Lenovo,
makers of the Thinkpad, Yoga, and other lines of Windows PCs, has been
shipping computers with a malware called “Superfish” pre-installed.
"This is exactly what bad guys do with trojans and other malicious
software to trick users to access fake sites to survey/monitor private
communications," said Kevin Bocek, an executive at cybersecurity company
Venafi.
The software not only acts as a spy service to help pipe
ads into your web browser, but reports indicate that it could also be
undermining the security of the computer systems upon which it’s
installed.
Customers started spotting this on their Lenovo computers in mid-2014.
Besides
taking up space in your Lenovo computer, the add-on is also dangerous
because it undermines basic computer security protocols. That’s because
it tampers with a widely used system of official website certificates.
That makes it hard for your computer to recognize a fake bank website,
for instance.
After facing a fierce backlash by customers and computer security experts this week, Lenovo on Thursday acknowledged as much.
"User
feedback was not positive," so Lenovo stopped preloading the software
on new computers in January 2015, a company spokesman said. Lenovo also
promised it "will not preload this software in the future" and said it
disabled the feature on its servers, which essentially kills the program
on everyone’s computer.
But questions remain. It’s also unclear
which exact laptop models were affected. A Lenovo representative said
the company could not immediately answer these questions.
So, what
was the point of the “Superfish Visual Discovery” software? It makes it
easier to shop for deals. The program analyzes images you see on the
Web and presents similar products that might have lower prices.
Lenovo stressed that the program did not “monitor user behavior” or record user information.
"The
relationship with Superfish is not financially significant; our goal
was to enhance the experience for users," the company said in a
statement. "We recognize that the software did not meet that goal and
have acted quickly and decisively."
Click here to check if your system is infected.
No comments:
Post a Comment