Lenovo has been silently installing adware on PCs for some time

19 Feb 2015

Chinese computer producer Lenovo is facing a PR crisis after it was found to be installing adware, known as Superfish, in the factory to be sold on to consumers activating at first launch.

The annoying adware has been found to come as a factory installation that directs Google searches and other websites to pop up with third-party adverts, obviously without the user’s permission.

According to The Next Web, a number of digital sleuths have even found that Superfish assigns itself certificate authority on the computer allowing it to monitor secure connections and other sensitive information which can then be passed on to malicious parties, known commonly as man-in-the-middle attacks.

Despite only receiving media attention now, Lenovo owners have been aware of Superfish and its existence on laptops since the middle of last year where owners of the laptops began reporting on forums of its existence while attempting to explain how to remove it.

Lenovo defend practice

In a statement towards the end of last month, Lenovo, in a bid to save face for its blatant infringement of consumer rights, confirmed it has been removed from new Lenovo laptops, but incredibly, has said it will not be a permanent move.

“We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues,” said Lenovo’s community administrator, Mark Hopkins. “As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.”

Hopkins went on to claim that Superfish is actually a beneficial tool for users because it “helps users find and discover products visually” but went on to say that it can be disabled during the first installation process.

Firefox users however can rest that little bit easier as it has also been confirmed that due to Mozilla’s own security certificates, Superfish has no effect on its browser, but can be seen in Internet Explorer and Google Chrome.

Update: Lenovo have since issued another statement following this recent media attention reiterating their stance stating, “Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in market from activating Superfish. Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish.”

Fish image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com