Recently, a surprisingly discovery has come to light in the limelight of technology: Superfish. No, we’re not talking about a prehistoric fish that can fly, rather something much more worrisome and annoying at the same time. Lenovo, one of the leading suppliers of mobile computing hardware all around the world, was found setting up Superfish on their computers. If you haven’t heard about Superfish until now, you might as well now that it is adware that was first spotted a few months ago on Lenovo computers. The news exploded on social media today, after the Lenovo forums started filling up with complaints about Superfish-related problems owners were experiencing.
Superfish has been uncovered as adware that Lenovo installed on their newer computer models. What it does is injecting third-party advertisements and pop-ups, even into Google searches, without the user’s permission. Adware is usually a problem when we’re not aware of it, hence the outrage around Superfish. As far as we know, you’re safe if you own an older Lenovo computer or if you use Mozilla Firefox instead of IE or Chrome, because the adware installs its own certificate authority, which means that Superfish can access your secure connections in order to target ads at you. That translates into the more commonly used man-in-the-middle attack, which has been used by many hackers to get into email accounts, and has been the suspected method hackers used to get those infamous nudes form iCloud last Fall.
If it sounds a bit odd that Lenovo, an international company that is leading the industry of mobile computing, would infect their own computers with Superfish, you should know that it is odd. Nonetheless, Lenovo has been mostly mum about the matter, as community forum administrators went on to defend Superfish, saying that it is more a tool rather than actual adware, which is not true. Still, forum administrators say that Superfish helps Lenovo users find content they might be interested in. To quote Mark Spencer:
Even though the explanation for Superfish seems acceptable, that doesn’t mean users are delighted that they have pre-installed adware on their computers. Removing the browser add-on shouldn’t be too hard, but it still poses the question as to how Lenovo thinks this is correct behavior towards their users. Even if Lenovo customers had the option of disabling the service, it comes off as a rather dodgy partnership between Lenovo and various retail companies. That is just a supposition, as Lenovo hasn’t confirmed that Superfish would have any ties with commercial societies or retailers, but what other reason would they have for installing adware on their hardware? Check out the video below to see how you can get rid of Superfish.
Lenovo came out and said that Superfish will not be installed on new computers, but said that the measure is only temporary, which suggests the company has no intention of dropping their practice. What’s more is that Superfish is actually adware, which is malicious to the user and to the computer and will make virus detectors go berserk on occasion. Fact of the matter is that many users and Lenovo fans are very disappointed and vow not to buy their products anymore, which is bad news for the Chinese company.
Update: Lenovo has reached out to us to clarify that the company will no longer put Superfish on future computers. They also clarified that only computers shipped between September and December got the Superfish treatment. What Carly Moore from 100text didn’t clarify concerns the man-in-the-middle part of things. Even though Lenovo vows that it’s not a security liability, most opinions don’t agree. Check out their statement below:
“Superfish was previously included on some consumer notebook products shipped in a short window between September and December to help customers potentially discover interesting products while shopping. However, user feedback was not positive, and we responded quickly and decisively:
1) Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the product is no longer active. This disables Superfish for all products in market.
2) Lenovo stopped preloading the software in January.
3) We will not preload this software in the future.
We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first.
To be clear, Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. Users are given a choice whether or not to use the product. The relationship with Superfish is not financially significant; our goal was to enhance the experience for users. We recognize that the software did not meet that goal and have acted quickly and decisively.
We are providing support on our forums for any user with concerns. Our goal is to find technologies that best serve users. In this case, we have responded quickly to negative feedback, and taken decisive actions to ensure that we address these concerns. If users still wish to take further action, detail information is available at http://forums.lenovo.com.”