Bloatware might be a common curse on smartphones these days, but it didn’t start with mobile devices. Even PCs and laptops bought from manufacturers and dealers had them long before. Now the biggest PC maker has just been found installing adware on machines. Lenovo used software from Superfish to inject ads into users’ browsers without them knowing it, but the somewhat innocent sounding adware might actually be more trouble and more dangerous that it might initially look.
According to Lenovo, Superfish is used to help users find and discover products visually that offer the best deals and prices. It analyzes images on a web page and then coughs up similar products with cheaper prices. That might not sound as bad if you’re not aware of what’s happening behind the scenes and if you are already used to ads, but users have complained in some cases that Superfish even starts popping up ads left and right. And, as they say, there’s more to the story.
Some users have branded the Superfish software as malware and for good reason. Beyond spamming ads, of course. Apparently, Superfish installs its own security certificate authority which allows it to actually eavesdrop even on secure connections, like, those that you use for banking or very private activities.
This process is commonly called a Man in the middle or MITM attack and is a common method used by hackers. If so, then Superfish is more than just an annoyance but also a security liability.
Superfish seems to affect web browsers such as Internet Explorer and Google Chrome on Lenovo computers. Not Firefox, however, as this browser uses its own certificate authority store. Some Lenovo users have posted guides on how to remove the adware from the computer, which might be a good idea considering the risks.
Lenovo community administrator Mark Hopkins had this to say:
“We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.”
VIA: The Next Web