Identi.ca
Luis

Luis at

Lenovo Apologies for Superfish Scandal, Offers Uninstall Instructions

Paul Lilly

I have a better idea. Install Linux. No need to worry about crapware.



World's top PC supplier admits it "messed up"
Lenovo took to Twitter to issue an apology over Superfish, the visual search software it installed on consumer laptops and desktops without permission, and has posted instructions on how to remove it. Initially Lenovo issued a statement saying that it installed the software with good intentions and that there's nothing to be concerned about from a security perspective, though evidence points to the contrary.

"We're sorry. We messed up. We're owning it. And we're making sure it never happens again," Lenovo posted to Twitter, along with a link instructing users how to remove the program and its digital certificate.

The problem with Superfish is that it worked as adware by inserting ads into searches performed on Internet Explorer and Chrome (Firefox appears to be unaffected). Furthermore, it left a gaping security hole on users' systems that could allow for man-in-the-middle attacks.

After news spread of the nefarious software, Lenovo tried to downplay the issue, saying that its relationship with the Superfish "is not financially significant" and its only goal was to "enhance the experience for users." In the same breath, Lenovo said it understood the concerns and had stopped preloading Superfish in January.

One of our readers sent us an email to dispute Lenovo's claim, saying that "their statement that says they stopped pre-loading Superfish in January is false -- my laptop (a Y40-80) was manufactured on February 9, 2015, and included Superfish and its root certificate."

It appears Lenovo got caught with its hand in the cookie jar, so to speak, and is now hoping that an apology and a bit of humility will win back the trust that helped it become the world's number one supplier of PCs.

"We messed up badly here," Peter Hortensius, Lenovo’s chief technology officer, told Bloomberg in an interview. "We made a mistake. Our guys missed it. We’re not trying to hide from the issue -- we’re owning it."

It's not enough to simply uninstall Superfish, as it leaves behind a root certificate that must also be removed (manually). Lenovo's instructions linked above detail how to perform both.

link

#lenovo #superfish #fail #epicfail

Michael (majeSTYX), Kevin Ford, Freemor likes this.

Krugor, Freemor shared this.