Advertisement
Advertisement
Lenovo
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Lenovo's ThinkPads did not come with the Superfish adware. Photo: Nora Tam

Lenovo vows laptop security overhaul amid Superfish adware controversy

Computer giant to revamp systems in wake of Superfish lawsuit in the US

Lenovo

Lenovo Group, the world’s largest supplier of personal computers, plans to unveil a sweeping initiative to bolster security on its products, following the controversy over an adware that was preloaded on millions of its laptops in the fourth quarter.

Hong Kong-listed Lenovo saw its share price tumble 2 per cent to HK$11.76 at the noon break on Tuesday, after chief technology officer Peter Hortensius issued an open letter through the company’s website to apologise for the security scare.

“Lenovo may be in more hot water than initially thought. There could be a short-term hit to its stock price from reflex selling by retail investors,” Alberto Moel, a senior analyst at Bernstein Research, said.

The adware, called Superfish, pushes third-party adverts into Google searches and websites without the computer user’s permission. 

The technology was adopted by Lenovo under a partnership with US-based software start-up Superfish, which pioneered visual search technology.

Security experts last week warned that the adware broke secure connections on affected laptops to access sensitive data and inject advertising.

It does that in a way that leaves the machine exposed to hackers and other malicious programmes that steal data or spy on a user’s online activities.

“Clearly this issue has caused concern among our customers, partners and those who care about Lenovo … For this, I would like to again apologise,” Hortensius said.

Lenovo - which has headquarters in Beijing and in Morrisville, North Carolina, in the US - said the affected products included certain models under its G, U, Y, Z, S, E, Miix, Flex and Yoga-series laptops shipped between September and December last year.

Hortensius said Lenovo was “exploring a wide range of options that include creating a cleaner PC image”, which represents the operating system and software on the device right out of the box.

The computer giant, with operations in more than 160 countries, was also looking to work directly with privacy and security experts, consumers and other interested parties “to create the right preload strategy”.

In addition, the company has started “soliciting and assessing the opinions of even our harshest critics in evaluating our products going forward”, Hortensius said.

His open letter stressed that Superfish was not installed on the company’s premium, Thinkpad-brand business notebook computers.

The adware was also never preloaded on its desktop computers, smartphones, tablets, servers or storage devices.

Lenovo shipped more than 16 million laptop and desktop machines in the fourth quarter of last year, with laptops accounting for 52.1 per cent of its revenue in the same period.

Bryan Ma, the vice-president for client devices research at IDC Asia-Pacific, said: “The tragedy in all of this is that ThinkPads never had Superfish, and yet these notebooks’ rock-solid reputation for security could get questioned in the process”.

“There certainly will be users who will think twice about buying Lenovo laptops in the short-term.  The good thing is that the company should get past this within a number of quarters,” Ma said.

Lenovo last week said it had stopped the adware preloads since last month, and committed not to include Superfish software in any devices in the future. The company offered technical support online, with an automated process on how to remove Superfish.

The company’s major software partners, Microsoft, McAfee and Symantec, have also updated their programmes to automatically disable and remove Superfish.

This article appeared in the South China Morning Post print edition as: Lenovo promises security reboot
Post