Superfish Not So Super: Lenovo Laptops Have Preinstalled Adware That Compromises Your Privacy

Lenovo has owned up to shipping hardware with what it calls potentially unwanted programs (PUPs), though frustrated customers have simply been calling the software adware. Some have even accused the software of siphoning data from otherwise secure connections.

Lenovo tablets and desktops and laptops have shipped with the Superfish Visual Discovery engine, software that injects ads into Google searches and generates pop-ups.

In a comment posted to Lenovo's forum in late January, a Lenovo representative acknowledged the presence of Visual Discovery software and stated that the Chinese hardware manufacturer has stopped shipping devices with the PUP preinstalled, at least until Superfish retools its software so that it no longer generates pop-ups.

The representative stated that Superfish is based solely on context. It analyses images to and cross-references them with products from more than 70,000 stores to offer similar or cheaper merchandise, the representative stated.

"The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine," said the representative.

It doesn't base the ads it generates on the behaviors of users, the representative asserted. Superfish doesn't profile users, monitor their behavior or record any to their information, the representative stated.

"[Superfish] does not know who the user is," stated the representative. "Users are not tracked nor retargeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled."

Some users aren't satisfied with Lenovo's explanation of Superfish and how the software works. Others are afraid of it, alleging that the software uses man-in-the-middle (MitM) mechanics to tap into secure connections.

Visual Discovery signs its own digital certificate, legitimizing itself to web browsers so that it can sit in on secure connections. The Lenovo forum users posted the MitM allegations before the company's representative commented on the matter.

While Lenovo users may fear for what may be baked into their operating systems, a new report from Kaspersky Lab states that the U.S. government has created hard-to-detect spyware that blends into the bits and bytes of hard drives produced by some of the world's top manufacturers. The report stated that the National Security Agency use of the hard drive spyware gives it the ability to spy on most any computer anywhere in the world.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics