IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Lenovo stops shipping Superfish adware with consumer devices

Superfish adware had potential to make browser data available to hackers

Lenovo has confirmed it has stopped shipping adware with its consumer laptops, which could have led to encrypted user data being compromised by hackers.

Known as Superfish', the program injected visual search results into the browser without user permission, according to forums unearthed by The Next Web.

While OEMs routinely install bloatware on Windows machines, the Superfish adware appeared to be dangerous, not just inconvenient. This is because it used a self-signed certificate, which if compromised, could have provided hackers with access to all browser data - regardless of whether it had been encrypted. 

Lenovo's official statement

"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the firm said in a statement.

"But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software.

"We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first."

A Lenovo forum administrator tried to allay fears by stating Superfish did not "profile nor monitor user behavior" or "record user information". The firm has now confirmed it has stopped shipping devices with the software.

Many Lenovo users have expressed their dismay at the inclusion of the software.

"I have been working in tech software and systems engineering since mice were not even available for personal computers. I have never seen a brand, of any sort, come OTB with malware," noted a perplexed Lenovo customer.

"This is just unreal...and altogether unacceptable. Lenovo is a brand I always have associated with top quality, best practices trustworthy security. The brand has been rock solid, but sliding for years, and lately I have been having some concerns about its Chinese home...increasingly concerning to me in light of technology security and attacks originating from China."

Below is a tutorial showing users how to uninstall the adware. Those affected are also encouraged to install a fresh copy of Windows to make sure the rogue security certificate is completely removed from their system.

The article was originally published on 19/2/15 and has been updated to reflect with the latest statements from Lenovo.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Lenovo patches ThinkPad, Yoga, IdeaPad UEFI secure boot vulnerability
vulnerability

Lenovo patches ThinkPad, Yoga, IdeaPad UEFI secure boot vulnerability

10 Nov 2022
Lenovo ThinkPad Z13 Gen 1 review: A ThinkPad for the mainstream
Laptops

Lenovo ThinkPad Z13 Gen 1 review: A ThinkPad for the mainstream

26 Sep 2022
Lenovo ThinkPad X1 Carbon Gen 10 review: Quite simply the best compact business laptop
Laptops

Lenovo ThinkPad X1 Carbon Gen 10 review: Quite simply the best compact business laptop

30 Aug 2022
Lenovo expands its Evolve Small support initiative to cover all minority-led SMBs
SMB

Lenovo expands its Evolve Small support initiative to cover all minority-led SMBs

23 Aug 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022