Skip to main content
  1. Home
  2. Computing
  3. News

Lenovo’s CTO apologizes for Superfish debacle

Add as a preferred source on Google

If you have a connection to the internet, you probably haven’t been able to turn around twice this week without hearing about the Superfish adware that’s appeared on Lenovo’s systems.

Users of Windows machines have long since grown accustomed to the practice of various hardware vendors installing all manner of bloatware on their products prior to purchase. Dell ShareZone, Samsung Music Thing, HP Print Something or Other, all forgettable pieces of software that only our grandparents use -but until now they were generally innocuous enough not to raise an alarm.

Recommended Videos

Now all that has changed with the introduction of Superfish, which Lenovo was bundling as part of the stock softare installed on laptops and desktops brandishing its logo. The software broke the SSL chain between a browser and the Internet, so it could inject ads into everyday browsing destinations. That’s bad enough, but it also means anyone who hijacks the adware’s security certificate, which is protected by a single password that’s already cracked, can inject other, even more malicious content or read data that’s supposed to be encrypted.

Related: Lenovo PCs with Superfish adware contain critical security vulnerability

Luckily, Microsoft was lightning quick to respond to the problem, and has updated its Microsoft Security Essentials suite with a patch that can root out the problem post haste.

Following the dust-up, Lenovo’s CTO Peter Hortensius has come out to publicly apologize for the debacle in an interview with PCWorld, where he readily admits that his company “messed up, and added “going forward, we feel quite strongly that we made a significant mistake here.”

The company responsible for developing Superfish, Komodia, has come under fire from Internet vigilantes in the form of a massive denial of service attack which has apparently shut down the company’s operations. Komodia has so far refused to admit any wrong-doing, which is not unexpected. Adware is the company’s product, after all, so disowning Superfish would mean abandoning a key piece of software.

Lenovo, however, has posted updated uninstall instructions that allegedly remove not only the software, but also the HTTPS security certificate exploit which made Superfish a problem in the first place.

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
I used ASUS’ dual-screen laptop as a portable creative station, and my desk PC started collecting dust
The Zenbook Duo might be the creator setup I wanted in college
Computer Hardware, Electronics, Hardware

With laptops, brands are constantly in a balancing act between portability and workspace productivity. The ASUS Zenbook Duo UX8407AA tries to dodge that choice with a design that brings a whole setup in a compact form factor.

I used the Zenbook Duo as a creative machine, mainly with design apps, illustration work, writing, and multitasking. The model I tried runs on Intel’s Core Ultra 7 355, paired with 32GB of memory and a 1TB SSD. That gives it enough horsepower to handle Photoshop and Animate, for sketches and animations, and a lot more without breaking a sweat.

Read more
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more