Computer maker Lenovo, in an effort to serve customers advertisements, has prepackaged laptops with Superfish software, which is essentially an Internet browser add-on that injects ads onto the websites you visit. However, this software has a significant flaw: it makes you more vulnerable to hackers.
The malware undermines basic computer security protocols and tampers with official website certificates. As a result, it makes it harder for your computer to recognize fake or fraudulent websites and much easier for hackers to gain control of your computer and your personal information.
After a backlash by customers and computer security experts, Lenovo admitted that laptops have been preloaded with this software from September to January and promised not to preload this software in the future.
Lenovo listed 43 different models that were affected, including several of its Flex-, G-, S-, U-, Y- and Z-series laptops, as well as several Miix and Yoga series tablets.
In a company statement, Lenovo said, “We apologize for causing any concern to any users for any reason — and we are always trying to learn from experience and improve what we do and how we do it."
The Superfish Visual Discovery software was initially thought to be a value-add for customers, since it makes it easier to shop for deals. The program analyzes images individual users view on the Internet and presents similar products that might have lower prices.
Lenovo released manual removal instructions, as well as an automated tool to help users remove the software and certificate. They also shut down the server connections that enable the software.
Some computer security experts say users may also have to reinstall a fresh new operating system to be completely safe.
If you don't have a Lenovo laptop and are still concerned about whether your computer has Superfish software on it, check out LastPass's Superfish Checker.