One of the world’s largest PC manufacturers, Lenovo, has been embroiled in a controversy involving third party software that it has been installing on its machines known as Superfish.
The Superfish program has been bundled onto new machines are part of the standard suite of OEM (Original Equipment Manufacture’s) software that is generally placed on all new machines. Such software has been unceremoniously termed ‘crapware’ by many customers as it generally provides little benefit and actually tends to clog up the machine. There are even businesses that make a good living developing ‘de-crapifiers’ that remove all this software from machines. Lenovo of course is not the only PC supplier that does this, it is a wide spread practice across the industry.
The problem with Superfish was that although designed to place ads into web browsers it has been shown to suffer from major security vulnerabilities. What makes this even more worrying is the fact that Superfish is designed to intercept and read all encrypted traffic, that is traffic normally sent via the https protocol. Such vulnerabilities means that they could be readily exploited by others who would then have a major vector into a user’s PC.
It is also possible that Superfish could be installed by other means onto non-Lenovo PCs so if you want to check whether Superfish is installed on your system visit:
Given that Lenovo is now a Chinese owned company has probably given the issue more publicity that one would normally expect. Lenovo has apologised and will no longer install the Superfish software, however it appears that the damage has already been done to Lenovo’s reputation. For deeper insight into the controversy check out:
In the meantime it is always best practice to uninstall any software that you don’t require on your machine. If you are unsure about exactly what is required don’t hesitate to contact us here at Correct Solutions on 02 8831 8200.
Image courtesy of Keerati at FreeDigitalPhotos.net