Lenovo slipped ‘Superfish’ malware into laptops
Computer maker Lenovo has been shipping laptops prepackaged with malware that makes you more vulnerable to hackers — all for the sake of serving you advertisements.
Made by a company called “Superfish,” the software is essentially an Internet browser add-on that injects ads onto websites you visit.
Besides taking up space in your Lenovo computer, the add-on is also dangerous because it undermines basic computer security protocols.
That’s because it tampers with a widely-used system of official website certificates. That makes it hard for your computer to recognize a fake bank website, for instance.
It’s a nasty trick — the same one that the in-flight Wi-Fi service Gogo was caught doing last month.
“This is exactly what bad guys do with trojans and other malicious software to trick users to access fake sites to surveil/monitor private communications,” said Kevin Bocek, an executive at cybersecurity company Venafi.
Customers started spotting this on their Lenovo computers in mid-2014.
After facing a fierce backlash by customers and computer security experts this week, Lenovo on Thursday acknowledged as much.
“User feedback was not positive,” so Lenovo stopped preloading the software on new computers in January, a company spokesman said. Lenovo also promised it “will not preload this software in the future” and said it disabled the feature on its servers, which essentially kills the program on everyone’s computer.
The company initially claimed it only included Superfish on “some consumer notebook products shipped in a short window between October and December.” When CNNMoney noted that customers started complaining about this feature earlier than that, Lenovo acknowledged that factory installations of Superfish started back in September.
But questions remain. It’s also unclear which exact laptop models were affected. A Lenovo representative said the company could not immediately answer these questions.
So, what was the point of the “Superfish Visual Discovery” software? It makes it easier to shop for deals. The program analyzes images you see on the Web and presents similar products that might have lower prices.
Lenovo stressed that the program did not “monitor user behavior” or record user information.
“The relationship with Superfish is not financially significant; our goal was to enhance the experience for users,” the company said in a statement. “We recognize that the software did not meet that goal and have acted quickly and decisively.”
To be completely safe, experts usually advise that users reinstall a fresh new operating system. Lenovo customers have already paid for Windows in their laptops, so they will have to shell out another $120 for a copy of Windows 8.1.