Skip to main content

Lenovo CTO says company 'messed up' enabling Superfish on its laptops

Peter Hortensius, the chief technology officer for Lenovo, has now admitted the company "messed up" when it decided to pre-install the Superfish software on some of its notebooks in the fall of 2014. Users discovered the application placed third-party ads on Google search results and other websites, and also used a root certificate that was quickly cracked by security researchers.

According to Re/code:

"The company has an engineering review that made sure that the tool itself didn't store customer information and had a mechanism for users to opt out, but Lenovo missed that the way the software behaved could create a situation that left machines vulnerable to an attack. "We should have known that going in that that was the case," Hortensius said. "We just flat-out missed it on this one, and did not appreciate the problem it was going to create."

Lenovo has since given owners of the laptops that had Superfish installed a way to delete both the software and the certificate. Hortensius says that Lenovo will announce a plan by the end of February that will detail improvements in its software practices. He added, "We are not just curled up in a ball. We are taking real action to make this right with our customers."

Source: Re/code

70 Comments
  • No problem we forgive you
  • You forgive, i don't
  • We forgive... but we won't forget... when we go to buy another PC. They screwed up royally.
  • Yup - forgive them for not understanding the business they're in, forget buying from them again.
  • Exactly, Lenovo shouldn't even think of putting it in the first place. Did they also install it on their Smartphone ? Now I'm staying away from them forever.
  • Apple and MacBook owners are having a blast with this Lenovo mess, it is completely embarrassing that the most popular Windows notebook maker would do something so stupid. Apple would be smart to make a commercial out of this atrocity. God damnit.
  • Yeah they're boned.
  • Well, Duh!
  • Sounds like Peter may have just got thrown under the bus... Good luck in your job search Peter just in case you need it!
  • Seriously. Meanwhile, some middle manager at Lenovo who made this decision is sweating bullets, hoping they don't find out he's related to the sales guy over at SuperFish...
  • Water is wet. Sorry, I thought we were having a "state the obvious" competition. Obvious fix, though: stop installing crapware and offer clean Windows.
  • The sky is blue. Sounds to me they are just making excuses, they knew what it was doing. Posted via the Windows Central App for Android
  • Lenovo is Chinese company, and quite honestly, this is the type of bullshit you can expect from them. Do not be surprised if they have some other type of malware running on machines they sell you
  • True. That's why I suggest installing a clean version of Windows when you buy a new computer. We do this at my work, no one likes OEM bloatware. Some apps OEM'S install are borderline malware. Posted via the Windows Central App for Android
  • Precisely!
  • Yep! that's what I do and we do at the office. No need in all the mess the OEMs install on the computer... Consumer ans especially business class machines should have any of that mess on their... still most people never pay any attention to what they are installing... so they put more malware on the PC... :|
  • I hope their new policy is every system is a signature PC, and business grade is pure Windows or blank hdd with install disks. Then the others will have to follow suit.
  • They messed up because they got caught. They wouldn't think the same if they didn't get caught.
  • Agreed.
  • True.
  • No they are merely testing the water as to the limits they can push. Lenovo is a china "government" vehicle for spying on the rest of the world. Why is the "government" of china so interested in owning hardware manufacturers... same reason they are so interested in owning search engines and instant messaging platforms.
  • I think companies should just pre-install nothing, unless its something like Office free for a year, etc.
  • Yeah except this is more of a decision higher up than the company.
  • This is, ultimately, one more reason to buy from Microsoft Store. They clean all add on junk off the computer before it gets sold.
  • Yes... Now if they would come to the UK...
  • Can't clean the hardware sorry. And you can run diagnostics on it all you want, sleeper hardware might only activate after a year or two, or based on certain incoming signals such as the presence of a certain MAC address over WiFi, or obtaining a foreign government or corporation ip address.
  • Ya think Peter?!
  • This is one of the many reasons why I chose AW over hP
  • Aw?
  • I really hope he doesn't mean Alienware
  • I'll still take a Lenovo over a Dell any day...Dell has lost me w/ terrible warranty support and PC's that simply haven't lived up to expectations.  Back to Lenovo, there should be some sale prices coming our way as the blowback from this escalates. If there is one thing I believe, it's the fact that because they got caught they will have to be extra careful going forward.  Fool me once, shame one you, feel me twice...  For that reason I think they'll be more diligent about avoiding spyware going forward.  Wil lthey do this for the altruistic/privacy reasons...defnitely not...  They will do it to defend and rebuild their name and drive profitability.
  • Excel new Dell is so much better than it used to be. Dell is now a private company. So they are more focused now.
  • Not mention some of their premium label laptops have upgradeable components like Video card, wlan
  • Actually, Dell hit bottom a while ago and have been on the upswing while Lenovo is now somewhere on the downslope of previously being the best.   The comments here, that their mistake was the root certificate, not that it was preinstalling adware (the worst of preinstalls next to actual spyware or viruses), make me concerned that that they are going to continue to be on the downswing for a while.
  • My XPS 2710 All In One is a 2013 model and is currently an overpriced paper weight.  Started having touchscreen issues (ghost-like touches) while in warranty, we thought they were resolved after I did a full reinstall (w/ help of Dell support and 4+ hours on the phone), but the issues came back after I was out of warranty.  Problem went from a bad touchscreen (a known motherboard issue) to an extremely laggy system to now the motherboard being dead and not posting the bios.  Dell refused to fix under warranty (a few months passed because it's hard to find 4 hours to spend on the various tech support phone calls & hold), so now I'm trying to get AmEx to cover it w/ their 1 yr. extended warranty.  Dell has lost a customer for life due to their pi33 poor service and inability to resolve something expeditiously and in a fair manner (IMO).
  • Lenovo and dell are both horrible in my eyes.
  • Go read actual Amazon reviews for new Lenovo machines, almost all of them have massive problems like broken wifi and other stuff
  • Slow claps x 5
  • They should at least give us the option of reinstalling a clean image with none of the bloat ware.
  • I would hug him and pat his back, poor little Lenovo, being judged by installing crap which became a security risk that even Defender has to delete.  
  • There is a tendency these days to over apologize. Uninstall it, say you listened to customer feedback and move on.
  • Now that I've removed the Superfish from my Laptop, I should say, Seems faster! LOOOL :P
  • The only acceptable amount of installed bloatware on any computer is none. Manufacturers have to come to the realization that thier crap/bloatware is the issue. Clean up the installs...
  • As always the problem is corporate greed.  They make money from this stuff.   It supposedly offsets the the narrow margins they make on the hardware.  Personally I'd rather pay a bit more and not compromise the OS but perhaps not everyone thinks that way..
  • Never again. F Lenovo.  Typical...chinese company installing spyware/adware on to machines.  The trust is gone and broken.  They could have declared it before doing it rather than AFTER the fact of being exposed
  • Lenova rep: Trust? Ain't nobody got time for that!
  • It does give you the suspicion that the software was also part of a state spyware pack as the software did a whole lot more than just show unwanted ads. Lessons learned? Doubling up with adware draws attention.
  • It's amazing to me that people come up with stupid ideas like this in a multi billion dollar company that's been in business for decades, thinks this is a good idea, and then actually have others agree. Of course this was going to blow up in their face. I hope consumers take a class action lawsuit against them.
  • Wouldn't do any good. Most EULAs have you agree to an arbitration and sign away your right to file a class action lawsuit.
  • That in itself should be a law suit. Esp if your in Merica! Lmao, everything here is a law suit. That's why legal is the number one college course.
  • Normally I would agree, but in this case, Lenovo's actions actually have the potential to expose & compromise consumers' data. That may not have been the intention but that has been the result. Consumers & businesses for that matter do have some level of rights in a case like this I believe.
  • What else are they doing that they aren't telling us about?
  • No, no their was never a problem installing adware on consumer devices or business devices. No problem at all, it's okay everyone makes mistakes. Posted via the Windows Central App for Android
  • Unless there solution is to completely ditch this then it doesn't matter. I don't want them to make it better, I want them to ditch it. and never do something like this again. If the Chinese government is forcing them to use it or something then we should bar Lenovo products being sold outside of China. 
  • I love superfish. Put more like this. Lol
  • Fish and Chips? Or fish on your chips? What would you prefer my good sir? lol
  • Fish and chips mmmmm I don't eat chips myself. So no fish on chips lol
  • This will tarnish Windows desktop reputation even more, and increase Apple Macbook share. We will see the effects in a few months. 
  • I doubt that, lol.
  • Hey people are stupid already they just follow what the news says. "Hey Windows has spyware lets get a Mac".
  • OMG people should stop with their nagging. Just disable it and that's I. They didn't do anything wrong. Do I complain that apple and the government has our fingerprints location probably know when we even visit the bathroom.
  • They didn't do anything wrong? So what then? Right? And we have to thank them for that? You don't have a Lenovo so don't worry. I have a Lenovo that I purchased in the last quarter of 2014 so I am worried.
  • V_S is a corporate propagandist for Lenovo. Or just an idiot.
  • Just bought a Lenovo and like every computer I get I plan on wiping it and putting fresh 8 1 on it
  • Sounds kinda similar to Samsung tvs displaying ads on there smart tvs. Hmmmmm. To many ads anymore. It sucks.
  • Companies should be required to give us an untouched copy of windows to reinstall the OS when they sell us a PC.
  • If you think this is bad you should think about what the chinamanland government is putting in the hardware.
  • They "messed up" because they got caught.
  • What was the whole point of the software anyhow? I love how these geniuses at OEMs actually think they can make a machine better by putting software on it that is often buggy, slow and fundamentally useless to begin with. No HP, I'm not interested in the "HP Photoawesomebooth version 17". Keep it to yourself.
  • This is also the reason why most OEMs wouldn't want to make a phone with Windows Phone because Microsoft don't allow them to put all their 'bloatware' shits in the device. Where in Android, they are free do do it.