Lenovo ships Superfish adware preinstalled on systems

Till now I've quoted Lenovo notebooks as a solid foundation for business purposes. But today this image was badly destroyed – it was uncovered, that Lenovo was shipping Malware/Adware preinstalled on their systems.


The first words about that issue has been spread in September 2014 here within the Lenovo forum. A user installed Google chrome browser on a brand new Lenovo notebook and noticed, that adware adverts appeared into Google search results. Investigating the case, this user found out, that a program Superfish from Visual Discovery has been preinstalled on his Lenovo device. Normally Superfish is used for visual image search. But on Lenovo system it acts in best case as adware. These ads are cleverly designed to fit into the search results to make them appear to look normal.

To make things even worse, Lenovo installed also a Root certificate, enabling Superfish to act as a man in the middle and read also https protected connections. This is a kind of malware behavior. Only Firefox uses its own certificates for https connections. A Lenovo employee (Mark_Lenovo) and forum moderator confirms here in this thread, that Superfish has been preinstalled on their machines. He stated, that Lenovo has disabled the software on consumer machines – but needless to say, that the same machines are also used in business cases. Further details may be read at thenextweb.com.

For me it's a no go, what Lenovo made – and I doubt, that I will buy Lenovo products in future anymore. The reputation, Lenovo got during the last years, is in my view, completely damaged. And what's your opinion?

Update: To complete this blog post, here is a statement frome Lenovo without further comments

Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in market from activating Superfish. Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."

Background information on Superfish

Superfish was preloaded onto select models of Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.

The Superfish Visual Discovery engine analyzes an image 100% algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.

Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.

Cookies helps to fund this blog: Cookie settings

This entry was posted in computer and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *