Peter Hortensius, the chief technology officer for Lenovo, has now admitted the company "messed up" when it decided to pre-install the Superfish software on some of its notebooks in the fall of 2014. Users discovered the application placed third-party ads on Google search results and other websites, and also used a root certificate that was quickly cracked by security researchers.
According to Re/code:
"The company has an engineering review that made sure that the tool itself didn't store customer information and had a mechanism for users to opt out, but Lenovo missed that the way the software behaved could create a situation that left machines vulnerable to an attack. "We should have known that going in that that was the case," Hortensius said. "We just flat-out missed it on this one, and did not appreciate the problem it was going to create."
Lenovo has since given owners of the laptops that had Superfish installed a way to delete both the software and the certificate. Hortensius says that Lenovo will announce a plan by the end of February that will detail improvements in its software practices. He added, "We are not just curled up in a ball. We are taking real action to make this right with our customers."