What is Superfish? Well, it’s a program that bombards affected users with pop-up adverts and injects more ads into Google searches. Security experts say it also leaves a gaping security hole on computers, in the form of a self-signed root certificate. When PC security is down, it leaves users vulnerable to man-in-the-middle attacks. That could allow bank details and other sensitive information to be hacked in the meantime.
While Lenovo initially admitted that Superfish was pre-installed “to enhance the experience for users,” it has now come clean about its big blunder. “We messed up,” Lenovo Chief Technology Officer Peter Hortensius told Recode on Friday. “We should have known that going in that that was the case. We just flat-out missed it on this one, and did not appreciate the problem it was going to create.”
“We are taking our beating like we deserve on this issue,” he added. Lenovo has released an automatic uninstall tool on its website to remove Superfish, however it has played down the actual risk of the adware.
"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns,” the Chinese company said in a statement earlier this week. “We are not just curled up in a ball,” Hortensius said. “We are taking real action to make this right with our customers.”
Lenovo has since stopped preloading its machines with Superfish, and has disabled existing PCs on the market from activating it.