I certainly use Debian’s amazing stack of software. I have 4K packages installed on Beast and some others on the lesser machines. Debian generates those from source code… I am not alone in observing that the work Debian does saves me a lot of work. e.g. French National Police

  20. DrLoser says:

    Ultimately, he who has the source code can maintain GNU/Linux in many ways.

    Ultimately that never happens, for all practical purposes. I’ve never done it. You’ve never done it. Obviously, Dougie has never done it. oiaohm will claim that he has done it multiple times, but that would just be fantasy as usual.

    The only regular on this site who has probably taken advantage of the opportunity is ram, and even he I’m not sure about.

    Bottom line: as freedoms go, it’s not a very important one at all. Not even to the users of Linux Desktops. It’s massively oversold by its proponents.

    Now, I’ll agree that having scads of freely available code (GEBC is a pertinent example) is very useful indeed — but that’s a completely different benefit.

    And, in fact, you’re behind the times (as always when on the subject of Windows), because Microsoft does this too: either intentionally — codeplex — or unintentionally — I can disassemble .NET libraries more or less at will, using the appropriate tools.

    In other words, and except for a select number of corporate Linux parasites like IBM, it’s not really much of a Unique Selling Point at all.

  21. kurkosdr wrote, “Not that Android or Desktop Linux is better.”

    That’s debatable. I think it’s clear that support of GNU/Linux on server or desktop is a diverse universe. I like Debian GNU/Linux because the repository is maintained by someone and I can use APT to update my system with simple commands. Essentially, it is a means of support which gives me some control while allowing someone upstream to do much of the work. That’s very efficient. RedHat and others have a variety of “support-levels” which may be similar to Debian but using RPM all the way to having in-house RedHat bodies who are expert with every detail of RedHat software. So, it’s not that GNU/Linux support is equally bad, but just different. Ultimately, he who has the source code can maintain GNU/Linux in many ways. With that other OS, many means of support are unavailable to the typical user. You get updates which may or may not work and that’s it.

    kurkosdr also wrote, “people who can afford a Mac, get a Mac”.

    That’s demonstrably untrue. USA, for instance has enough millions of rich people to buy all the Macs in production but they don’t. Global production of Macs was 18.9 million last year and USA bought only 16.7 legacy PCs total.

    Further, that would not explain why folks who used to buy Macs now buy legacy PCs. They do that not because they are not rich but just because they have better uses for their money. They have plenty of money to squander on sex, drugs, cars, firearms and ammunition. Macs should be no problem. I suspect it’s more that Macs are not universally available on retail shelves and consumers don’t have the choice all the time.

  22. kurkosdr says:

    it’s via forums = it’s user-to-user assistance via forums,

    Sorry, must have forgoten a ” or bracket somewhere.

  23. DrLoser says:

    Linux computer warranties have been this way for 6 years because of the Linux user tendency to pave over.

    Nothing like “paving over” when you rely on a third-party bit of software that has various dependencies, is there, oiaohm?

    I think you’ve convinced me here. This is obviously the way to deal with backward compatibility.

    Now all you have to do is to convince the other 99% of computer users.

  24. kurkosdr says:

    “Apparently you have not read the current computer warranties the OS is not covered even if the machine is Windows out box.”

    The hamster is 100% correct on this one. No OEM offers software warranty. The only “support” you ‘ll get is them offering to flash the image to factory-state (with the same bugs and problems it had).

    Windows PCs have a “grey zone” when it comes to support. The OEM supports the hardware, Microsoft supports the OS (so to speak, nobody has managed to get any software support from Microsoft, it’s via forums). But when it comes to drivers and apps that make the laptop work (like the one for the volume buttons or the webcam), you are essentially out-of-support.

    Not that Android or Desktop Linux is better. In fact, Android is completely bonkers in the sense that Google only supports Nexus images (again, so to speak) and manufacturers never offer support for their images.

    This is the reason why people who can afford a Mac, get a Mac (sadly I can’t anymore, my next computer is probably going to be a PC). You can walk into one of their stores and say “you made everything in this box, fix it”. People don’t care if the fixing is done by clueless Apple “geniuses” as long as they don’t have to fix it.

  25. DrLoser says:

    Btw, where does this wonderful conviction that common people know what an OS is at all stem from?

    Interesting question, Deaf Spy. But, before we answer that one, there is a prior:

    What makes anybody on this site (probably excepting ram) believe that they have the faintest idea how an operating system works?

    And, if they’re just a bit vague on the subject (Robert certainly is), what makes them think that any of the billions of possible OS customers should listen to their massively impaired “wisdom?”

  26. DrLoser says:

    Did the door hit you in the face again?

    Too simple.

    In the Windows example you have no discs. You’re stuck with whatever came on the system unless you buy ANOTHER copy of Windows.

    In the Linux example you have access to any number of free versions of Linux. Just pave the crapware version over and move on.

    That was just too easy.

    Maybe. I suspect it depends upon how simple-minded you are, lpbear. And let’s face it, I’m either more cynical or less simple-minded than you are.

    It’s possible to provide a “clean” set of installation discs, I agree.

    But I imagine that, were Lenovo (Lenovo Be Blessed! Lenovo Were Once The Future Saviours of the Linux Desktop!) or any other OEM to choose to sell, say, 50% of their boxen with Linux pre-installed …

    They might just be tempted to slipstream garbage into the installation disks.

    And, you know what? Joe Blow on the street isn’t going to know any different. Which suggests to me that you are either being simple-minded, or that you are offering, out of the goodness of your own heart, to spend the rest of your life educating Joe Blow.

    Good luck with that one.

  27. lpbbear wrote, “it was Microsoft who pushed the OEM’s to stop including system discs with new computers.”

    I just happened on something related to this. M$ is allowing .iso downloads of “7” in certain, very restrictive, situations: “The ISO download is for full retail copies of Windows 7 only, purchased in a shrink-wrapped box or from an authorized download site (including Microsoft itself). It won’t work with Windows 7 OEM System Builder media, which is still available for sale from online merchants.
    And not all retail keys will work. In my testing, the verification step failed and I was unable to download installation media when I used a product key from a Windows 7 upgrade edition purchased at retail. I was also unsuccessful at convincing the site to authorize a download using valid Retail keys obtained from Microsoft subscription services such as TechNet or MSDN. “

    It’s just like M$ to restrict use of the software through the EULA and access to the software through other irrelevant and arbitrary restrictions. I guess they’re trying to get more of the slaves to fall in line by being kind to some of them. FLOSS is beautiful.

  28. oiaohm says:

    Deaf Spy
    And forget about warranty, support and all these small little things people love to have and readily pay for.

    Btw, where does this wonderful conviction that common people know what an OS is at all stem from?
    Apparently you have not read the current computer warranties the OS is not covered even if the machine is Windows out box. Linux computer warranties have been this way for 6 years because of the Linux user tendency to pave over. Release of Windows 8.x saw OEM change their support conditions to match that of the Linux machines.

    OS support is extra payment option. With Dell machine comes with Windows and is on the Linux supported list you can buy Linux OS support on it. Guess what is funny its the same support contract. Yep you buy OS support and dell does not care if you are running windows or Linux. A lot of OEMS are this way these days.

    Yes the warranty and support arguement died a few years back.

  29. Deaf Spy says:

    In the Linux example you have access to any number of free versions of Linux. Just pave the crapware version over and move on.

    And forget about warranty, support and all these small little things people love to have and readily pay for.

    Btw, where does this wonderful conviction that common people know what an OS is at all stem from?

  30. oiaohm says:

    lpbbear is so right.

    Early Dell support of Ubuntu required custom install discs. This end up with client complaint after client complaint that they could not use the default from Ubuntu.com.

    Dell has tried modified Linux install discs. Result Linux consumers hate them just as much windows discs.

    DrLoser advertisement ware vendors are not stupid. They are not going to pay a OEM money when the know the result is going to be 90 percent plus there product will be removed instantly.

    Ubuntu 8.04 Dell Remix was hated. I know 7 years ago custom modifying a Linnx distribution and shipping to customers was tried by many vendors.

    And don’t you go telling me that Linux-favouring OEMs wouldn’t do such a thing. Because … they most certainly would.
    The reality is Dell and many of the netbook era vendors tried this.

    Linux users want the right to clean install. Not using OEM discs but using Distribution discs. Install crapware will see a Linux machine reinstalled. So no crapware vendor makes this any more. Yes there was advertisement ware on Linux netbooks. Old hardware from the netbook age that could have a standard Linux installed is sold out. The old Linux netbooks you still find new at places like amazon are the ones that a standard Linux Distrobution would not install.

    Linux users are willing to vote by money against crap ware infected computers that they cannot simply clean.

    You have to be a fairly dumb OEM to ignore this. Even in android the phones that cyngonmod and more popular than those that don’t.

  31. lpbbear says:

    “What on earth is going to stop you making that extra $50, which you have already proven you can make on Wintel boxen, by slapping the crapware on the Linux boxen?”

    Did the door hit you in the face again?

    Too simple.

    In the Windows example you have no discs. You’re stuck with whatever came on the system unless you buy ANOTHER copy of Windows.

    In the Linux example you have access to any number of free versions of Linux. Just pave the crapware version over and move on.

    That was just too easy.

  32. DrLoser says:

    No. There’s Youtube (HTML5) and the rest of the web. I rarely need any video not on YouTube. It’s the largest broadcaster in the world, or very near the top.

    And 90% of the world completely disagrees with you, Robert.

    The fact that there are alternatives to Flash makes absolutely no difference. 90% (and I am being very, very generous here) of the world simply does not care.

    They are content consumers. They don’t even notice. Your argument on obsolescence is therefore entirely moot.

  33. DrLoser says:

    If people wanted the crapware, they would just pay that $101.50 and carry on, but they don’t always and Dell has to give them what they want.

    You’re evading the question as usual, Robert.

    Feel free to deny that you have ever come up with the following proposition:

    “Wintel cannot compete on a level playing field against the Linux desktop, without the fact that OEMs offset the Micro$oft Tax against the installed crapware.”

    Deny that, and we go no further.

    But on the assumption that you admit it: feel free to assert the following:

    “An OEM selling a Linux desktop, without the Micro$oft Tax, does not need to charge for the license. Therefore it can sell the same hardware, with a superior operating system, at $50 less.”

    Feel free to deny that, too. Either way, it’s irrelevant to the point that both Deaf Spy and I are making:

    “An OEM selling a Linux desktop can install the moral equivalent of that $50 of crapware, and make a tidy little packet of $50 per box sold.”

    That would seem a perfectly reasonable proposition to me, Robert.

    And if Lenovo is going to risk their entire reputation (as the inheritors of the IBM ThinkPad mantle, for which they paid a pretty penny) on some stupid little trick like this — and a trick that was found out almost immediately and was promptly sat upon by an OS supplier that doesn’t fiddle around for days on end trying to work out how to deal with, say, Shellshock or Heartbleed …

    What on earth predisposes you to believe that they wouldn’t try the same trick with desktop Linux?

    Ain’t no Magic Pixie Dust gonna help you on that one, Robert.

  34. DrLoser repeated, “What on earth is going to stop you making that extra $50, which you have already proven you can make on Wintel boxen, by slapping the crapware on the Linux boxen?”

    The user/consumer is buying a PC not crapware. If your argument were true, there never would be a market for PCs by Dell with the following options:
    “Windows 7 Professional, 64-bit, English add $0.00
    Windows 8.1 Pro, 64-bit English add $0.00
    Dell Recommended
    Windows 7 Professional, English, 64-bit (includes Windows 8.1 Pro 64bit License) [Included in Price]
    Ubuntu Linux 14.04 SP1 [subtract $101.50]”

    If people wanted the crapware, they would just pay that $101.50 and carry on, but they don’t always and Dell has to give them what they want. That’s what competition gives us, real choice, not just a different choice of crapware. If Dell doesn’t offer that deal, someone else will.

  35. DrLoser wrote of Flash’s obsolescence, “Your version of “obsolete” appears to differ from that of 90+% of the rest of the planet, Robert.”

    No. There’s Youtube (HTML5) and the rest of the web. I rarely need any video not on YouTube. It’s the largest broadcaster in the world, or very near the top.

    Another example… VW Canada gave me grief when I tried to get The Little Woman to buy a diesel VW. They used FLASH all over the place and it didn’t work for me. I gave them a blast, informing them that I was not about to change my OS just to shop on their site. Guess what? Today, I can roam all over and FLASH stays out of my way. Do you think they and many millions of users/victims of FLASH figured it out?

  36. DrLoser says:

    If you can’t figure out that a clean copy of Windows on a cd/dvd should be safer than a hard drive copy you’re really clueless. How obvious does this Superfish example have to be to prove that to you dumbass?

    I’m going to ask you to exercise both your intellect and your imagination, lpbear. I have no opinion on your possession, or lack, of either. Which is going to make this a useful question, and I have no intention of adding a redundant personal insult:

    What makes you think that an OEM who would pre-install Superfish (plus the man-in-the-middle decrypt-recrypt certificate-nobbling software, which is actually a slightly different thing) on your Wintel hard disk — and potentially on your “recovery” drive …

    … Wouldn’t, otherwise, provide you with a “clean” CD/DVD copy of the OS, slip-streamed with aforesaid naughtiness?

    Because, unless I am somehow confused as to the essential difference between the D: drive and a CD/DVD drive, I don’t really see the worthless little distinction that you are attempting, valiantly, to insist upon.

  37. DrLoser says:

    Flash is now obsolete as well. Not a requirement here.

    Your version of “obsolete” appears to differ from that of 90+% of the rest of the planet, Robert.

  38. DrLoser says:

    Just to repeat Deaf Spy’s point, which doesn’t really seem to have sunk in:

    How exactly would selling Linux help? Again, I see no way why an OEM would not install bloatware / adware on Linux, if there is some tangible demand for Linux-preinstalled hardware.

    Of course, this theory is going to be difficult to prove or disprove, since there is no current tangible demand for Linux-preinstalled hardware (saving Chromebooks. They might be a good case for study). But let’s examine the market mechanism involved, shall we?

    1) A M$ license for yer average desktop/laptop comes in at, say, $50. (We’ll leave the new pricing and Windows 10 to one side for now. Let’s focus on this perfectly valid argument as of 2011 and Windows 7, just for convenience. Vary the date as you wish.)
    2) It is generally agreed that Wintel boxen are loaded up with crapware to offset this license cost, thus giving them an unfair advantage over the obviously superior Linux boxen.
    3) This means that the crapware is basically worth $50 per box to the OEM.

    Are you following my argument? (It’s pared down, but basically correct.) Good. Then let us proceed.

    4) You, the OEM, do not need to pre-install M$ Windows at a cost of $50 per box. Well, except for twenty-plus years of market demand, but we can all agree that in 2015 there is a tabula rasa and no such need or demand.
    5) You, the OEM, can therefore save that $50 and pre-install the Linux desktop instead!
    5a) This is where I’m supposed to come in as a Microsoft Troll and claim that the cost of Quality Assurance, Testing, Support and so on, not to mention lining up all the drivers and what-not, more than drowns out that $50 saving.

    Maybe it does. Maybe it doesn’t. But, you know what? I’m just going to plough straight ahead and assume that a Linux desktop from OEM “A” will cost OEM “A” precisely the same amount as a Windows desktop. It’s a very silly assumption, but where would we all be without very silly assumptions?

    Now.

    Ask yourself the following question, Robert.

    If you are a major PRC or Taiwanese or South Korean OEM selling shiny new Linux desktop boxen at, say, $250 ($50 below the comparable Wintel price in this scenario) …

    What on earth is going to stop you making that extra $50, which you have already proven you can make on Wintel boxen, by slapping the crapware on the Linux boxen?

    And don’t you go telling me that Linux-favouring OEMs wouldn’t do such a thing. Because … they most certainly would.

  39. oiaohm says:

    Deaf Spy sorry its not magic pixie dust.
    http://en.wikipedia.org/wiki/Linux_malware
    I don’t claim Linux is infection free. Man in middle crap like Superfish has appeared on Linux before and its removed by rootkit hunter and other systems. Of course this has normally not been advertising.

    Worst of all, nowadays people expect to buy a PC, which is capable of Skype, Flash and Acrobat out of the box.
    http://www.skype.com/en/download-skype/skype-for-linux/
    Skype for Linux exists. Flash run chrome under Linux. PDF support in many forms exist on Linux out the box.

  40. Deaf Spy wrote, “nowadays people expect to buy a PC, which is capable of Skype, Flash and Acrobat out of the box.”

    Well, GNU/Linux can do that out of the box. Flash is now obsolete as well. Not a requirement here.

  41. Deaf Spy says:

    How can they recover their reputation? They need some public executions and/or more shipments of GNU/Linux with FLOSS.
    How exactly would selling Linux help? Again, I see no way why an OEM would not install bloatware / adware on Linux, if there is some tangible demand for Linux-preinstalled hardware. OEMs make quite some money out of these.

    Worst of all, nowadays people expect to buy a PC, which is capable of Skype, Flash and Acrobat out of the box.

  42. Deaf Spy says:

    If something like superfish does appear on Linux it does normally appear in rootkit hunter software and chkrootkit inside 12 months of its existence.
    https://rootkit.nl/projects/rootkit_hunter.html

    Magic Pixie Dust?

  43. oiaohm says:

    DrLoser Superfish and Openssl are different grades of issues.

    Ubuntu store has already banned one software vendor. List the number vendors that Microsoft has revoked Windows from accepting there signing key on applications. The answer is zero. Microsoft is asleep at the wheel.

    Superfish is in face. Openssl issues were hidden issue because everything appear to function normally.

    Something like Superfish will not remain alive in the Linux world it will get blacklisted. This is why when Steam was OS harmful on Linux there was no option for Valve but to fix. Linux Distrobutions when they decide to blacklist you it does not matter how big your maker share is.

    Linux is open to a particular class of problem. The problem being it appears to function normally but in fact its busted. Stealth is key to malware on Linux. If not stealth malware live span will be very short.

    Remember there has been man in middle malware for Linux routers.

    Thanks to Trolls attempting to under mine Linux security Linux now has commercial finance audited teams to go looking for the function normally but broken faults. So things in the Linux world have changed since the debian openssl issues.

  44. lpbbear says:

    “In fact, yes, you would. Because I have a hard time working out what the difference is.”

    You also have a hard time figuring out how to open doors without hitting yourself in the face……basically you’re a moron. I don’t doubt at all that you’re having a hard time figuring this out

    If you can’t figure out that a clean copy of Windows on a cd/dvd should be safer than a hard drive copy you’re really clueless. How obvious does this Superfish example have to be to prove that to you dumbass?

    Of course you might be right….this IS Microsoft we’re talking about……….

  45. DrLoser says:

    You don’t have to be a brainiac rocket scientist to figure out that the move to hard drive based software delivery was opening a massive security hole that someone was bound to eventually exploit.

    But naturally you would have to be a “brainiac rocket scientist,” like lpbear, to figure out that a set of compact disks are far more secure than, say, a hard disk installation.

    In fact, yes, you would. Because I have a hard time working out what the difference is.

  46. DrLoser says:

    They need some public executions and/or more shipments of GNU/Linux with FLOSS.

    I’m going with the public executions thing. How hard could that be? Just sedate the perps, put them in a cage, douse them with gasoline and set fire to them.

    God knows, the world doesn’t need any more GNU/Linux with FLOSS. Bring those public executions on!

  47. DrLoser says:

    Deaf Spy wrote, “what and who will stop OEMs from porting Superfish to Linux?”

    Users, developers, various distros, etc. would put any OEM who tried that out of business pretty rapidly.

    I doubt that very much, Robert. After all, Debian spent five whole years throwing insecure certificates around like confetti, and that wonderful bunch still seems to be in business.

    And it doesn’t really seem that Lenovo are about to go out of business any time soon. Although, I would agree with you. They bloody well should do. Particularly after
    trying to fob the public off with all that Linux desktop crap you were earlier so proud of.
    Now, about Superfish. It’s actually an idiot extension that you can download for yourself, if you want to. I wouldn’t recommend it, because it acts as a man-in-the-middle using … well, I’ll leave you, Robert, to point out how the particular software in question could never be inflicted by, say, Dell or another OEM on a Linux Desktop bought in-store. Because, obviously, it would be detected instantly by mechanisms that you are clearly capable of pointing out.

    Except … I don’t really think you can. Feel free to give it a go, though. Start with the Four Freedoms, and work your way down the network stack.

  48. oldfart wrote, “Microsoft did not put a gun to Lenovo’s head to pull this stunt, and they did shut it down as soon as it became clear to them what was going on.”

    If you think M$ doesn’t watch OEMs like a hawk, I have a bridge I can sell you. M$ actually buys retail product to check what OEMs put out. That’s documented in the US DOJ v M$ case and recent M$ v illegal copiers actions. If it’s anything short-changing M$’s cash cow, M$ is on the OEM like a swarm of locusts. OEMs release nothing with M$’s product without M$’s OK. It’s with M$’s approval or no licence to make a copy. With much of the world locked-in to M$, OEMs don’t have any wiggle-room. M$ just doesn’t care much about security. All the security-features we see are just selling-points demanded by M$’s salesmen. The basic insecurity of an OS designed by salesmen persists. There’s nothing much M$ can do about that without offending everyone they’ve convinced all these years that other OS was a reasonable product.

  49. lpbbear wrote, “Microsoft is ultimately at fault here”.

    Don’t forget, M$ utterly controles the price the OEM pays for that other OS. M$’s price + whatever markup the OEM and retailer manage make an OEM’s products uncompetitive on the market once GNU/Linux or Android/Linux become involved. That’s not universal yet but the OEMs are mostly global corporations and they have to make money in every market or they lose market share, investor-confidence, brand-recognition etc. That’s one reason M$ is switching to subscriptions, because they can afford to offer licences for ~$0 and still be profitable. In the transition, many eggs will be broken. M$ has to move fast enough to keep the cash-cow working but slow enough that no OEM jumps ship. All of them are just dipping their toes in the waters of FLOSS at the moment. Once the first one jumps more will follow. In a weird way, competition is finally working despite every attempt M$ made to thwart it.

  50. lpbbear says:

    “Fully to blame? I think not sir. After all Microsoft did not put a gun to Lenovo’s head to pull this stunt, and they did shut it down as soon as it became clear to them what was going on.”

    Yes, ultimately Microsoft IS fully to blame.

    It was Microsoft who pushed OEM’s to not include operating system discs with new computers.

    Microsoft’s reasons were greed based. By not including discs Microsoft hoped to cut down on the use of those discs “illegally”. Additionally I have no doubt Microsoft was aware that the move to hard drive based software would inevitably end up with a percentage of users having to repurchase another copy of Windows when issues like hard drive failure left them without their “legally” purchased copy of Windows. Microsoft gets paid twice by unfortunate consumers for the same software. Don’t tell me it doesn’t happen. Any service tech can tell you it does….and fairly often.

    You don’t have to be a brainiac rocket scientist to figure out that the move to hard drive based software delivery was opening a massive security hole that someone was bound to eventually exploit.

    In my opinion the right way to treat consumers is to include a set of system discs with EVERY new computer. If its a Windows based computer that set would include a clean copy of the Windows operating system the consumer paid for, a driver disc, and possibly a disc that includes all the fru-fru crap software OEM’s tend to bundle into new systems. That is the ONLY way to insure this kind of thing doesn’t happen again in the future.

    So, yes, Microsoft is ultimately at fault here.

  51. oldfart says:

    “Microsoft evades responsibility for this issue even though they are in my opinion fully to blame since it was Microsoft who pushed the OEM’s to stop including system discs with new computers.”

    Fully to blame? I think not sir. After all Microsoft did not put a gun to Lenovo’s head to pull this stunt, and they did shut it down as soon as it became clear to them what was going on.

    I think the idea for a class action suit would be a good one, if only top send a message to OEM’s tha this kind of crap will not be tolerated.

  52. lpbbear says:

    Situations like Superfish are only possible because new computer systems no longer include a set of system discs for system restoration. System discs would be the Windows operating system, associated software, and drivers. Without those discs the customer is at the mercy of the PC manufacturer/OEM who can for whatever reason slip any number of similar security compromises into a system and its hidden hard drive restore partition.

    Microsoft evades responsibility for this issue even though they are in my opinion fully to blame since it was Microsoft who pushed the OEM’s to stop including system discs with new computers.

    I see a class action lawsuit has been started against Lenovo for this crap. I also see talk of how to remove Superfish from an existing system but what I don’t see so far is a mention of how existing customers are going to also remove it from their hidden hard drive partition. Without that solution anytime someone restores their system from the hidden hard drive restore partition they’ll get Superfish all over again.

  53. Deaf Spy wrote, “what and who will stop OEMs from porting Superfish to Linux?”

    Users, developers, various distros, etc. would put any OEM who tried that out of business pretty rapidly. Lenovo is in deep doodoo. This will affect next quarter’s sales for sure. I would not be surprised if they drop out of the top 5 on IDC’s list. How can they recover their reputation? They need some public executions and/or more shipments of GNU/Linux with FLOSS.

  54. oiaohm says:

    http://www.itworld.com/article/2887635/secure-advertising-tool-privdog-compromises-https-security.html

    Yes superfish owns to a group of Windows infecting man in middle proxy solutions that were not correcting informing users. Question how long before Windows Defender get all these added.

  55. oiaohm says:

    http://blogs.gnome.org/uraeus/2015/02/23/reliable-bios-updates-in-fedora/

    The era of needing a particular OS to update your motherboard firmware is coming to the end. Yes this is the end of another set of Windows only tools.

  56. oiaohm says:

    Deaf Spy you are aware that Superfish was added to Open source anti-malware software list in 2012 to protect Windows Machines.
    http://malwaretips.com/blogs/superfish-window-shopper-adware/
    Was in most Anti-Malware software by the start of 2013. Just Microsoft anti-malware solution was incompetent so OEM was able to install it.

    Yes the reality here superfish should have been prevented from the get go by Windows defender so meaning no possibility of deal between superfish vendor and the OEM.

    If something like superfish does appear on Linux it does normally appear in rootkit hunter software and chkrootkit inside 12 months of its existence.
    https://rootkit.nl/projects/rootkit_hunter.html

    Deaf Spy proper managed Linux systems were rootkit hunting is performed something like Superfish does not stand a chance in hell.

    Dell with is client reporting software on Linux handing over too much information was first to answer serous questions. Yes a Minor infraction will see the Linux world serous-ally question.

    Its like the difference between steam on Windows and Linux deleting system files. Under Linux the Linux users straight up demanded steam be fixed remember DeafSpy yet Windows user were meant to remember how todo things correctly.

  57. Deaf Spy says:

    Just wondering, Pogson, what and who will stop OEMs from porting Superfish to Linux?

Leave a Reply