Lenovo forced to remove hidden adware from PCs

February 19th 2015

Computer manufacturer Lenovo has removed hidden adware that it was installing on consumer laptops and PCs after users expressed anger and security experts said that it could be exploited by fraudsters.

For information and advice on viruses and spyware, click here

Superfish – as the adware is called – was shipped on machines from October to December last year, but has been subject to widespread criticism.

The company told the BBC in a statement: "Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in the market from activating Superfish.” It continued: "Superfish was preloaded on to a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."

Lenovo claims that Superfish was deployed to help customers discover interesting products whilst shopping online, by visually analysing images to find the cheapest ones. However, software like this is regarded by industry experts as a form of malware because of the way it interacts with users’ computers.

Lenovo’s Mark Hopkins told users in a forum last month that "due to some issues (browser pop up behaviour, for example)", the company had "temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues".

He added it had requested that Superfish issue an auto-update for "units already in market".

However, it is unclear what the situation would be for machines where the adware had already been activated.

Prof Alan Woodward from Surrey University told the BBC: "It is annoying. It is not acceptable. It pops up adverts that you never asked for. It is like Google on steroids. This bit of software is particularly naughty. People have shown that it can basically intercept everything and it could be really misused."

He continued: "If someone went to, say, the Bank of America then Superfish would issue its own certificate pretending to be the Bank of America and intercept whatever you are sending back and forth.”

Written by

In partnership with