Canadian TV, Computing and Home Theatre Forums

Canadian TV, Computing and Home Theatre Forums (
-   Home Computing (
-   -   Lenovo caught installing adware on new computers (

905shmick 2015-02-19 12:58 PM

Lenovo caught installing adware on new computers
It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time.

The adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.

audacity 2015-02-19 02:29 PM

I think this should be called "pulling a Sony".

ssbtech 2015-02-19 06:42 PM

But.. but... the NSA does it!

905shmick 2015-02-19 11:34 PM


Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken. If you access your webmail from such a laptop, any network attacker can read your mail as well or steal your password. If you log into your online banking account, any network attacker can pilfer your credentials. All an attacker needs in order to perform these attacks is a copy of the Superfish MITM private key. There is (apparently) a copy of that key inside every Superfish install on every affected Lenovo laptop, which has now been extracted and posted online.

AFF 2015-02-20 12:09 AM

This is why I format and re-install the OS on most every pc and laptop I have ever bought. They put too much junk on new systems.

stampeder 2015-02-20 04:16 AM

Similarly to AFF's advice, when I've purchased laptops I've unboxed them, then without ever powering them on a first time I've flipped them over, removed the hard drive, replaced it with a virgin SSD and then installed from scratch, usually with Linux but sometimes with Windows if I'm testing something that requires it. The OEM hard drive goes into an anti-static bag and then into a sealed container in my shed in case I might ever need it. Once the laptop's warranty has expired I'll then reuse that OEM HD for something else if I have a need.

That's how I have avoided the "add-on" software blues like what Lenovo has been caught doing.

905shmick 2015-02-20 10:34 AM

Lenovo has now posted info on how to remove both Superfish & the root certificate

gdkitty 2015-02-20 03:45 PM

As well, if you are running Windows Defender, if you do the latest updates for it, It will remove the superfish and repair any of the certificates.

timlocke 2015-02-20 04:53 PM

Replacing Windows 8/8.1 with Windows 10 Tech Preview solves that problem. I don't know if my Lenovo had the Superfish, but I checked it and Firefox on it this am using instructions from Ars Technica and it is ok and clean with W 10.

gzink 2015-02-21 01:28 AM

But Win10 will need complete redo.

Bplayer 2015-02-21 09:07 AM

^^ Incorrect. WTP will not require a complete redo. You can upgrade, similar to performing the monthly patch updates. This retains all your data, user accounts, installed Desktop programs and Metro apps.

stampeder 2015-02-23 04:41 PM

U.S. Class Action Lawsuit proposed
It was only a matter of time:

A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.

Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called “spyware” in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.

Wetware 2015-02-24 04:40 PM

Glad to here.

The more people fight back, the less likely other companies will be to try stuff like this.

All times are GMT -4. The time now is 07:04 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

For the best viewing experience please update your browser to Google Chrome