Lenovo caught breaking Windows PC security with Superfish adware

Lenovo Poster tecake

One of the largest PC manufacturing company, Lenovo has been accused of installing spyware and adware on the Windows computers before they leave the factory. According to the reports, company’s software called as Superfish, which allows the user to search visually for the content, is an adware.

Superfish pushes the advertisements inside the web content over an encrypted network, however, since it is not possible to do that without breaking the security, the software breaks the mechanism that is used by majority of computers to protect themselves while browsing.

Superfish can be uninstalled, but then it leaves a hole in the security which makes the user vulnerable to the attacks on public Wi-Fi networks. Users have been complaining about the Superfish on the company’s forums, however, it took few months for the company to respond on it.

The Chinese firm said that the company has stopped installing the Superfish on new computers until a workaround is figured out for these issues. Lenovo representative said,”“To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually,” the representative continued. “The technology instantly analyses images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.”

“When using Superfish for the first time, the user is presented the Terms of User [sic] and Privacy Policy, and has the option not to accept these terms, ie Superfish is then disabled.”

However, users reported that even when they decline the license, Superfish is still active, and when removed it leaves an open hole for the eavesdropping.

On every computer, Lenovo has also installed a “root certificate” that allows the company to insert advertisements on the secure pages. These certificates allow the company to replace the original website certificates with its own.

About the author

Rohan Ganguly

Analytical and detail-oriented technology journalist, who is having a vast experience in writing news analysis. He is best known for breaking the news on burning issues and his love for nature.

Add Comment

Click here to post a comment

You Might Also Like