Link: Lenovo Includes Superfish ☍

Shared on February 19, 2015

Robert Graham for Errata Security:

Lenovo, a huge maker of laptops, bundles software on laptops for the consumer market (it doesn’t for business laptops). Much of this software is from vendors who pay Lenovo to be included. Such software is usually limited versions, hoping users will pay to upgrade. Other software is add supported. Some software, such as the notorious “Ask.com Toolbar”, hijacks the browser to display advertisements.

Such software is usually bad, especially the ad-supported software, but the SuperFish software is particularly bad. It’s designed to intercept all encrypted connections, things is shouldn’t be able to see. It does this in a poor way that it leaves the system open to hackers or NSA-style spies.

This has been reported in a few other places this morning, and there’s even a test. Lenovo should be ashamed of themselves for including such software, but any sort of crapware seems to be par for the course with consumer PCs. Maybe this will drive more people to buying business PCs or Signature Edition PCs? Probably not.

Snippets are special posts that share a linked item with a bit of commentary.