Lenovo Faces Uproar Over Superfish Adware

Why users are upset about pre-loaded software and what it does.

ByABC News
February 19, 2015, 5:06 PM
The Lenovo Flex 15D laptop is pictured on April 25, 2014 in Atlanta.
The Lenovo Flex 15D laptop is pictured on April 25, 2014 in Atlanta.
Ron Harris/AP Photo

— -- Lenovo has removed a preloaded adware program called Superfish from its devices after users reported antivirus protection systems had deemed it a "potentially unwanted program."

The electronics company said in a statement it removed Superfish, a visual search engine, from all products it planned to ship, effective January. The Chinese electronics company said Superfish "has completely disabled server side interactions" on existing devices.

Users complaining on the Lenovo forums describe how the software would inject advertisements into their system that were more akin to what the industry would call a PUP, short for "potentially unwanted program."

Perhaps most troubling is the allegation that the software can present users with a fake certificate instead of one belonging to a legitimate site they're trying to visit, that way Superfish can serve advertisements.

"If this software or any of its control infrastructure is compromised, an attacker would have complete and unrestricted access to affected customers banking sites, personal data and private messages," security researcher Marc Rogers wrote on his blog.

Daniel Assouline, CEO at software company Lavasoft, told ABC News "the problem with Superfish isn't the problem of what they do, it's how they do it."

"They need to have better consent screens and be very clear about what they are going to do on the user's PC," he said. "When we categorize adware and malware, the differentiation is whether the company has been forthcoming and transparent."

Superfish CEO Adi Pinhas told ABC News in a statement that his company "is completely transparent in what our software does and at no time were consumers vulnerable -- we stand by this today."

He added that Superfish stands by a statement Lenovo released making it clear that users are "not tracked nor re-targeted" and "every session is independent" when using Superfish.

Lenovo also said "the relationship with Superfish is not financially significant; our goal was to enhance the experience for users. We recognize that the software did not meet that goal and have acted quickly and decisively."

The company also released a guide for users on how to determine if they have Superfish software and how to remove it from their devices.