Lenovo found guilty of shipping new PCs with Superfish adware

3

Lenovo has been under fire today after it was discovered that it has been shipping new PCs with pre-installed adware called Superfish.

 

“Superfish” adware installed on all new Lenovo PCs

Have you recently bought a Lenovo computer? You ought to check if it has any adware on it, as it seems that the Chinese computer company has been shipping all new models with the Superfish adware program.

Users on official Lenovo forums recently noticed that search results (e.g. in Google) were being injected with sponsored links (which is pretty much what happens when a machine becomes infected with adware or spyware), going as far back as September 2015, and some users even report that websites such as JetBlue wouldn’t be displayed properly at all.

RELATED: Lenovo Sets Its Eyes on Thailand’s PC Market

It seems that’s not the only issue, however. Facebook engineer Mike Shaver recently discovered that the program to blame, Superfish, also installs a man-in-the-middle certificate which can allow third parties to examine which secure websites you visit, too – such as your bank…

Lenovo Superfish Twitter

Lenovo has just admitted that it did install Superfish on its computers (including the G40, the Y40 and the Z50) and said that it had temporarily removed it from new products until the Snapfish developers could release an update to remedy any issues (even though the issue in the first place is that Snapfish is on the machine!).

Lenovo’s own forum post reads:

Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.

To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.

The Superfish Visual Discovery engine analyzes an image 100% algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.

Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.

PC manufacturers all guilty

Lenovo isn’t the only manufacturer which pre-installs lots of unwanted software (usually called bloatware) on its computers, but this looks like a step even further than that. Tech site The Next Web also reports that most antivirus software classifies Superfish as a virus and suggests that users remove it.

Share.