Lenovo facing questions about the Superfish adware

The Superfish adware was automatically installed on a number of Lenovo's laptops until January 2015. The software injects third-party ads on Google searches and websites without the user's permission, and it affects the Internet Explorer and the Google Chrome browsers on these machines.

Lenovo, however, defended the adware, saying that it helps users find and discover products visually and helps users find similar products at lower prices on the web. It is also claimed that users can refuse the terms and conditions when setting up their laptop, which means the software will be disabled. In spite of this, some users have reported that the adware installs its own self-signed certificate authority which effectively allows the software to snoop on secure connections, like banking websites. This is a malicious technique commonly known as a man-in-the middle attack, where the certificate allows the software to decrypt secure requests.

The adware causes unwanted pop-ups and adverts to appear on the screens, thus causing numerous consumer complains. As a result of these complains, in January 2015, Lenovo announced that the Superfish adware would be removed from all current systems. Various complaints from users were made on the basis that they were not informed about the adware when they purchased their computers.

Even though the company has stopped installing the software on computers, it appears this is simply a temporary measure until the company behind the software makes some tweaks to stop pop-ups and it can therefore be installed once more.

Although Lenovo has said that it has removed Superfish from new machines and disabled it from others, the position for machines which already have Superfish activated was less clear. Superfish is identified by antivirus products as adware and advised to be removed. There have been calls from both concerned customers and industry experts to for Lenovo to clarify the full extent of its actions.