Seems Lenovo got the bright idea that they wanted to be in the adware business and started shipping Superfish adware system that uses a self signed root cert to basically commit a MITM attack and intercept HTTPS connections. Why? To inject adverts, of course, because we all know there aren’t enough advertisements on the net these days.
Ars Technica’s article has a good summary and Errata Securty’s blog goes even deeper into the mess. If you bought a Lenovo laptop any time after October of last year (though some say as early as June) there’s a good chance you have this abomination installed. The Errata Security link above will walk you through testing for and uninstalling it.
This is why we can’t have nice things and why any company that lets marketing make these kinds of decisions deserves the pounding they get from the users and buyers of their products. There is absolutely no excuse for this in 2015. Period.
Lenovo just took themselves off my list of considerations for my new laptop this spring. I’ve been looking for a 4k laptop to replace about 90% of what I use my desktop for and Lenovo had a couple of good prospects. Not any more. Damned shame, really. I love their hardware, at least on the upper end.
Scott
