Ever since the scandal where they changed the root certificate to enable inserting ads into Https - and worse still, IIRC made them the same (?) meaning anyone who figured it out could intercept any other affected-laptop-user's Https - I've felt some caution about Lenovo laptops.
8 years seems a short time to go, "eh, I guess they won't do it again"
So does 18 years, for that matter, but I suppose more people have changed at the company in that time. I haven't heard about the CD rootkit scandal; what was that?!