Home
Laptops
Laptops News
Lenovo Installing Adware on Consumer PCs, Report Users

Lenovo Installing Adware on Consumer PCs, Report Users

By NDTV Correspondent | Updated: 19 February 2015 17:38 IST

Lenovo as per user reports is shipping adware, or software that spams users with ads, on its consumer PCs. The software is said to be spamming third-party ads and pop-ups on Google searches and websites without the user's permission.

According to various user reports, Lenovo's new machines are coming with software called Superfish pre-installed, which acts like adware and affects Google Chrome, Internet Explorer, and Mozilla Firefox browsers on Google searches and on websites.

The presence of the software was explained by a Lenovo community administrator, Mark Hopkins, on the Lenovo forums, saying it is a visual discovery tool that analyzes images to help users find similar images and product offers.

"To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine... The Superfish Visual Discovery engine analyzes an image 100 percent algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price."

However, the issue seems to be much bigger than just the spamming of ads and pop-ups, with users reporting on Lenovo's forum the software uses a self-signed root certificate that makes it look legitimate to the browser, allowing it to collect data over secure web connections (SSL/TLS).

As The Next Web notes, this malicious technique is commonly known as a man-in-the middle attack, where the certificate allows the software to decrypt secure requests.

Lenovo has been installing Superfish since September at least, if going by the first user reports.

Hopkins in his forum post in January said that Superfish software has been temporarily removed, due to its browser add-on issue, but that once a fix is available the software will be auto-updated. Users note that once the software is removed, the root certificate still remains.

"Due to some issues (browser pop up behaviour for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.," Hopkins noted on the community forum.

Hopkins added that there is nothing wrong with the software and its working technology, and that users can choose not to have the software installed when they are setting up their laptop for the first time.

Here's what he wrote in its defence, "Superfish technology is purely based on contextual/image and not behavioural. It does not profile nor monitor user behaviour. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled."

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.