It's probably safe to say that Lenovo's decision to bundle notebooks with an adware program hasn't gone according to plan.
Starting last September, Lenovo has shipped notebooks with the adware program Superfish pre-installed. The program reportedly injects ads into Google search results. Lenovo says its goal was “to help customers potentially discover interesting products while shopping.”
But it emerged last night that the adware has some unintended consequences. Superfish -- “a horrifically dangerous piece of software,” according to the Electronic Frontier Foundation -- also leaves users vulnerable to hackers.
That's because the program tinkers with Windows' cryptographic security, in order to inject ads into secure HTTPS pages. “Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users,” the EFF says. “If you access your webmail from such a laptop, any network attacker can read your mail as well or steal your password. If you log into your online banking account, any network attacker can pilfer your credentials.”
The EFF calls Superfish's design “amateurish,” and says that Lenovo's decision to ship was “catastrophically irresponsible and an utter abuse of the trust their customers placed in them.”
For its part, Lenovo said today that it's asked Superfish to disable “all server activity associated with their product.” The company also has posted instructions telling people how to remove the software.
Lenovo adds that it stopped bundling Superfish with notebooks this month, and won't again pre-load computers with that program. The company hasn't said whether it intends to bundle its computers with other adware programs in the future.