Jump to content

Recommended Posts

  • FPCH Admin
Posted

fear-4414021280.jpg

 

 

Update: Lenovo has now provided an official corporate statement about the Superfish situation and it is not going to help at all in my opinion.

 

Original article...

 

I think the conversation about the extras installed on OEM computers is about to heat up and one company we have to thank for that is the one in the hottest seat of them all – Lenovo and their Superfish story.

 

Over on the Cigital Justice League Blog there is an excellent summary of just how bad this is:

 

It is hard to overstate how catastrophically bad this design is. It doesn’t merely insert advertisements into web pages. It undermines every secure connection the Windows computer might make. Lots of software—way beyond web browsers—use the certificate store to fetch certificates.

 

Cisco VPN clients use the Windows Certificate Store to verify that they’re talking to the right end point. Database consoles (like Toad or SQL Developer) will use Windows to verify that they are connected securely to the database server.

 

Programs like TweetDeck will use the Windows Certificate Store to check the identity of Twitter before connecting. Everything on a Lenovo computer that says it is “making a secure connection” is now lying. Except maybe Firefox, which has its own trust store.

 

The discussion around junk that comes pre-installed on a brand new computer has been going on for some time so the story itself is nothing new. However, to learn that Lenovo has installed this Superfish software on their brand new computers heading out the door to customers shakes trust to its core. To install a trusted certificate that breaks security on the system in so many ways is almost criminal.

 

Any business worth their salt knows that trust is the cornerstone of a successful endeavor of any type but most definitely when it comes to any dealings with customers.

 

No matter how great Lenovo’s hardware maybe, and they do make some awesome gear, this is going to impact a customer’s decision to buy a computer from them. When you place your bottom line above the trust of your customers then there will be fall out.

 

Lenovo leadership is also failing this situation miserably. Back in January a Lenovo forums administrator, Mark Hopkins, posted this in their online support forums in response to the uproar about Superfish:

 

“Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.

 

“Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.”

 

Interestingly enough Mark’s signature in the forums indicates he is the Program Manager for Lenovo’s Social Media Services but this social outreach has backfired beyond what he likely expected from the above post.

 

It is a good example of what happens when you break the trust of your customers. At least they have now posted instructions on how to remove Superfish from these infected systems.

 

So what needs to happen?

 

Well first OEM’s must change this habit of bundling all the junk on computers but that is going to be difficult for them because first they have to acknowledge they have a problem. Right now they simply do not see it or they choose to ignore it.

 

The reality is we will never know the dollar figure impact this bundling of junk has on their bottom line but there is only one reason they do it – because they make money from it. This is not done for the convenience of the customer – that may be what comes out of their mouths but it is not why they do it.

 

The other half of this equation is the users. As a help desk support technician I see the everyday computer user and their computer issues.

 

They are not like us and by us I mean those of us who stay connected to the tech community and know this junk comes on a new computer and needs to be removed. The vast majority of users operate their computer like an appliance such as their TV or microwave. They want to be able to hit the power switch and just have it work – period.

 

So these users do not see the problem and are simply unaware of it.

 

For that reason the idea of replacing the income an OEM makes from including all of this junk on their systems with a special fee to get a clean Windows machine would not likely work.

 

Microsoft has a very popular program the Microsoft Signature PC Experience and this means you get your new computer or tablet with zero junk or extras on it.

 

The cost of this is zero – nadda – zilch.

 

The HP Stream 7 I picked up last week was offered under this service and it is such a treat to get a new system, go through the out of box experience and be ready to go – well short of installing published Windows updates.

 

Here is my last comment on this and it is about perception. When users have issues with the junk pre-installed on their system the blame does not usually go towards the OEM – it is pointed at Windows. That means the company with the most at stake here is Microsoft and they should lead the efforts to remedy this issue as soon as possible.

 

Thoughts?

 

http://winsupersite.com/hardware/my-take-lenovo-oems-and-junkware-new-computers

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

  • FPCH Admin
Posted

Shame on Lenovo. To think I was just looking for a good deal on a Lenovo laptop for my husband.

 

I was going to replace his Windows 7 Toshiba for a Lenovo. Hewlett Packard is almost as bad when it comes to junkware.

 

Maybe I should just take another look at Dell.

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

Posted
For goodness sake they all do the same crap and if you buy HP I will just bet 50% odds the mobo will go in up to 2 years is what I have been seeing. I have sold about 10 Lenovos this year and I feel like the Maytag Man as they never call me but maybe once or twice with a question....Yeah buy a Dell laptop it will keep you busy!
  • FPCH Admin
Posted

I'll never buy another HP. Too many problems.

 

As for Lenovo, did you see what the Superfish software actually is?

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

Posted

Yes but did you read this:

"As an update on this...

 

Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues."

 

Like I said I have sold 10 of these last year and never saw this thing, and if I did it would be out of there. Look at all the garbage Dell and HP install that is spyware and they always have. Weather Bug, Yontoo and all that other junkware those guys have always installed. I must have sold about 30 refurbished ones as well in the last 5 years and never seen one piece of spyware on any Lenovo.

  • Like 1
  • FPCH Admin
Posted

Yeah, they have requested a fix through an auto update. They don't have one yet.

Browser pop ups? WOW! Sounds like some malware (spyware, adware) to me..... :real_anger:

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

  • FPCH Admin
Posted

Lenovo taken to task over 'malicious' adware

 

Computer maker Lenovo has been forced to remove hidden adware that it was shipping on its laptops and PCs after users expressed anger.

The adware - dubbed Superfish - was potentially compromising their security, said experts.

The hidden software was also injecting adverts on to browsers using techniques more akin to malware, they added.

Lenovo faces questions about why and for how long it was pre-installed on machines - and what data was collected.

The company told the BBC in a statement: "Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in the market from activating Superfish.

 

Source : http://www.bbc.co.uk/news/technology-31533028

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

  • FPCH Admin
Posted

_81101861_81101860.jpg

 

 

Was Superfish given permission to issue its own certificates?

 

Superfish was designed to help users find products by visually analysing images on the web to find the cheapest ones.

 

Such adware is widely regarded in the industry as a form of malware because of the way it interacts with a person's laptop or PC.

 

Security expert from Surrey University Prof Alan Woodward said: "It is annoying. It is not acceptable. It pops up adverts that you never asked for. It is like Google on steroids.

 

Source : http://www.bbc.co.uk/news/technology-31533028

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

  • FPCH Admin
Posted

Microsoft vs. SuperFish

 

bshark.jpg

 

Channeling Batman with shark repellent, Microsoft today has issued an update for its built-in Windows Defender product that eliminates the secret adware on Lenovo computers that has become a hot button topic over the last 48 hours.

 

Richard provided detail and commentary on SuperFish yesterday, and then subsequently posted up a poll on What grade would you give Lenovo's response to the Superfish situation?

 

If you own a Lenovo computer, make sure to update Windows Defender to get the bits designed to eliminate the threat.

 

In brief, Lenovo started installing a special bit of adware, dubbed SuperFish, on its computers last year. The company came under scrutiny then, but the outcry was minor enough for it to ignore. However, after researchers dug deeper into the adware this week, it was found that the software did more than just insert ads into random web pages. In addition to serving online commercials that nobody wants, SuperFish also tampers with computer security in such a way that attackers could spy on all web browser traffic.

 

So what you say? I have nothing to hide, you say?

 

According to security experts, SuperFish allows attackers to see ALL the communication that's supposed to be confidential including banking transactions, passwords, emails, instant messages, and more.

 

WindowsITPro expert, Troy Hunt, has promised in-depth coverage for SuperFish next week as part of his weekly Security Sense feature.

 

 

http://winsupersite.com/windows/microsoft-vs-superfish

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...