Lenovo CTO Peter Hortensius yesterday published an open letter on the Superfish adware issue. In the letter, he discussed about the steps they have taken to control the issue and how they are going to prevent in the future. Read it below.
From Lenovo press release,
RESEARCH TRIANGLE PARK, NC – February 23, 2015: Beginning in September 2014, we made a decision to ship some of our consumer notebooks with Superfish. This software frustrated some users without adding value to the experience so we were in the process of removing it from our preloads. Then, we saw published reports about a security vulnerability created by this software and have taken immediate action to remove it. Clearly this issue has caused concern among our customers, partners and those who care about Lenovo, our industry and technology in general. For this, I would like to again apologize. Now, I want to start the process of keeping you up to date on how we are working to fix the problem and restore your faith in Lenovo.
We have already taken several critical first steps:
- We stopped the preloads and will not include this Superfish software in any devices in the future.
- We have worked on our own and with our partners to make your PCs safe from this vulnerability as quickly and easily as possible:
- On Thursday, Feb. 19, Lenovo provided a manual fix and by Friday, Feb. 20, we provided an automated removal tool to make it simple for our customers to remove Superfish and related files.
- Also on Friday, our partners, Microsoft, McAfee and Symantec updated their software to automatically disable and remove this Superfish software. This means users with any of these products active will be automatically protected. We thank them for their quick response.
- Together, these actions mean all new products already in inventory will be protected. Shortly after the system is first powered-on the AV program will initiate a scan and then remove Superfish from the system. For systems which are re-imaged from the backup partition on the HDD Superfish will also be removed in the same manner. For products already in use, Superfish will be removed when their antivirus programs update.
We have communicated as rapidly as possible with customers, partners and industry watchers and influencers. I hope that with every communication, we are better informed and more clear on what is important.
- Now, we are in the midst of developing a concrete plan to address software vulnerabilities and security with defined actions that we will share by the end of the week. What I can say about this today is that we are exploring a wide range of options that include:
- creating a cleaner PC image (the operating system and software that is on your device right out of the box);
- working directly with users, privacy/security experts and others to create the right preload strategy quickly;
- and soliciting and assessing the opinions of even our harshest critics in evaluating our products going-forward.
While this issue was limited to our consumer notebooks and in no way impacted our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device, we recognize that all Lenovo customers may have an interest in where we are and what is next. The fact is our reputation touches all of these areas, and all of our customers. Now, we are determined to make this situation better, deliver safer and more secure products and help our industry address – and prevent — the kind of vulnerabilities that were exposed in the last week