We’re sorry: Lenovo CTO issues open letter following Superfish debacle

24 Feb 2015

As the Superfish adware saga continues, Lenovo’s CTO Peter Hortensius has issued an open letter promising that Superfish in all its forms will not be installed on Lenovo computers from here on in.

Over the past week, the Chinese computer manufacturer has been forced to apologise for installing the adware on computers in its factories in what is not just an infringement of privacy and consumer rights, but also leaves the consumer vulnerable to man-in-the-middle cyberattacks.

When the news broke, Lenovo took the stance that Superfish was to remain on its computers, but Lenovo’s community administrator Mark Hopkins said, “We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.”

Now, however, in an open letter released to journalists, Hortensius admitted it was a major mistake to have begun the practice in the first place. “We saw published reports about a security vulnerability created by this software and have taken immediate action to remove it.

“Clearly this issue has caused concern among our customers, partners and those who care about Lenovo, our industry and technology in general. For this, I would like to again apologise. Now, I want to start the process of keeping you up to date on how we are working to fix the problem and restore your faith in Lenovo.”

Erasing Superfish from all Lenovo systems

Soon after reports of the existence of Superfish on Lenovo laptops began circulating online, Lenovo issued a manual hotfix for its customers to remove the software from their computers before following it up the next day with an automatic removal tool.

The company also stated it worked with all the major anti-virus providers, including Microsoft, Symantec and McAfee, to update its systems and allow for Superfish’s automatic removal from computers.

Lenovo has also stated in no uncertain terms that it is looking to make amends for its mistakes and prevent any future issues by working with consumers and security experts.

“We recognise that all Lenovo customers may have an interest in where we are and what is next. The fact is our reputation touches all of these areas, and all of our customers,” said Hortensius.

“Now, we are determined to make this situation better, deliver safer and more secure products and help our industry address – and prevent – the kind of vulnerabilities that were exposed in the last week.”

This will not deter a number of customers and organisations to come forward with lawsuits against the company, however. News has already emerged of lawsuit action taken against Lenovo by a Jessica Bennett, claiming her privacy had been invaded and her product had been damaged as a result of Superfish.

Lenovo offices image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic