Lenovo computers come with pre-installed adware and MITM proxy

If you have recently bought a new Lenovo computer, you’re in for a nasty surprise: the company has been shipping them with pre-installed adware.

And, what’s even worse, the software in question is also using MITM SSL certificates, which is made possible by the installation of a self-signing certificate authority. This allows the company behind the malware to intercept secure connections and collect the unencrypted data, as a poster on the Lenovo forums showed.

A Lenovo administrator took to the forum to explain what Superfish does:

“To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine,” he said.

“Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.”

Finally, he stated that due to some issues they have temporarily removed Superfish from their consumer systems until such time as Superfish is able to provide a software build that addresses these issues. “As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues,” he said.

However reasonable this explanation sounds to Lenovo, I seriously doubt users will be happy about it. Lenovo has obviously made a serious blunder.

Update: February 19 2015, 2:47 PM PT. Click here for an easy Superfish removal guide.