Skip to main content
  1. Home
  2. Computing
  3. News

Lenovo’s CTO apologizes for Superfish debacle

Chris Stobing
By

Lenovo ThinkPad X250
If you have a connection to the internet, you probably haven’t been able to turn around twice this week without hearing about the Superfish adware that’s appeared on Lenovo’s systems.

Users of Windows machines have long since grown accustomed to the practice of various hardware vendors installing all manner of bloatware on their products prior to purchase. Dell ShareZone, Samsung Music Thing, HP Print Something or Other, all forgettable pieces of software that only our grandparents use -but until now they were generally innocuous enough not to raise an alarm.

Now all that has changed with the introduction of Superfish, which Lenovo was bundling as part of the stock softare installed on laptops and desktops brandishing its logo. The software broke the SSL chain between a browser and the Internet, so it could inject ads into everyday browsing destinations. That’s bad enough, but it also means anyone who hijacks the adware’s security certificate, which is protected by a single password that’s already cracked, can inject other, even more malicious content or read data that’s supposed to be encrypted.

Related: Lenovo PCs with Superfish adware contain critical security vulnerability

Luckily, Microsoft was lightning quick to respond to the problem, and has updated its Microsoft Security Essentials suite with a patch that can root out the problem post haste.

Following the dust-up, Lenovo’s CTO Peter Hortensius has come out to publicly apologize for the debacle in an interview with PCWorld, where he readily admits that his company “messed up, and added “going forward, we feel quite strongly that we made a significant mistake here.”

The company responsible for developing Superfish, Komodia, has come under fire from Internet vigilantes in the form of a massive denial of service attack which has apparently shut down the company’s operations. Komodia has so far refused to admit any wrong-doing, which is not unexpected. Adware is the company’s product, after all, so disowning Superfish would mean abandoning a key piece of software.

Lenovo, however, has posted updated uninstall instructions that allegedly remove not only the software, but also the HTTPS security certificate exploit which made Superfish a problem in the first place.

Editors' Recommendations

Spellcheckers in Google Chrome could expose your passwords
Office computer with login asking for password and username.
What is Discord?
Discord
Beware: Hackers are using a clever Microsoft Edge malvertising scam
The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.
This Microsoft Teams exploit could leave your account vulnerable
A video call in Microsoft Teams is displayed on a laptop.
Hackers may be hiding in plain sight on your favorite website
A depiction of a hacked computer sitting in an office full of PCs.
Pico 4 VR headset is here to take on the Meta Quest 2
Pico 4 VR headset includes fitness tracking.
Nvidia CEO’s response to the EVGA controversy may surprise you
NVIDIA CEO Jensen Huang on stage.
The HP Omen gaming laptop has a $400 discount today
The HP Omen 16.1-inch gaming laptop with the Omen logo on the screen.
This Lenovo laptop deal cuts the price down to $99
A Lenovo 100e Gen 2 AMD Laptop sits open on a white background.
This dongle can bring a superfast Wi-Fi 6 connection to your old computer
The Netgear Nighthawk A8000 Wi Fi 6 adapter
Instagram appears to be down. Here’s what we know so far
Instagram being used on an iPhone.
Instagram is building a ‘nudity protection’ tool for your DMs
Instagram app on the Google Play Store on an Android smartphone.
Get 3 months of NordVPN for free when you sign up today
NordVPN company name and logo, blue mountain peaks against a white circle on a blue background.