Bad news for anyone thinking of buying a Lenovo computer after it was revealed that the company is installing what amounts to adware on each and every machine it ships. More details on this development can be found right after the break.
Activated during its initial setup, the software known as Superfish goes off and injects its own advertisements into things like Google search results. It’s for this reason that popular adware blocking and cleaning software labels Superfish as adware and recommends its immediate removal.
Lenovo is aware of the software and indeed defends its use. Lenovo community administrator, Mark Hopkins, has said that the software is installed as it helps Lenovo users discover products in a visual way, presumably thanks to the big image-based ads that it pushes at users. Lenovo has said that it will temporarily suspend the installation of Superfish following a backlash from customers, but that only seems to be the case until the people behind the adware make some changes.
“We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.”
Unfortunately, uninstalling the adware from machines that are already suffering from its affects may not be as easy as we would hope. Claims have surfaced that the app actually installs its own self-signed certificate which effectively gives it the ability to snoop on secure connections including the ones used by your bank.
The self-certification is very similar to what is known as a man-in-the-middle attack, and is one reason why many believe that there could be much more to Superfish than simply injecting ads into search results.
Right now it seems that both Internet Explorer and Google Chrome browsers are affected, though those using Firefox are safe because the app uses its own certificate store.
Expect to hear more on this story as Lenovo tries its best to get out in front of its own, self-created mess.
What’s your take on the matter? Do you think Lenovo is the only company that practices this sort of thing? Do share with us in the comments section below.