1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Lenovo admits Superfish is a security vulnerability

Discussion in 'Article Discussion' started by Gareth Halfacree, 23 Feb 2015.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,381
    Likes Received:
    7,215
  2. David

    David μoʍ ɼouმ qᴉq λon ƨbԍuq ϝʁλᴉuმ ϝo ʁԍɑq ϝμᴉƨ

    Joined:
    7 Apr 2009
    Posts:
    17,736
    Likes Received:
    6,264
    In the initial article, Lenovo "indicated that it has no intention of stopping using Superfish in the long term", but now it claims it stopped using it in January?

    Something smells superfishy.

    The October to December window is bloody annoying - that's when I bought my son's Flex 2 laptop.
     
  3. Nexxo

    Nexxo * Prefab Sprout – The King of Rock 'n' Roll

    Joined:
    23 Oct 2001
    Posts:
    34,733
    Likes Received:
    2,217
    My message to Lenovo: So long, and thanks for all the fish. :p
     
  4. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,381
    Likes Received:
    7,215
    That was likely simply poor communication on Lenovo's part: initially, it claimed it was investigating a crash-causing bug in the software saying that should fix people's complaints and implicitly suggesting that it would continue to distribute the software as-patched (literally, the statement read: "we have temporarily removed Superfish from our consumer systems," emphasis mine); it then clarified that it had only distributed the software for a short period and had already stopped due to consumer dissatisfaction, but that there was no evidence of a security hole; now it's saying that there is a security hole and it's very sorry and oh god please don't stop buying our laptops.

    Could Lenovo be lying about the timescales, as hinted at by its first "it's patched, it's fine, don't worry" communications? Possibly. Far more likely that it simply communicated what was going on badly, though - after all, it's not as though it had told buyers that it was bundling adware on the laptops prior to purchase, so even internally it was probably a challenge for the PR department to find out what was actually going on.

    But yes, the "temporarily" bit of the initial statement does suggest that Lenovo intended to start distributed Superfish again once the bug that was causing other software to crash (and which brought the whole sorry mess to light) was fixed.
     
  5. Saivert

    Saivert Minimodder

    Joined:
    26 Mar 2005
    Posts:
    390
    Likes Received:
    1
    Company refuses to stop using revenue gathering software. News at 11.

    Lenovo will likely stop using Superfish but find an alternative that will pass security tests.

    We must keep hammering in the fact that we don't tolerate adware of any kind on purchased products from Lenovo or any other manufacturer. If anyone is to blame it is the callous users that eat everything thrown their way.
     
  6. suenstar

    suenstar Collector of Things

    Joined:
    13 Sep 2009
    Posts:
    2,521
    Likes Received:
    190
    I really hope there's nothing of a similar nature running on my Lenovo Yoga tablet, I may have to go inspect the root files to see if anything unfamiliar to regular android files shows up. :\
     
  7. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    I think it maybe more a case of us consumers making a rod for our own back, we favored cheaper computers and the end result has lead to manufactures trying to offer the cheapest product on the market, even if that means subsidizing the cost of the hardware using alternative methods.

    Not sure how good it is, but you can test for the vulnerability using a simple web site.
     
  8. suenstar

    suenstar Collector of Things

    Joined:
    13 Sep 2009
    Posts:
    2,521
    Likes Received:
    190
    Cheers for that link, looks like my tablet is clear of the fish.

    I'll probably still double check the root files just to be on the safe side. :)
     
  9. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    Sorry to resurrect a thread from the grave but i thought Lenovo customers may want to know about another supposed security flaw.

    More serious security flaws found in Lenovo computers
    http://www.zdnet.com/article/security-flaw-lenovo-patch-issued/
     

Share This Page