Slashdot Mirror
Lenovo Hit With Lawsuit Over Superfish Adware
An anonymous reader writes with news that the fallout from the Superfish fiasco might just be starting for Lenovo. "Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter. A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with 'fraudulent' business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called 'spyware' in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits."
I hope it costs both of them twice what they earned
how about the security flaws in the spyware? if it's a "BFD" go ahead and install it on you own system.
small operation businesses often source cots equipment, and cant afford a dedicated IT dept to produce and maintain system images.
this means they get crapware in a business seting.
I think we all want Lenovo's feet held to the fire for this one, but what is the right course of action? A class action lawsuit, that benefits few people in the class, but enriches lawyers... Or a criminal prosecution under the Computer Fraud and Abuse Act for aiding malicious actors in installing their malware/spyware?
The lawsuit alleges fraudulent business practices - i.e., that the plaintiff was lied to. If the eula contains lies, then reading the eula would not do any good.
The reason for the lawsuit is so that, the next time Lenovo or any other computer maker is deciding whether to include some adware or browser hijacker with their Windows OS install, they decide against doing so because of legal liability.
Companies care more about the bottom line than anything else. Computer makers will not stop putting crapware on computers until it costs more for them to add the crapware (via lawsuit settlements, etc.) than they get in kickbacks from the crapware makers.
Yeah it's a BFD, Lenovo took money to install an application that deliberately reduced end user security for the sake of inserting ads into their browsing activities! Not only is it completely bereft of ethics and respect for their customers, it's actively dangerous.
They shouldn't just be hit via a class action suit (assuming Lenovo isn't sticking a "binding arbitration" clause to defeat the ability for consumers to seek recourse) but Federal prosecution under one of the many computer security laws that would string up anyone else.
The loss of time and effort to figure out whether this is going to cause a problem and then the time and effort to get rid of it.
That loss is obvious not much on a dollar per user basis, but if you add up all those users it's enough to incent Lenovo to do something so scurrilous. That's precisely the situation which class action lawsuits exist to redress, and according to the article that's the kind of lawsuit that has been filed.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I have a feeling this is less about recovering from damages and more about teaching them a formal lesson (well, cashing-in under the guise of teaching them a formal lesson).
That's the entire point of a class action suit. To stop powerful companies from doing a large number of small harms and getting away with it.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
It's a common refrain to say that nobody benefits from class action suits except the lawyers. While that may be true for the class litigants themselves it is entirely untrue for the public at large. The purpose of large punitive rewards is to penalize corporate misbehavior and in turn incentivize good behavior. By that measure we all benefit from these suits.
I think it should be clear to everyone now. Lenovo is not IBM and it may have managed to retain some of the reputation of the IBM branding that went with its computers. But with one mistake it has managed to wipe that all away with SuperFish. I learned my lesson a couple years ago that Lenovo was not IBM and it would never be anything close. I would not buy another Lenovo PC if they sold them for a dollar. I hope Lenovo pays dearly for this mistake, and I hope other PC makers see this as a lesson to not sell out its customers to some two bit crapware company to earn a few bucks.
This is exactly the sort of crap everyone was predicting when IBM sold their PC line to Lenovo.
The only thing that surprises me is that it took so long.
my sig's at the bottom of the page.
Their network, their rules. A company doing this sort of thing on their own hardware, which is there for employee work purposes, is not comparable to Lenovo shipping millions of consumer units with this stuff surreptitiously installed.
It's not so cut and dry though. This has gone through the courts multiple times and EULA have been enforced and not enforced multiple times. It seems to depend on more of which court you take it to. Now the issue here isn't only things that would be covered by the EULA. If it were this would be mildly interesting, the meat of it is the fact that they also are talking about leaving computers/users open for attack and damaging the equipment and hurting people(not physically obviously). It's really interesting, and I wonder if a company can be held liable for poorly written software like that. If they can be held liable who's responsible? Lenovo for probably taking some money to put this on their computer or komodia for having shitty security and poor design.
If this goes for the people filing I wonder if it will have a positive affect and make manufacturers think before they do something like this in the future.
Does anyone recall what happened with the Sony Rootkit deal?
The slideware published on government attempts to undermine SSL web traffic suggests they are supremely interested in trying anything they can.
Getting a trusted cert with a key they control installed on a large number of laptops is a dream come true.
So who is actually behind Komodo?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.