Consumers are accustomed to finding shovelware, bloatware or adware installed on new PCs, mobiles and tablets. Annoying and as hard to remove as bot flies, it hogs drive space, clutters desktops and needlessly consumes resources.
However, if you've bought a new Lenovo PC since mid-2014, you may have purchased more than you bargained for: A security hole enabled by the adware known as Superfish.
In IT Blogwatch, bloggers catch and release.
Filling in for our humble blogwatcher Richi Jennings, is a humbler Stephen Glasskeys.
Gregg Keizer cleans fish:
Lenovo confirmed that it is working with two of its partners, antivirus vendor McAfee and Windows-maker Microsoft, to automatically scrub or isolate Superfish.
…
Ironically, McAfee's Internet Security is another pre-loaded program Lenovo adds to its...PCs and 2-in-1s. Those programs, called "bloatware," "junkware" and "crapware," are factory-installed by Lenovo to generate revenue.
…
Security experts have called on Lenovo, and the PC industry in general, to halt the practice of pre-loading third-party software on their machines. MORE
Agam Shah finds for the bloggy plaintiff:
Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter.
…
Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called "spyware" in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.
…
Bennett, a blogger, purchased a Yoga 2 laptop to conduct business and communicate with clients. MORE
Superfish sounds all too familiar to Nicole Perlroth:
The same week researchers reported that the National Security Agency had been embedding surveillance tools in the guts of thousands of machines in Iran, Russia and other countries, it was revealed that the world's largest personal computer company had been doing something similar to its customers. MORE
Straight from the horse's large mouth bass:
Lenovo is exploring every action we can to help our users address the concerns around Superfish.
…
About Superfish: Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. Users are given a choice whether or not to use the product. MORE
Reckless? Alistair Fairweather storms ahead: [You're fired -Ed.]
[More] and more websites have started to require certificates for everything they do online. Even Google searches now have that friendly green padlock that reassures you that your browsing experience is safe.
…
This has made things harder for software like Superfish. It wants to inject adverts into your search results, but the browser will not let it do that because it does not have the correct certificate. Its solution is either complete genius or reckless idiocy, depending on your perspective. MORE
So, Chris Hoffman moves forward too:
Depressing reminder: Lenovo now owns Motorola. Superfish for Android, anyone? Be extra skeptical of Moto going forward. MORE
Meanwhile, Dave Lee digs towards China:
*Subtle* dig at Lenovo from HP here... MORE
You have been reading IT Blogwatch by Richi Jennings and Stephen Glasskeys, who curate the best bloggy bits, finest forums, and weirdest websites…so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.