Are Lenovo Computers Safe For Consumer Users? FireFox or Chrome users are not affected, even if they do use infected Lenovo laptops
21 February 2015, 06:11
0
320
There have always been worries that the Chinese government could use its
power to force homegrown technology companies like ZTE, Huawei, Qihoo
360 and Lenovo to spy on user communications, but now a bombshell has
landed that shows Lenovo is forcing adware onto users' computers on the
company's own volition.
According to Errata Security, an ad-supported software on Lenovo computers called SuperFish is "designed to intercept all encrypted connections… It does this in a poor way that it leaves the system open to hackers or NSA-style spies."
SuperFish apparently resides on all Lenovo laptops registered after "mid-2013". Errata reports that SuperFish's advertising injects JavaScript code into webpages and installs a transparent-proxy service on the laptop that intercepts browser connections.
Yet Mark Hopkins, the program manager for Lenovo social media, responded about a month ago that "Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled."
But removing the adware software reportedly does not solve the problem because the root certificates are still embedded into Lenovo laptops. So a savvy user must manually go into the computer's settings to remove that errant certificate.
According to Errata Security, an ad-supported software on Lenovo computers called SuperFish is "designed to intercept all encrypted connections… It does this in a poor way that it leaves the system open to hackers or NSA-style spies."
SuperFish apparently resides on all Lenovo laptops registered after "mid-2013". Errata reports that SuperFish's advertising injects JavaScript code into webpages and installs a transparent-proxy service on the laptop that intercepts browser connections.
Yet Mark Hopkins, the program manager for Lenovo social media, responded about a month ago that "Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled."
But removing the adware software reportedly does not solve the problem because the root certificates are still embedded into Lenovo laptops. So a savvy user must manually go into the computer's settings to remove that errant certificate.
