09-17-2010 12:34 PM
I do not understand why Lenovo is using anrdoezrs.net to assist in processing links to lenovo's website from the Toolbox.
I encourage others to verify this using a packet analyzer as well.
The LT Toolbox DOES submit http requests to anrdoezrs.net. I verified this by running a packet analyzer while clicking the link to download Rescue and Recovery software from the Toolbox and was able to review the process that the Toolbox uses to attempt to download software or link to information at lenovo's website.
Step 1. Upon clicking the link in LT Toolbox, the Toolbox software sends an HTTP request to a proxy server at amazonaws.com.
Step 2. amazonaws.com replies with an XML file that contains multiple URL values. Which one the Toolbox uses appears to be related to the user's country and language. Each URL is to anrdoezrs.net with a query string that appears to be a URL to lenovo's website.
Step 3. The toolbox then uses the computer's web browser to connect to the URL for anrdoezrs.net referenced in the XML file. For example: (http://www.anrdoezrs.net/click-3719336-10429688?UR
Step 4. This is where it gets interesting: If the URL redirect provided is valid the browser never displays the link to anrdoezrs.net and the software download begins. However, if the redirect is invalid, the web browser displays the "Object Not Found" page at anrdoezrs.net and the software (or information if it was a link for information) fails to download.
1. Many of the links provided in the Lenovo ThinkVantage Toolbox software do exactly the same steps as posted above.
2. I tested this over a 96 hour period. During that time, the only time my computer attempted to connect to anrdoezrs.net was when I specifically clicked a link in LT Toolbox software.
3. I honestly do not believe this is doing anything malicious. However, I was surprised to see that the developers at Lenovo designed the Toolbox software to work this way. Why would they want to use anrdoezrs.net anyway?