The adware, named Superfish, is reportedly installedon a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.
Superfish on these Lenovo devices appears to affect Internet Explorer, Mozilla Firefox and Google Chrome.
A Lenovo community administrator, Mark Hopkins, wrote in late January that the software would be temporarily removed from current systems after irate users complained of popups and other unwanted behavior:
We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.
Hopkins defended the adware, saying that it “helps users find and discover products visually” and “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”
He also says that users can refuse the terms and conditions when setting up their laptop, which means the software will be disabled. It doesn’t sound that straight-forward, however.
Other users are reporting that the adware actually installs its own self-signed certificate authority which effectively allows the software to snoop on secure connections, like banking websites as pictured in action below.
This is a technique commonly known as a man-in-the middle attack, yet Lenovo appears to be shipping this software with some of its products out of the box.
Superfish is identified by antivirus products as adware and advised to be removed. One user created a video that details how to remove the software manually, for those that are affected.
Even though Hopkins says the company has stopped installing the software on computers, it appears that’s only “temporary” until the company behind the software makes some tweaks to stop pop ups.
If this is as widespread as it appears to be, the news is not good for Lenovo computer owners. If you own a Lenovo machine, let us know in the comments if you find the Superfish software on your machine.
We’ve contacted Lenovo for comment on the Superfish software and if it plans to continue pre-installing it with new machines and will update when we hear back.