Reports have been flooding in about computer maker, Levono. It has been installing adware onto new consumer computers that activates when taken out of the box for the first time. The adware, named Superfish, is reportedly installed on a number of Levono's consumer laptops out of the box. The software injects third party ads on Google searches and websites without the user's permission.
Adam Winn, manager, OPSWAT says: "While the intentions may not be malicious, the implementation certainly is. Superfish is more than just adware -- it’s a man-in-the-middle attack masquerading as adware. In the age of nearly constant security-related headlines, it’s shocking that Lenovo would preinstall software that breaks the SSL trust chain in such a fundamental way. This is reminiscent of the Sony BMG rootkit from 2005, but more disturbing because of it goes to the heart of privacy concerns and the fundamental trust that consumers place in SSL protected websites.
Lenovo has a dedicated following of IT professionals, as evidenced by the ubiquity of Thinkpads in enterprise, so there’s no doubt that this incident will come with a heavy hit to Lenovo’s bottom line. No IT administrator will tolerate a MITM attack on company owned or even BYOD assets."
Simon Crosby, Co-founder and CTO, Bromium cautioned: "It is high time for PC OEMs to accept that adware and other junk software installed in consumer devices is precisely the opposite of what their customers want, and that delivering a secure, non intrusive, high quality product is valued by consumers. The Microsoft Surface Pro 3 is perhaps the antidote to the foolish behavior of PC vendors. It delivers the best that Microsoft offers, with no hidden scams."
Whilst TK Keanini, CTO, Lancope enthused: "I'm happy to see consumers pushing back and demanding greater security out of the box. Unless the market steps up and ask for more secure systems, vendors will keep doing silly and sometimes irresponsible things. I remember purchasing a laptop for my daughter a few years back and the retailer wanted me to pay extra to remove all the adware and 'extra's from the unit. This is not right. Pay extra so that I can get rid of all the advertising software and programs that slow my experience down? It is like buying a car and paying extra to remove the ads painted on the side of the vehicle"