New Lenovo computers install dangerous malware that could allow hackers to spy on users
‘Superfish’ adware puts ads onto websites without users’ permission, and could leave the computer vulnerable
Andrew Griffin
Thursday 19 February 2015
New Lenovo computers came shipped with software that forced ads onto the users and could have left them vulnerable to hacking.
The adware, known as “Superfish”, was made to push new third-party results into internet browsers — similar to the ads seen on sites like Google, but extra and coming from a source that wasn’t immediately identified. The adware meant that some sites wouldn’t render properly and worked slowly, as well as showing the unwanted results.
But as well as installing ads, the way the software works could allow hackers to look in on users’ internet browsing. Facebook engineer Mike Shaver noticed that Superfish installs a “man in the middle” certificate, which allows companies to intercept information as it is passed between a users’ computer and a website.
Superfish is seen by antivirus software as a virus, and they recommend uninstalling it.
The software appears to have been shipped with Lenovo computers since mid-2014.
The only way to be sure that new Lenovo laptops aren’t carrying the adware is to entirely delete windows and re-install it. But given that the software works secretly, most will be unaware it is running, and a clean install of Windows is a complicated and technical process that many consumer users might be unaware of.
But some users have posted more simple ways of removing the software online.
Lenovo has admitted that the software was being installed on new machines, but said that it has now “temporarily removed” it from new products. The software will stay off new computers “until such time as Superfish is able to provide a software build that addresses these issues”, Lenovo said.
"Lenovo removed Superfish from the preloads of new consumer systems in January 2015," a Lenovo spokesperson told The Independent. "At the same time Superfish disabled existing Lenovo machines in market from activating Superfish.
"Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."
For users that have already had the computers, Lenovo asks Superfish to release an update that would address some of the problems users were having.
In a forum post explaining the software, Lenovo said that Superfish “is a technology that helps users find and discover products visually”.
