One of the largest PC manufacturing company, Lenovo has been accused of installing spyware and adware on the Windows computers before they leave the factory. According to the reports, company’s software called as Superfish, which allows the user to search visually for the content, is an adware.
Superfish pushes the advertisements inside the web content over an encrypted network, however, since it is not possible to do that without breaking the security, the software breaks the mechanism that is used by majority of computers to protect themselves while browsing.
Superfish can be uninstalled, but then it leaves a hole in the security which makes the user vulnerable to the attacks on public Wi-Fi networks. Users have been complaining about the Superfish on the company’s forums, however, it took few months for the company to respond on it.
The Chinese firm said that the company has stopped installing the Superfish on new computers until a workaround is figured out for these issues. Lenovo representative said,”“To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually,” the representative continued. “The technology instantly analyses images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.”
However, users reported that even when they decline the license, Superfish is still active, and when removed it leaves an open hole for the eavesdropping.
On every computer, Lenovo has also installed a “root certificate” that allows the company to insert advertisements on the secure pages. These certificates allow the company to replace the original website certificates with its own.