Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Lenovo Installs Adware On Its PCs, Is Vulnerable
#1
http://www.maximumpc.com/lenovo_takes_he...ptops_2015
Just another good reason to build your own PC.
Quote:It's not too often that Lenovo gets dinged for making a bad decision. After all, Lenovo is the top supplier of PCs in the world, and it didn't get there through a series of mishaps. Nevertheless, Lenovo has come under fire for installing hidden software on its consumer laptop and desktop PCs that injects third-party ads on Google searches and websites. Even worse, Lenovo reportedly gave Superfish permission to issue its own security certificates, which allows it to hijack SSL/TLS connections to websites, also known as a man-in-the-middle attack.

Superfish is intended to help consumers find and discover products by analyzing images on the web. The visual search tool could allow you to look up an item you've stumbled upon but might not know the name of, or to find similar products that are perhaps more affordable.

Unfortunately, Superfish has been found to do more than it says. After users complained about it on Lenovo's forums, Lenovo social media program manager Mark Hopkins sought to extinguish the flames by telling users that Lenovo had removed the software, at least for now.

"Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues," Hopkins said.

He went on to defend the software and tout its merits, though didn't address complaints that it's injecting its own self-signed certificates and intercepting web traffic, behavior that was confirmed on Twitter by a security engineer at Google.

BBC News spoke with security expert Prof Alan Woodward who described Superfish as being "like Google on steroids." He also said that people have shown it can intercept pretty much anything on the web.

"If someone went to, say, the Bank of America then Superfish would issue its own certificate pretending to be Bank of America and intercept whatever you are sending back and forth," Woodward said.

Users do have the option of declining the software when firing up their laptop or desktop for the first time, though according to The Guardian, some have complained that it installs anyway, and stays installed even if the software is uninstalled.
Reply
#2
Both new PCs as well as phones come with way too much crap that the consumer is not able to opt out of.

It's insane and should be criminal.
Reply
#3
Good guy Microsoft updates Windows Defender to get rid of Lenovo's adware, admittedly it's not quite perfect: http://www.neowin.net/news/microsoft-upd...that-it-is
Reply
#4
build your own laptop???????

yeah, sure
Reply
#5
2-20-2015


How to find out if Superfish infected your computer – and what to do about it


If you follow anything having to do with tech on the Internet, you have undoubtedly read something about Superfish in the past 24 hours. In a nutshell, Lenovo sold tons of computers with software called Superfish Visual Discovery pre-installed. Lenovo has been selling computers preloaded with Superfish for the past two years, and the software is supposed to help serve alternative, image-heavy ads in Google search results.

As it turns out, however, Superfish is a pretty frightening piece of adware

LastPass went beyond simply explaining what Superfish is, and the company created a tool that will instantly inform you if your computer is infected with Superfish.


It couldn’t be easier to use. Simply visit this page on the LastPass website and you’ll see a message at the top of the screen informing you of whether or not your computer is infected.

If you see this message, you’re good to go:
[Image: safe.jpg]


If you see a message saying Superfish is running on your computer, it’s relatively easy to remove.


Here are the removal instructions, also courtesy of LastPass:
If you’re affected by Superfish, you must first uninstall the program:
  1. Click the Windows Start button
  2. Search uninstall program
  3. Launch uninstall program
  4. Right-click on Superfish Inc VisualDiscovery and select Uninstall
  5. If prompted for administrator password, enter or provide confirmation
Then you must uninstall the certificates as well:

  1. Click the Windows Start button
  2. Type certmgr.msc into the Search box
  3. Click the certmgr.msc Program to launch it
  4. If prompted for administrator password, enter the password or provide confirmation
  5. Click on Trusted Root Certification Authorities
  6. Open Certificates
  7. Look for certificates mentioning Superfish Inc.
  8. Right-click on any Superfish Inc certificates and delete
  9. Restart your browser and return to this page to see you are safe
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)