Lenovo is facing criticism following reports that the computer manufacturer is pre-installing invasive software on its laptops that many are calling malware.
The software is called Superfish, and describes itself as a “technology that helps users find and discover products visually… instantly [analysing] images on the web and [presenting] identical and similar product offers that may have lower prices.”
But according to The Next Web’s Owen Williams, what Superfish actually does is serving up intrusive and unwanted adverts on web pages like Google. And it comes pre-installed on laptops, so Lenovo customers will end up using it inadvertently.
Worse, there are reports that Superfish is carrying out what’s known as a “man in the middle” attack — impersonating the security certificates of encrypted websites to let it serve up its ads. This potentially compromises the sensitive information of any customer affected by Superfish — like passwords or banking details.
According to The Register, almost a dozen antivirus software suites flag up Superfish as a “potentially unwanted program, adware, or a trojan.”
Here’s a screengrab from Twitter of Superfish allegedly impersonating Bank Of America:
As The Next Web reports, there have been sightings of Superfish back in 2014 — but it’s only come to mainstream attention now. Lenovo says it has now “temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues.”
The reaction on social media has ranged from outrage to scorn:
Guys. The second you start calling superfish a “potentially unwanted program” and not malware you make it ok for Lenovo to do this again.
— Sid (@Trojan7Sec) February 19, 2015
Goodbye Lenovo, and thanks for all the Superfish.
— InfoSec Taylor Swift (@SwiftOnSecurity) February 19, 2015
Here’s Lenovo’s statement:
Due to some issues (browser pop up behaviour for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.
To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyses images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.
The Superfish Visual Discovery engine analyses an image 100% algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.