Saturday 28 February 2015

Superfish? Never Been a Problem for Us.

If you've been following the tech news this week you will have noticed a breaking story about Lenovo bundling malware with its newlaptops. I think in many ways this is quite a sad story, because for a reputable company to ship laptops which include software like Superfish is a tragic indication of where the industry is at the moment.

Superfish is a piece of software that would euphemistically describe itself as something that enhances your web experience, and it does this by inserting targeted advertising directly into webpages that you are viewing. The average user won't even notice the presence of the software, and will assume that the advertising is embedded in the webpage itself, and it's the mechanism whereby this is achieved that is particularly scary. Without boring you with the technical details, what the software does is inject its own content directly into the data from websites you are visiting, and it's a technique that is also used in something called "man in the middle" attacks, where hackers use the same technique to embed password capture elements into, for example, your online banking website.

This in itself is frightening enough, but because the Superfish software was poorly secured a hacker could hijack the program and use it to fundamentally compromise the security of your computer, so that you next visit to your online bank might actually take you directly to a site in Russia where your banking details would be used to empty your account in pretty short order, and because you're going to see that green certificate flag next to the website address in your browser, your will have absolutely no idea that this is happening.

This isn't actually a new story, with Superfish being a regular topic of conversation in the Lenovo help forums over the last few months, and once the vulnerability was exposed Lenovo were quick to pull the software from all new laptops. What we don't know is whether its inclusion resulted in any real-world attacks.

You might be wondering why Lenovo were bundling this software in the first place, and the reason is quite simply because of the microscopic margins on consumer laptops. When manufacturers may only be making a profit of $5 on every laptop they sell, the temptation to include third-party software (for which they paid) is a strong one. That's why most new consumer laptops come bundled with all sorts of software that, if you know what you're doing, you will remove as soon as you turn on the computer.

This is a practice that's been going on the decades in what many see as a race to the bottom, and we've even created a word for it in the industry; crapware. You are statistically likely to be using a computer that still contains crapware that the manufacturer was paid to install. It's a business model that sees companies such as McAfee and Norton enjoying a far greater share of the antivirus market than they should based on the technical excellence of the products, so clearly it's a sustainable business model for some, and if at the end of the day it means that consumers are able to buy excellent laptops like the £300 LenovoEssential B50-70 then I've no problem with that for reasons I've given below.

So what should you, as a Computer Angels customer do? Well, if you bought your laptop through us, or if we prepared it for you then the answer is absolutely nothing. That's because the first thing we do when we’re preparing at Lenovo laptop for use is wipe the hard drive clean and reinstall everything from scratch. Not only does this removes the risk posed by this crapware, it also substantially increases the performance of the computer.

And if we didn’t prepare your laptop for you, and you’re worried that you might have a copy of Superfish lurking somewhere on your hard drive you can check for it here.

Friday 20 February 2015

Rotten Apple

Today the Apple online store refused to sell me a laptop.

I was more than a little surprised when this happened because I'm clearly not from North Korea, and as a regular Apple customer I really didn't foresee any problems with my purchase. My mistake when I tried to telephone in my order was in telling Apple that we, a business, were going to resell the laptop to a customer. Apparently Apple doesn't allow this, though whether they can legally refuse to sell me a laptop on this basis is an altogether different question.

As a business we regularly act as resellers of hardware. We are for example Dell Partners, and we buy Dell hardware in our own name which we sell on to customers, often at cost if it's a bespoke order, charging only for the time it takes us to specify and procure the hardware. This model works extremely well for some of the larger orders that our customers want to place, particularly ones involving servers, because our customers don't have to worry that we are over specifying the hardware in order to increase our margins. It's a model that is quite unusual because most companies see large hardware orders as extremely attractive business; we on the other hand would rather concentrate on the service we are offering, and we are also avoiding the temptation of simply becoming box shifters. If you have visited one of our service centres you'll also see that we keep Dell computers in stock, and you're buying one of these you'll find that our price is generally less or equal to Dell's consumer price, because Dell allow us sufficient profit margins to justify holding stock.

If a customer comes to us and wants to buy an Apple computer we advise them to buy directly from Apple. We have explored the benefits are becoming an Apple reseller, but the margins that Apple allow resellers are ludicrously small, and certainly don't compensate us for the responsibilities we take on as a retailer under the Sale Of Goods Act. It therefore makes sense for us to advise customers to purchase directly; at the end of the day we are a service company and it's our expertise in preparing computers and migrating data and software that customers pay as for. We do the same for other brands that are aimed at consumers, and therefore are sold at extremely tight margins; our favourite budget laptop at the moment is the Lenovo B50-70 which offers a solid specification at a very reasonable price.

There are however some customers who are reluctant to either shop online, even when we’re standing next to them telling them which buttons to press, or who don't want, or are unable to visit a physical store, and in this case we offer them the option of ordering through us because that's what a good value added service provider should do.

As a business, Apple retail stores will generally allow us a discount of around 5% on new computers, and we explain to our customers that we will take this discount to cover our expenses in making the purchase, as well as the responsibilities we undertake as retailer (if there are any problems, we, not Apple are legally their first port of call). At the end of the day the customer is happy because they are still only paying the price that Apple would have charged them had they bought directly, and we’re happy because our customers are happy. As for the onus of being the first port of call when things go wrong, we're quite happy with this and in most cases would rather our customers called us before calling the manufacturer, as we're probably going to provide a better level of service.

In the end I'm happy to report that everything worked out nicely; I phoned the nice people at my local Apple store in White city, and they were more than happy to let me place an order. I'm not going to make any comments about organisational dysfunction, but isn't it nice to know that you can't beat your local retailer