There's no free lunch: Lenovo and Superfish

superfish 2

Some Superfish are harder to manage than others

Credit: Hitch n Fish

Lately, I’ve been reading or rereading some classic sci-fi novels, including The Moon is a Harsh Mistress (published originally in 1966) which many consider Robert A. Heinlein’s greatest work. The novel traces the revolutionary uprising of a former lunar penal colony against its ruling authority on Earth via the reminiscences of Manuel "Mannie" Garcia O'Kelly-Davis, a computer technician who becomes a leader in the rebellion.

The Moon is a Harsh Mistress was the first novel to popularize the concept of TANSTAAFL which Mannie says means, “’There ain't no such thing as a free lunch.’ ... I... was reminding [her] that anything free costs twice as much in long run or turns out worthless."

I was reminded of this recently in the public dustup resulting from Lenovo pre-loading Superfish onto some of its consumer notebooks. If you’re unfamiliar with Superfish, it’s a visual search company that develops advertising-oriented software (adware) which injects commercial links into users’ online search results. [Disclosure: Pund-IT, Inc. has a consulting relationship with Lenovo.]

But last week, security firms including Kaspersky Lab reported that the Superfish software on Lenovo notebooks included a universal SSL certificate authority that enabled the application to track ad searches of every kind, even those on encrypted pages. A potentially larger problem was that the certificate authority had the same private key across laptops which could allow third-parties to intercept communications and compromise systems if they could extract the key.

To its credit, Lenovo has addressed the problem head-on, stating that customer complaints had led it to stop preloading Superfish on its consumer laptops in January, along with shutting down the server connections that enable the advertising features. The company said it is working with Superfish, McAfee and Microsoft to address the involved security issues, and has posted detailed information on those activities and tools to remove the software.

Lenovo also noted that the software was never loaded onto any business-class Thinkpad laptops, or its desktop and smartphone products. So what does any of this have to do with TANSTAFFL? A couple of things. First, despite the howls of criticism over the fiasco, preinstalled software (also known popularly as “crapware” and “bloatware”) like Superfish is likely to remain part of the PC marketplace and user experience for years to come.

Why so? Because building PCs and laptops is a tough way to make a living, with ever more fickle customers, increasingly brutal competition and razor thin margins that are getting thinner every day. Toss in investors who brutalize share value whenever a vendor even slightly misses projected earnings and living the PC dream looks more like a nightmare.

Why do you think HP is spinning off its PC business?

So in a marketplace driven by customers who consistently choose TANSTAFFL-ish low prices over quality, PC vendors look for other ways to monetize their products, including preinstalling applications like Superfish. Until consumers balance demands for an end to adware with a willingness to pay fair value for PCs, expect Superfish and its brethren to resume serving “free lunch” solutions as usual in a couple of months.

But that doesn’t let PC vendors off the TANSTAFFL hook. Some of Lenovo’s competitors are trying to make the most of the company’s discomfort but PC and consumer electronics vendors of virtually every stripe leverage preinstalled software. As a result, there’s more than a bit of “There but for the grace of God…” in this sorry tale than most would comfortably admit.

Adware like Superfish may seem like a quick and easy way for vendors to pad thin margins but the reputational damage resulting from flawed software quickly erases any benefits. Plus, at a time when social media provides a global megaphone for magnifying public outrage, woe be any company that fails to anticipate or detect potential snafus in the products they develop or employ.

Free lunches have been around for millennia (“Caveat emptor” is the Latin equivalent of TANSTAFFL) and seem unlikely to depart the commercial technology menu any time soon. But as Heinlein so eloquently noted in The Moon is a Harsh Mistress, they cost way more and are far less nourishing than most people ever expect.

This article is published as part of the IDG Contributor Network. Want to Join?

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.