Slashdot Mirror
Lenovo To Wipe Superfish Off PCs
An anonymous reader send news from the Wall Street Journal, where Lenovo CTO Peter Hortensius said in an interview that the company will roll out a software update to remove the Superfish adware from its laptops. "As soon as the programmer is finished, we will provide a tool that removes all traces of the app from people’s laptops; this goes further than simply uninstalling the app. Once the app-wiping software is finished tonight or tomorrow, we’ll issue a press release with information on how to get it." When asked whether his company vets the software they pre-install on their machines, he said, "Yes, we do. Obviously in this case we didn't do enough. The intent of loading this tool was to help enhance our users’ shopping experience. The feedback from users was that it wasn’t useful, and that’s why we turned it off. Our reputation is everything and our products are ultimately how we have our reputation."
Someone needs to be fired for this. Someone very high up the corporate ladder. Someone who thinks SuperFish improves the shopping ecperience. Someone who needs to be blackballed from the industry and die penniless huddled in a cardboard box drinking sterno.
If that doesn't happen, SuperFish and problems like it will continue to happen.
There is a lot of truth to that statement.
It was the cheaper consumer models that were affected. Retail profit margins are so thin that manufacturers and retailers make up for it with preloaded crapware.
Lenovo's business products were not affected by this as these aren't usually preloaded with crap.
The same goes for other manufactures too. Dell and HP both offer cheap crapware infested models, along with pricier crap free business models.
You do get what you pay for.
Ad injection is quite lucrative. This is what entire companies like Phorm which intercepts in-flight connections and inserts ads.
As for ad injection like this, I've seen a number of consumer level PCs route traffic through a local proxy, installing Web browser add-ons to keep the browser switched to the proxy and to inject their own SSL key. The fix was removal, and even then, there were processes that had to be stopped via autoruns, as well as blocked from phoning home via the Windows Firewall (so there wasn't a chance they could do damage even if restarted.)
The exception to this seems to be HP, which might have sample programs on it (Norton, for example), but no crapware that loads in Web browser add-ons. It actually was a shock seeing a new HP consumer laptop actually in a usable state out of the box, without having to go swinging at what starts up with the autoruns pickaxe.
The problem is that companies face zero negative consequences for adding intrusive software like this onto a machine. Joe Sixpack won't know or care that his search engine gets redirected through some no-name third party site so his google search page has flash ads. With the private key out, he won't realize that his banking stuff is compromised until his bank account gets drained.
The fix? As a consumer, either bring your own OS and completely wipe and reinstall the box, or buy a business-line version. Lenovo would not dare to try installing anything like this on the Thinkpad line, just like Dell's Latitude line, and HP's EliteBook line. Of course, there is always Apple, which seems expensive, but if one compares like for like, a MacBook Pro actually has a price advantage to a comparable business line HP or Dell with the same features and chipset.
It seems that MS realizes there is a problem with junkware included with their OS. They can't force manufacturers to not install junkware on the computers they sell, but it looks like MS is trying to do something to alleviate the problem. It actually looks like the machines sold on the Microsoft Store are actually quite competitively priced.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.