Adware is bad, no matter what you say to justify its existence. It's part of the sketchy part of the web that most knowledgeable users tend to avoid, and what thousands of shops across the country make money on, by helping you remove it. So when we found out that Lenovo was installing adware onto new machines on purpose, you can be sure we were a little more than perturbed. But was there some rational reason behind this?
The Lenovo adware in question is called "Superfish" and what it does is inject third party searches onto Google search results. It scans photos on pages, and tags those with ads too. It even throws pop ups and wreaks other havoc, but most troubling is the fact that it installs its own signed certificates, allowing it to snoop on secure connections (think banking). This same technique is also called the "man in the middle" attack, making this software extremely dangerous.
However, Lenovo seems fine with this. In fact, they admit to installing the software, and all it a " technology that helps users find and discover products visually". An explanation by one of their forum administrators (Mark_Lenovo) is posted here, justifying the installation on their consumer systems. He does state, however, that you can prevent the installation, by disagreeing to the terms of service, yet users seem to still be having issues.
One user took it upon himself, to create a video to help afflicted users:
While Lenovo has halted the install of this software, at least temporarily, it doesn't look like they will discontinue the practice in the future as the reason for stopping the install is only related to "tweaks to stop pop-ups". That means, should you choose to purchase a Lenovo machine in the future, it might come included with the software again.
With reports of the software being installed coming up as early as the middle of 2014, it's likely that the practice might extend further back than that. It'd definitely advisable to have a look for this software, and squash it.
The only relief comes for FireFox users, as the SSL "man in the middle" attack does not work, because the browser stores and maintains its own certificates.
In all fairness, this might not be a Lenovo only situation as there are many manufacturers of notebooks out there. But it appears that they are the first company, in recent history, to not only get caught installing it, but also, admit to it, calling it a technology feature.
For those of us in the PC DIY space, this is certainly one of the reasons why we build our own desktops. But it is a bit more difficult to build your own notebook. However, blowing out the OS install and starting fresh, or simply by getting a notebook that doesn't come pre-loaded with an OS (like those from SAGER/CLEVO and their resellers) have always been an option for us.
For everyone else, the only surefire way to get a notebook without unnecessary bloatware, is to buy it from the Microsoft Store, where all their machines, are "pure" Microsoft, meaning, it's just the OS install and the essential drivers, and that's it.
Does this change your mind about buying Lenovo in the future?
Source: The Next Web