Lenovo Pre-instaling Adware :: Superfish

by Volker Weber

First thing i done was download chrome and already noticed when i google search, adware adverts appear into the search results. These are cleverly designed to fit into the search results to make them appear to look normal.

So today i got some time to investigate and narrowed it down to a piece of software called Superfish. I check the install date and ......its the 1 month before purchase when all the other lenovo bloatware was installed.

That's an insult which goes beyond bloatware.

More >

Here is Lenovo's statement:

"Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in market from activating Superfish. Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."

My Yoga did not have Superfish installed. I believe these really bad ideas stem from the fact that in many market segments PC makers race to the bottom. In pursuit of ever lower prices they add software which makes a few dollars of profit. Be it Antivirus trialware, useless add-ons or in this case adware.

You can easily avoid this behavior if you buy from a company like Apple. You get a clean user experience, no pesky stickers, no bloatware. Just the real thing.

Comments

Ärgerlich, unprofessionell, aber de-installierbar.

Schlimmer finde ich Software, die sich über das BIOS automatisch in Windows neu installiert, selbst wenn man das gar nicht will, und die man lt. c't Bericht (Heft 3/2015, Seite 68) nach einmaliger Aktivierung praktisch nicht mehr los wird:

http://www.heise.de/newsticker/meldung/Computrace-fuer-Notebooks-Anti-Diebstahl-Tool-verunsichert-Nutzer-2516155.html

Hanno Zulla, 2015-02-19

The article you cite doesn't look entirely convincing - install date is not a reliable indicator of the provenance of a piece of software - but many other sources confirm this.

And Volker, it is far, far worse than insulting. It is utterly reckless disregard for basic safety. The adware in question actually installs its own self signed *root* certificate, making it a very effective MITM vector for anyone wishing to intercept secure communications on any affected machine. That means your bank, for one example.

See also:
https://twitter.com/fugueish

Chris Linfoot, 2015-02-19

Also this:

http://www.tripwire.com/state-of-security/security-data-protection/superfish-lenovo-adware-faq/

Chris Linfoot, 2015-02-19

vielen dank für diesen interessanten hinweis, muss mein lenovo prüfen.

der letzte satz suggeriert, dass apple-maschinen sicher sind, weil sie ohne offensichtliche adware verkauft werden und apple gute gewinne mach und es daher nicht nötig hat seine käufer zu überwachen.

kann man wirklich diesen schluss ziehen? keiner weiss zu 100%, was microsoft, google, apple etc. direkt in ihre betriebssysteme implementiert haben, oder?

Felix Kluge, 2015-02-20

Nein, sie sind nicht sicher. Aber Apple handelt im Interesse des Kunden (und damit im eigenen), wenn sie sich nicht dafür bezahlen lassen, dem Kunden etwas reinzudrücken. Diese Aufkleber (Windows, Intel Inside, etc) sind ein gutes Zeichen. Die bringen gar nichts, sind schwer abzukriegen. Ein einziges Ärgernis. Und wenn man mal sehen will, wie schlimm das geht, dann kauft man einen PC bei Aldi.

Microsoft hat das Problem erkannt, aber die OEMs gehen nicht mit: www.microsoftstore.com/signature

Volker Weber, 2015-02-20

.. no bloatware?!?
Während ich unter Snow Leopard noch das heilige iTunes RESTLOS entfernen konnte, kommt es unter Yosemite immer wieder.

Bernhard Kockoth, 2015-02-22

Recent comments

Volker Weber on From my inbox at 23:40
Johannes Matzke on From my inbox at 08:56
Volker Jürgensen on From my inbox at 05:54
Andy Mell on From my inbox at 22:44
Nina Wittich on What do you want to be? at 20:51
Armin Grewe on What do you want to be? at 07:27
Bernd Hort on From my inbox at 22:13
Martin Funk on What do you want to be? at 21:21
Karl Heindel on From my inbox at 19:53
Volker Jürgensen on From my inbox at 19:00
Armin Grewe on What do you want to be? at 18:48
Leo Wiggins on What do you want to be? at 16:46
Ian Bradbury on Eve Light Switch mit Thread-Unterstützung at 15:20
Lutz Lengemann on What do you want to be? at 14:54
Richard Albury on From my inbox at 14:36
Volker Weber on From my inbox at 14:03
Reinhardt von Bergen Wedemeyer on From my inbox at 13:49
Volker Weber on What do you want to be? at 13:28
Stefan Funke on What do you want to be? at 13:23
Mariano Kamp on What do you want to be? at 13:05
Peter Daum on What do you want to be? at 12:35
Ben Poole on What do you want to be? at 11:51
Christian Just on What do you want to be? at 10:20
Lukas Gerlich on What do you want to be? at 09:57
Ben Poole on What do you want to be? at 09:55

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 03:38

visitors.gif

Paypal vowe