Slashdot Mirror
Lenovo Still Shipping Laptops With Superfish
Ars Technica reports that weeks after Lenovo said it would stop selling computers with Superfish adware installed, it's still there for many purchasers of the company's laptops.
From the article:
Based on the experience of Ars readers Chai Trakulthai and Laura Buddine, Lenovo overstated both assurances. The pair recently examined a $550 Lenovo G510 notebook purchased by a neighbor, and their experience wasn't consistent with two of Lenovo's talking points. First, the PC was ordered in early February more than four weeks after Lenovo said it stopped bundling Superfish, and yet when the notebook arrived in late February it came pre-installed with the adware and the secure sockets layer certificate that poses such a threat.
"Lenovo may be saying they haven't installed Superfish since December, but the problem is that they are still shipping out systems with Superfish installed," Buddine said. "The Windows build had a date of December. They apparently aren't sorry enough to re-image the computers they have in stock to remove the problem and they're still shipping new computers with Superfish installed." Supply chains are long, and hand-work is expensive, so this might not surprise anyone. Less forgivable, though is this finding, of the software provided to purge machines of the adware: "Lenovo's software didn't begin to live up to its promise of removing all Superfish-related data. Based on its own self-generated report, the tool left behind the Superfish application itself. A scan using the Malwarebytes antivirus program found the Superfish remnants VisualDiscovery.exe, SuperfishCert.dll, and a VisualDiscovery registry setting."
"Lenovo may be saying they haven't installed Superfish since December, but the problem is that they are still shipping out systems with Superfish installed," Buddine said. "The Windows build had a date of December. They apparently aren't sorry enough to re-image the computers they have in stock to remove the problem and they're still shipping new computers with Superfish installed." Supply chains are long, and hand-work is expensive, so this might not surprise anyone. Less forgivable, though is this finding, of the software provided to purge machines of the adware: "Lenovo's software didn't begin to live up to its promise of removing all Superfish-related data. Based on its own self-generated report, the tool left behind the Superfish application itself. A scan using the Malwarebytes antivirus program found the Superfish remnants VisualDiscovery.exe, SuperfishCert.dll, and a VisualDiscovery registry setting."
Lenovo were the only ones who were caught. And:
Criticisms of Superfish software predated the "Lenovo incident" and were not limited to the Lenovo user community: as early as 2010, Apple, Mozilla Firefox, and Microsoft Windows users had expressed concerns in online support and discussion forums that Superfish software had been installed on their computers without their knowledge, by being bundled with other software.
After that there is some finger pointing by the CEO of Superfish at another company.
Anyway, when it comes to this shit and cheap computers that subsidize their prices with adware/malware/advertising/etc ..., I just clean all that shit off and then some other things - and it tickles me that the asshole companies like Superfish are getting screwed because they won't be getting any ad revenue from me or anyone else that I cleaned a machine for.
Although I consider Lenovo fully responsible (and liable) for SuperPhish in the first place, I could easily see the removal tool's inefficacy stemming from it being a panicked rush job.
I think what the OP is getting at is that if enough people don't trust Lenovo, and Lenovo goes under as a result, it would be a great lesson to the other manufacturers that putting this sort of crapware on their machines doesn't pay in the long run. It's not an unreasonable point of view, but I think you're right, because I think the Superfish debacle won't be enough to drive Lenovo out of business. All we have left is the carrot of being a potential future customer since the stick of beating down Lenovo won't be effective.
Your average home user doesn't reinstall anything, and for many reasons.
Even if he or she wanted to, they won't have a viable consumer OS installation disk anymore. They get the "System Recovery Disk" with their new purchase, and it's likely filled with the same Lenovo image that was used to bundle the malware in the first place.
John
If they're buying consumer grade laptops for employees, they'll just buy whatever is cheap in 5 years, and the bean counter won't listen to the whining about which brands anybody wants. That's true even if the CTO was overheard in the cafeteria saying, "Gosh, we'll never buy from them again!"