Lenovo used Windows anti-theft feature to install persistent crapware
Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed.
The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that “most” is not “all.” Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, calling the feature the “Lenovo Service Engine.”
Lenovo’s own description of what the software did differs depending on whether the affected system is a desktop or a laptop. On desktops, the company claims that the software only sends some basic information (the system model, region, date, and a system ID) to a Lenovo server. This doesn’t include any personally identifying information, but the system ID should be unique to each device. Lenovo says that this is a one-time operation and that the information gets sent only on a machine’s first connection to the Internet.