The price of Windows laptops have come down for many reason. With the recent launch of Windows 8.1 with Bing, manufacturers no longer have to pay a royalty to Microsoft if they meet certain hardware requirements. Combine that with the ever-increasing revenue streams for manufacturers to place a bunch of garbage software and offers on new PCs, and the actual machine becomes inexpensive to users. Well, those exact pieces of software has enraged Lenovo customers and concerned security experts.
Superfish, a piece of software that comes pre-loaded on almost every Lenovo laptop from September 2014 up through January 2015 not including Thinkpads, is essentially adware that displays "relevant shopping advertisements" to consumers, even when they're on secure websites. It basically can be considered a hijacker of sorts, routing traffic through a certificate that allowed Superfish to see your traffic, and then display the ads. On Internet Explorer and Chrome, Superfish would even inject third-party ads into Google search results, without the end-user's permission to do so. As you could imagine, all of this is a potential problem and a huge security risk, especially if a firm leaks a finds and publishes a password that could let you unlock the certificate and bypass any encryption on your computer. And that's exactly what happened on the heels of Lenovo's forums filled with customer complaints. The password, by the way, was contained in the program's active memory and was no challenge to find and retrieve.
Obviously Lenovo was very concerned upon discovery of this news and took immediate action, right? Not exactly. The company first published a statement saying that they thought users would love to have this installed on their machines, and that it was "to help customers potentially discover interesting products while shopping." A noble idea in theory, yet clearly terribly implemented. After the company's initial response, Lenovo then posted a follow-up statement.
Lenovo has also issued a removal tool to fully get rid of the software, as uninstalling won't completely remove it. Those unsure if the removal tool actually works can run a test created by researcher Filippo Valsorda. Lenovo is also working with Microsoft and McAfee, and products by those companies will automatically detect and remove the software in most cases.read more...