If you have recently bought a Lenovo machine, it might contain an Adware called Superfish. Aghast security experts tweeted that some of the Lenovo machines shipped in the month of January still had the Superfish software installed.
Lenovo installs Superfish Adware
The tweets showed that the adware allows third parties to steal your personal and sensitive data stored in the computer system.
Lenovo was paid money to install malware by a company that couldn’t pay a developer who knew what they were doing, tweeted @SwiftOnSecurity.
This man-in-the-middle adware can breaks HTTPS connections.
This is a problem. #superfish pic.twitter.com/jKDfSo99ZR
— Kenn White (@kennwhite) February 19, 2015
However, after getting many customers’ reports on company’s forums, Lenovo removed Superfish from its computer systems but a few machines still seem to have the software installed.
A report in Lenovo Newsroom states, “With the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in the market, we have requested that Superfish auto-update a fix that addresses these issues.
As reported by the users, adware Superfish injects third-party ads into their Google searches without their permission. Some users on Twitter also pointed out that the software creates spurious SSL certificates allowing the third parties to monitor secure connections. A user has recently reported in the Lenovo Forum that the Superfish software injects some unusual JavaScripts in the web browsers. You can read all the related tweets here.
Lenovo issued a statement:
Superfish was previously included on some consumer notebook products shipped in a short window between October and December to help customers potentially discover interesting products while shopping…We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns.
Lenovo has also said that they have stopped preloading Superfish, and that they “will not preload this software in the future. They have said that it has shipped some PC’s with Superfish between September and December of 2014, before it was discontinued owing to customer complaints. It is estimated that Lenovo sold almost 16 million PC’s in the last quarter and the majority of them could have Superfish installed.
They have also posted removal instructions for VisualDiscovery Superfish adware, but simply uninstalling it does not really resolve the issue! See this post which shows how to completely remove Superfish malware.
Crapware has always been the bane of Windows computers, and could well be the main reason, Windows market share could fall over a period of time. A consumer buys a new-n-shiny Windows computer, all expecting it to be running fast-n-smooth, and what he sees instead every time he boots, are plenty of pop-up’s and reminders, irritating him no end – all thanks to the installed crapware. Lenovo installing Adware seems to be taking things a bit too far!
Tsk tsk, Lenovo – all this for a few dollars more!?