posted by Thom Holwerda on Thu 19th Feb 2015 10:08 UTC

It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time.

The adware, named Superfish, is reportedly installed on a number of Lenovo's consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user's permission.

This is bad enough as it is, but surprise surprise, the malware in question is actually horribly insecure and allows for some crazy stuff to happen.

Superfish, an adware program that Lenovo admitted in January it included as standard on its consumer PCs, reportedly acts as a man-in-the-middle" so it can access private data for advertising purposes. The adware makes itself an unrestricted root certificate authority, installing a proxy capable of producing spurious SSL certificates whenever a secure connection is requested. SSL certificates are small files, used by banks, social networks, retailers such as Amazon, and many others, to prove to incoming connections that the site is legitimate. By creating its own SSL certificates, Superfish is able to perform its advertising tasks even on secure connections, injecting ads and reading data from pages that should be private.

Do not buy Lenovo. In fact, do not buy any Windows PC that is not a Signature Experience.

e p (2)    44 Comment(s)

Technology White Papers

See More