SciTech

Lenovo criticized for pre-installed software on consumer laptops

By David Ranii - dranii@newsobserver.com
THINKBRAND2-BZ-020515-HLL
A Lenovo assembler installs critical components into a new model 440 Think brand notebook during a run of notebooks at the Whitsett ThinkCentre manufacturing facility in Whitsett, NC. . hlynch@newsobserver.com

In the wake of a barrage of criticism, No. 1 PC maker Lenovo said Thursday that it stopped pre-loading controversial marketing software on its consumer laptops last month.

Some news organizations reported the software, which Lenovo preloaded between September and December on some consumer notebooks, posed a security threat by making the laptops vulnerable to hackers.

Lenovo, which is based in China and has a headquarters in Morrisville, was striving to calm consumer concerns Thursday.

“We have not seen any evidence that anyone has done anything nefarious with it,” Peter Hortensius, senior vice president and chief technology officer, said in an interview. “There is no evidence that anything bad has occurred.”

Still, he said, “based on consumer concerns and feedback,” Lenovo disabled the software, called Superfish, in January and also stopped pre-loading it.

Superfish is adware, or software that automatically displays advertisements. It was installed only on Lenovo’s consumer laptops, not on its ThinkPad brand laptops aimed at business users.

Hortensius said Lenovo preloaded Superfish on its consumer laptops to give users “a better experience shopping.”

Lenovo also issued a statement Thursday in which it stressed that Superfish “does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. … Users are given a choice whether or not to use the product.”

Robert Graham, CEO of security research firm Errata Security, told Reuters that Superfish could be commandeered by hackers who want to eavesdrop on consumers and that Lenovo was negligent for installing it.

“This hurts (Lenovo’s) reputation,” Graham told the news agency. “It demonstrates the deep flaw that the company neither knows nor cares what it bundles on their laptops.”

Online technology publication TechCrunch reported that Superfish “appears to pose a serious security threat” and noted: “Pre-installs are unpopular with consumers, who understandably want their devices to be clean running out of the box, but in reality some hardware companies do broker such arrangements for financial benefit.”

Lenovo, in its statement, said its relationship with Superfish “is not financially significant.”

Hortensius said that, given the depths of the reaction to the Superfish issue, shutting down and disabling the software wasn’t enough.

“We take our reputation, and our products’ reputation, very, very seriously,” he said. “The kind of feedback we are getting today, it tells us we need to do more.”

Consequently, he said, Lenovo intends, among other things, to round up user feedback on software pre-loads and security issues and use that information to improve its products.

“We messed up,” Lenovo spokesman Ray Gorman said. “We know it. We’re owning it. And we’re making darn sure it never happens again.”

Lenovo’s stock-like American depositary receipts fell 5 cents to close Thursday at $30.38.

This story was originally published February 19, 2015 at 2:25 PM with the headline "Lenovo criticized for pre-installed software on consumer laptops."

Get unlimited digital access
#ReadLocal

Try 1 month for $1

CLAIM OFFER