If you bought a Lenovo computer recently, chances are it may have come with factory-installed adware. The world's largest PC manufacturer was found to install an adware called Superfish — which injects third-party ads on Google search results and other websites — on new machines.
Learn more about malware and antivirus for Windows
Users from as far back as September starting noticing sponsored links in their search results. Lenovo acknowledged that it was installing adware, with community manager Mark Hopkins taking to the forum late last month to announce that Superfish would be temporarily removed:
"All,As an update on this...Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.The Superfish Visual Discovery engine analyzes an image 100% algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled."
While Hopkins mentions that users have the option of not installing the software by rejecting the terms and conditions during initial setup, but it looks like the adware installs its own security certificate, which allows it to have unfettered access to monitor your secure communications.
Who's affected by this adware? If you're using Chrome or Internet Explorer, you may be at risk. Firefox users are not affected as Mozilla uses its own certificate store. Fortunately, there's a clip that shows you how to uninstall the adware should you have it in your system.
Any Lenovo users here seeing errant links in your search results? Let us know in the comments.
Source: Lenovo forums; Via: The Next Web
