The largest computer manufacturer in the world, Lenovo has made its biggest mistake in history by pre-installing hidden SuperFish software in consumers’ computers. The computer giant is being criticized for selling laptops pre-installed with this invasive marketing software that opens up the door to hackers and cyber crooks.
Some users in late May found the issue when using a new Lenovo laptop: an automatically downloaded Lenovo updater installed covertly in their computers, overwriting a system file on every boot. Lenovo PCs running on Windows 7 and 8 have BIOS firmware that automatically downloads and installs Lenovo’s update s/w on boot – any attempt by the users to remove it from the computer has become futile.
Also, the virus scanner doesn’t pick up adware on m/c’s. Thanks to Roel Schouwenberg, an independent security researcher who brought to the attention of Lenovo’s massive vulnerability s/w and discovered possible ways the program could be exploited.
The extent of the vulnerable software is so large that it analyzes user’s internet habits and injects third-party advertising into websites on browsers such as Internet Explorer and Google Chrome based on that activities without users’ permission.’
The vulnerability was linked to the way Lenovo utilized a Microsoft Win mechanism in a feature found in its BIOS firmware called Lenovo Service Engine (LSE) that was installed in some customers’ personal computers. As a result of this finding, Microsoft recently released updates and a guideline that strongly recommends customers update their systems with BIOS firmware which disables or removes this feature, and LSE functionality is now removed from newly manufactured systems.
Lenovo, a statement briefed that it stopped shipping the adware last month and consumers need not worry about the thing compromising their security.