The federal Computer Emergency Readiness Team is urging consumers whose Lenovo PCs came with pre-installed marketing software to take “corrective action” to ensure they aren’t vulnerable to hackers.
CERT, in an updated warning issued Tuesday, cautions that although Lenovo has stopped pre-installing Superfish software on its consumer PCs, computers that already have it “will continue to be vulnerable until corrective actions have been taken.”
CERT, which initially posted its concern about Superfish on Friday, urges that consumers both uninstall Superfish and take additional action to remove all vestiges of the software. It also provides links to remedy the situation, including a Lenovo tool to uninstall the software, at http://1.usa.gov/1Ad3zGf.
CERT labeled Superfish “spyware.”
Lenovo said Thursday it began pre-loading Superfish on some consumer PCs — not on its Think brand PCs for business customers – beginning in September, but stopped doing so in January in the face of consumer complaints. It also said it took steps to disable the software on PCs already in the hands of consumers.
The company has faced a barrage of criticism for pre-loading the software, which it said was designed to enhance consumers’ online shopping experiences.
On Monday, Lenovo Chief Technology Officer Peter Hortensius posted an apology on the company’s website.
“Clearly this issue has caused concern among our customers, partners and those who care about Lenovo, our industry and technology in general,” Hortensius wrote. “For this, I would like to again apologize.”
Lenovo previously said it wasn’t aware of any “potential security vulnerability” with regard to Superfish prior to Thursday.