Lenovo has recently been in hot water due to its use of Superfish, or what it calls “shopping aid” software, that it pre-installed on some of its laptops between September and January. It had originally said that the software was only being pulled temporally, while it waited for a new version from Superfish, that is now no longer the case, with Lenovo CTO Peter Hortensius saying that they have learned from their mistake.
“We should have known going in that that was the case,” Hortensius said. “We just flat-out missed it on this one, and did not appreciate the problem it was going to create. We are taking our beating like we deserve on this issue”. The Superfish software used a signed certificate to intercept and monitor all web traffic, even HTTPS secure traffic, so that it could could then present deals to the end-user.
The problem here is that the signed certificate could be used to intercept any and all web traffic, including banking information and secure shopping sites. While this is not something that Superfish directly intended, security researchers have since used the signed certificate to demonstrate how an attacker could, not only intercept web traffic for anyone with the adware installed, but they could also use it to install malicious applications that would appear signed and safe to the user.
Lenovo no longer installs the software and it has now provided steps to remove it from affected laptops. Microsoft Defender antivirus is also actively removing the software and the offending security certificate. Hortensius went on to say that “We are not just curled up in a ball, we are taking real action to make this right with our customers.” Hopefully this action is not too late for the Lenovo customer affected by this.
Discuss on our Facebook page, HERE.
KitGuru Says: It's bad for the whole Windows ecosystem when a big laptop producer goes and does something stupid like this. Hopefully Lenovo have actually learned from their mistake and other PC manufacturers take note and stop installing bloatware that gives their computers a bad name. What is the worst experience you have had with bloatware?