For those of you who might have missed this one, in September 2014, Lenovo were caught putting a piece of software called Superfish onto their consumer-grade laptops. A user of a Lenovo laptop posted to the Lenovo forums saying that they had this software on there.
So what does this software do? This basically inserts ads onto websites that did not already have them. This might not seem like much, but this where it gets really crazy.
When you go to a secured website like eBay, Amazon or some other online store, that browsing session is secured using a technology called SSL. From the moment that you add an item to your shopping basket or click “buy it now”, it’s secured to make sure that a bad guy cannot steal your credit card information. This is also the case when you go to your internet banking with your bank. These sites require a certificate that needs to be signed.
However, the Superfish software breaks this SSL technology and also injects ads. So all the shopping sessions with the online stores and internet banking sessions are not secured. As such, this software is not adware, it is malware.
As customers, we expect to see laptops that are cheap. Because of this the companies that make laptops go to people that make anti-virus software and others and they pay the laptop manufacturers (including Lenovo) when they install their software. However, it’s a trial version. When somebody buys the full version the laptop makers get paid. Unfortunately, a lot of laptops put lots of this trial-ware and adware.
So what has Lenovo done to make things right?
Well, Lenovo’s CTO Peter Hortensius has apologized for the mistake.
They have released some instructions on how to remove Superfish from a Lenovo laptop. They have also shut down the servers that the Superfish software required. Additionally, Lenovo have promised to give people a free six-month subscription to McAfee LiveSafe.
However, I think that it’s a case of too little too late. What Lenovo did was wrong and they shouldn’t have pre-loaded superfish onto their laptops in the first place. Personally I think that a free six-month subscription to an Internet security solution is not enough compensation. They should either offer a removal tool that will get rid of all pre-loaded bloatware(including Superfish). Alternatively they should offer a clean version of Windows with no pre-loaded software.
Previously, when somebody asked us which laptop to get we would say a few brands to them including Lenovo. This is because Lenovo made some great laptops.
However with the events of the last week, we now have a few recommendations. First of all, follow the instructions to remove Superfish from your Lenovo Laptop. The second thing that you can do is to never buy another Lenovo Product. Yes, they came out and apologised, but it was too little too late.
Do you think we are wrong to criticize Lenovo so much? Do you think they deserve a second chance? Let us know in the comments.