Lenovo’s Superfish Adware Bites!


One of the most valuable assets any business owns is its reputation. So it may come as something of a surprise to learn that Lenovo, a personal computer company that allowed Superfish to put its software on new machines, did so in return for a paltry $250,000.

According to Forbes, that was the sum that exchanged hands when the PC maker took the unfathomable decision to allow what is commonly referred to as “adware” (and that’s the polite way of describing it) onto its hardware.

Given the fallout that has followed the news that Superfish was logging users’ every step on the internet, including private sessions with their banks and email providers, it seems likely that a quarter of a million dollars will look like small change in comparison to the financial and reputational cost to Lenovo.

Now, the company is busy backpedalling via its PR department as it seeks to placate angry customers, privacy activists and the security community.

In a press release issued on 27 February, the company said that its customers’ experience was paramount, as were the principles of security and privacy.

Lenovo said it will reduce the number of pre-loaded applications on its PCs and revealed that it had worked with security companies to enable the previously hard to remove Superfish to be zapped by antivirus programs.

Lenovo has also made an automatic removal tool available on its homepage and is offering a free 6-month subscription to McAfee LiveSafe for all of its affected customers.

In the future, the company says, it will only ship PCs with the software required to make them work to their potential, along with security software and specific Lenovo-owned software. The company will also endeavour to list every preloaded application along with an explanation of what each does.

This, it says, should go some way to removing what the industry often refers to as “adware” or “bloatware”.

Where all this leaves Superfish is anyone’s guess right now though.

The California based start-up began in 2006 when video surveillance experts Adi Pinhas and Michael Chertok looked into the possibility of scanning video footage following another venture in the casino industry.

The pair aimed to create a “visual search engine” – the software scans the web and uses mathematical models to catalogue, analyse and match images to products offered by its customers.

By 2011 the company had formed tens of thousands of partnerships, earning affiliate commissions on sales generated by users who arrived on product pages via Superfish.

The next move from the company was to launch a number of apps on Google Play and the App Store called “LikeThat” which allow fans of different industries to take and upload appropriate pictures. The app then matches those images to affiliated product pages with its partners and earns the company a commission on each related sale thus generated.

In early 2014 Superfish then approached Lenovo and discussed adding its VisualDiscovery software onto new PCs before they were shipped.

It was soon after that the problems began – buyers of Lenovo PCs started grumbling about poor performance when browsing the web, saying that internet surfing was a buggy experience.

When security experts began looking into the problem it was discovered that Superfish was the cause. Worse yet, many antivirus programs were unable to remove it and there were even reports suggesting that the pesky software was able to withstand a reformatting of a hard drive.

Angry customers threw up their arms and a lawsuit alleging that Lenovo and Superfish trespassed on personal property and violated wiretapping laws has already been lodged.

Even hackers have displayed their displeasure over the saga with the notorious Lizard Squad getting in on the act and defacing Lenovo’s website.

All things considered, it looks like Lenovo and Superfish still have much to do to convince their respective customers that their brands are trustworthy.

Featured image: Weyenbergh Jacky / Public Domain Pictures.net