Lenovo was found installing adware into its new consumer PCs. This adware named Superfish inserts third-party ads on Google searches and websites without the user’s permission. This does not seems to be a mistake from Lenovo.
Superfish Inc aka VisualDiscovery aka Similarproducts application will hijack ALL your secure webconnections (SSL/TLS) by using self signed root certificate authority, making it look legitimate to the browser.
A bluntant man-in-the-middle attack malware breaking any privacy laws.
Looks like Lenovo didn’t do enough quality test on the 3rd party software it is installing on its consumer PCs.
Lenovo provided the following update on this issue,
Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.
To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.
The Superfish Visual Discovery engine analyzes an image 100% algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.
Lenovo’s ThinkPad series PCs are not affected by this issue.