Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Lenovo’s Ad Software could leave your PC exposed

Lenovo’s Ad Software could leave your PC exposed

We’re all highly aware of the issues around malware when they come from dodgy applications, emails or, increasingly, compromised web sites. It’s never been more important to have anti-virus software installed on your computer to ward away nasties, not just for your own protection, but also the protection of others, because a big part of the malware scene is in creating malicious applications or scripts that don’t only compromise systems, but spread as far and wide as possible. That’s malware in a nutshell.

What you don’t expect, or shouldn’t have reasonable cause to expect, is that software that your hardware manufacturer preinstalls on your laptops should act exactly like malware does. Sure, preinstalled software can sometimes be a bit of a pain if you don’t really want it on your new PC, but it’s typically easy to get rid of, and in many cases the size of installed hard drives mean that you could ignore it and never really miss the space.

In the case of an application that Lenovo installed on a number of its consumer laptops, however, ignoring it was the very last thing that you should do. The “Superfish” application that Lenovo included was intended to serve advertising material into your browser when you performed searches on Google, Amazon and other sites. That’s pretty rude in and of itself, but the story doesn’t quite end there. Superfish, you see, not only serves up ads, but does so by a contextual analysis of data presented to it, even if that data is on an encrypted website. So, for example, if you’re signed into Amazon making purchases, all that data should be encrypted. Except that Superfish sniffs it out so that it can serve ads. Again, rude and intrusive, but again it doesn’t end there.

The way that Superfish is able to do what it does relates to the automatic installation of a self-signed root certificate onto the Windows PCs that it’s installed upon. That’s what Lenovo did when it installed it, and while Superfish has stated on the record that its activities are entirely transparent, it’s since emerged that the presence of this self-signed root certificate presents a significant vulnerability to any PC it’s installed on. Not directly from Superfish itself, but because anyone connected to the same Wi-Fi network could rather easily read all the traffic coming from a Lenovo PC with that self-signed root certification onboard. Not just regular web traffic, but any encrypted traffic at all, whether it’s your login passwords for social media sites or your bank account details.

That’s a huge gaping security hole that should simply never have been there in the first place.

If you’re concerned and own a Lenovo laptop, there’s a test here that should detect the existence (or lack thereof) of Superfish’s dodgy certificates on your system.

Matters got so bad that the US Computer Emergency Readiness Team put out an alert regarding SuperFish, Lenovo issued a Superfish Removal tool, although at the same time, Microsoft itself has updated its Windows Security software to detect and eliminate the Superfish software and the dodgy root certificate.

That should hopefully see the problem fixed, but if you do own or use a Lenovo laptop, it would be extremely wise to check if it’s actually secure. You really don’t want to find out the hard way.


Recent News

Apple typically holds a launch event in September for its new model iPhones. Whenever those new phones launch is when the new versions of its mobile operating systems launch as well. They all used to be called “iOS”, but this now encompasses iPadOS, watchOS, and tvOS. iOS itself covers phones and iPod Touch only. Usually,

Chromebooks are laptops that use Google’s Chrome browser as the basis for their operating system. We’ve discussed them before but to date most of the models sold in Australia have tended to be low cost models pitched at the education market. As a much more controlled computer there’s less that can go wrong with a

When Apple announced recently that it was going to shift from producing computers using Intel processors to its own “Apple Silicon” it also said that it would still produce some Macs with Intel inside over the next couple of years. That’s just what’s happened with the very first Mac Apple’s released since dropping its Apple

We live in an age where it’s absolutely assumed that the vast majority of your interactions with computers will be with visual interfaces – strictly speaking Graphical User Interfaces if you want to get on the jargon bandwagon – but it certainly wasn’t always that way. To get to the touch, voice and mouse-activated interfaces

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More