Lenovo Computers pre-installed with Malware?

Forbes is reporting that Lenovo is pre-installing a piece of software on their new computers called Superfish.  Superfish is considered by security experts to be malware.

Excerpts:

From what’s known about it thus far, Lenovo uses Superfish to place adverts into Google search results that the laptop manufacturer wants them to see. It’s a good way to make money after all.

That all sounds very innocent. But privacy advocates are concerned about how this might be used to intercept people’s traffic and be abused for more surreptitious means. For non-encrypted traffic (i.e. connections running over HTTP rather than HTTPS), Superfish is used to inject JavaScript into web pages.

But there’s a bigger concern that Lenovo is intercepting encrypted traffic so it can show ads on people’s computers. In the security world, this is known as a man-in-the-middle attack.

From a privacy perspective, this isn’t ideal. Lenovo could easily abuse this trust to spy on its PC owners.

Lenovo claims that Superfish was installed on a limited number of computers.  However, when you purchase one, how will you know if the one you purchased had Superfish installed?

How do you feel about this?  Will this make you revisit a Lenovo purchase?

 

Leave a comment