Um, this is missing even a link to an explanation of what the issue actually is, seems to just assume the reader knows. I do not and googling isn't working out. Am I being dense?
Someone extracted the certificate from superfish and found that the key was protected with a password. The password turned out to be "komodia" which is a company that makes an ssl redirector. this has lead to people looking at komodia certificates.
Komodia is a company that makes an SSL hijacking product, as described on their site:
Our advanced SSL hijacker SDK is a brand new technology that allows you to
access data that was encrypted using SSL and perform on the fly SSL
decryption. The hijacker uses Komodia’s Redirector platform to allow you
easy access to the data and the ability to modify, redirect, block, and
record the data without triggering the target browser’s certification
warning. [1]
A necessary feature of such a product appears to be the inclusion of the private SSL key in any product using their hijacking tech and the installation of komodia as a valid certificate in the OS certificate store. Therefore, anyone who wants can buy a product using Komodia, extract the private SSL key, and MITM at will any computer infected with any product using Komodia software.
Any website protected by SSL where that SSL authority isn't pinned by chrome (do other browsers have such tech?) is now trivially vulnerable to SSL hijacking by, eg, anyone in the same coffee shop or local network. And, of course, between that user and their destination site.
The current kerfuffle is due to the fact that Lenovo was caught pre-installing Superfish, an adware/spyware product -- for the users benefit! -- that, in turn, installed the Komodia ssl hijacking toolkit and broke SSL on any such infected computer.
The race is now on for every goddamn script kiddie in the entire world to the bank accounts of any suckers that trusted Lenovo. Go up to Seattle where windows laptops are more common, roll into a coffee shop, and I bet you can earn yourself some bank account logins.
ps -- this is a reason people buy macs. You get a vanilla OS install; that's currently only really available for Windows afaik from the Microsoft store.
I've barely touched a Windows machine in many years, so I'm a bit out of touch. How difficult is it to do a clean, vanilla install on one of these computers these days? I imagine that's the first thing you'd want to do after pulling it out of the box.
It's trivial to do even for a complete non-techie (just click next, next, ok, type something, next, next, done) and has been for a long time. The problem is that if you bought a computer with Windows that has bundled crapware, you won't get the vanilla Windows - the installation/recovery medium will have the same crapware bundled. You need to get your hands on a clean Windows, which usually means buying it (or pirating it, as was common in the past - yet another case where what you pirate is better for you than what you buy).
The last few times I've tried to install Windows on things, it was actually surprisingly horrible. The problem is, the generic install media has basically no drivers on it, so you have to go fetch it all manually, from all the respective manufacturers' web sites. It is, of course, fairly hard to download your network driver without a network driver, so you'd better have another computer and some USB storage around. Also, many of the drivers come only in the form of installer bundles that are themselves hundreds of megabytes and full of crapware.
In comparison, installing Ubuntu is a breeze, almost all the drivers you need are included with the install media and installed automatically, etc. Unless you have brand new, just-released hardware, it "just works", and even with brand new hardware there tend to be guides on the internet that are still easier than getting drivers installed on Windows.
Actual thing that happened: My mom said she needed to reformat an old laptop but didn't have the Windows media and wondered what to do. On a lark I suggested installing Ubuntu. A few weeks later, having not heard anything, I asked what happened to the laptop. She said she installed Ubuntu and it worked great. Never asked me a single question.
I've been amazed for years at how inferior the process of setting up a new Windows machine is to Linux, especially after hearing for years about how Linux supposedly was difficult compared to windows.
Not just the drivers, but pretty much everything I need for a new Linux system is available through apt. For windows, one must go to a dozen websites, download packages, and click next 10 times in each idiosyncratic install "wizard".
I had a similar experience with my mother, as well – I was constantly having to intervene with tech-support before I installed Ubuntu on her machine.
> I've been amazed for years at how inferior the process of setting up a new Windows machine is to Linux, especially after hearing for years about how Linux supposedly was difficult compared to windows.
That's because it is. Windows: do nothing, it's already installed. Linux: you have to install.
People compare what they have to do to get Windows on a new machine, which almost always (unless it's an Apple) already has it installed, with what they have to do to get Linux on a new machine, which almost always requires it to be installed. Even the simplest installer will be more difficult than "nothing".
If computers didn't come with any preinstalled operating system, the general opinion would be different.
(That said, most of the "Linux is difficult to install" sentiment is probably either based on outdated information from the time when you had to manually configure everything, or someone who had difficulties because of unsupported or poorly supported hardware.)
Sure, I agree with that. People who believed Linux was difficult to install rarely tried the same process with a Windows CD. Back in the day, I had plenty of mysterious, unsolvable issues like reboot loops trying to install Windows 2000 and 98.
I'm more thinking about setting up a new system. Whether it's Windows or Linux, I need to obtain things like an FTP program, a photo editor, a torrent manager, firefox, and so forth. It's a lot easier on Debian than Windows because you can get all of those in 5 minutes from the command line.
I wonder how long ago were you trying that. Since Windows 7 all drivers download themselves via Windows Update. So as long as you're not using a bootleg CD key for your Windows, it should install as smoothly as Ubuntu, only with more stuff working OOTB.
I would have to agree with the ease of loading vanilla windows. I've done it quite easily with both an Alienware 14 (2013) and a Sony Vaio that is 4 years old. I downloaded the proper copy of Windows from the MS site, which was Win 7 Ultimate 64bit for the Sony, and make a disk or usb stick. Then it was a few prompts and that was it. Instead of letting Windows Update load the drivers, I found my specific build on the Sony site with the correct drivers for all the bits and pieces. I did not install any of the free software, or Sony-specific software, which was easily to discern on the downloads page. Same for the Alienware. BTW, I have installed, used and programmed on OSX, Minix, FreeBSD, Ubuntu, Backbox, and others. I find the Windows/Linux/BSD/OS X comments on usage to be about preference rather than actual steps involved.
EDIT: I had the OEM Product Key on the Sony and AW, and they both registered fine without a problem, no need for pirated versions or any taxes.
Microsoft actually lets you download install media for Windows 7 and Windows 8 these days. You just need the license key. I haven't tried that for OEM, though.
Some people are saying that Lenovo's UEFI only allows an re-install from the Lenovo-provided Windows disks, otherwise it will show the Windows piracy warnings after a few weeks. However, I suspect that falls in the category of First World problems atm.
How should the UEFI cause the piracy warning to be displayed? Much more likely: Those people got their 'other' installation medium from ~somewhere~ and the activation failed.
Booh for Lenovo's actions and a crappy recovery medium, but I highly doubt that _this_ is actually more than FUD.
For someone who has no experience and cannot count on some knowledgeable help, it's not trivial but they usually end up using the computer with the preloaded crapware without really noticing anything.
For most of us hacker news reader, it's nothing out of the ordinary. It can be a little bumpy once in a while (UEFI sometimes) and it's usually faster to simply take 30 minutes to uninstall the crapware.
Personnally I start by imaging the hard drive, then I wipe ip and install whatever is required at the time usually a gnu/linux flavor or a windows 7.
For people reading this, probably not hard, merely annoying. Though note that you may have to pay for the install media; the recovery disk / partition is infected with the same adware/spyware that came preinstalled.
For most people, it's not going to happen without help.
Don't you actually need to buy a new license? I don't think you can activate any 3rd party installer (say downloads via microsoft.com, making an usb key) with the oem serial? Not sure though, the only windows license I'm currently using isn't OEM, it's a full 8.1 pro license.
This does sound like a good argument for wiping the OEM windows 7 pro partition on my laptop, and install a windows 10 trial or something (I currently just run Debian GNU/Linux on it -- but it's technically dual-boot).
Dell is about the only manufacturer that will let you get generic install DVDs. They use a bios based licensing system these days so you don't even have to deal with those issues so much.
Don't know why you are downvoted. Before I switched to Mac (now I know what a good choice I made!), I find that installing fresh Windows without piracy is incredibly hard. The so called OEM embedded serial key works only sometime; Other times, the fresh Windows will ask me to buy and activate it. Utterly confusing even for a techie like me.
Dealing with the windows tax crap is hardly news, buying new overpriced hardware to benefit from a golden prison is neither an acceptable solution for somewhat facing the issue nor what a techie would do.
The easy option is to phone microsoft support and explain the problem, you most probably will be given a new valid key. Other options for techies includes using OEM install medium or installing a free software OS.
Nowadays there's no licence key to type anymore, it's included in the hardware sold with windows 8 (which is worse).
