Lenovo Superfish rootkit

Lenovo, the owner of the ThinkPad laptop brand has done something incredibly stupid.

Between September and December 2014 Lenovo thought it would be a jolly fine idea to install a rootkit on a long list of Flex, Touch and Yoga consumer laptops, although professional ThinkPads appear to have been left alone.

The rootkit Superfish seems to have been written by a company called Komodia and is designed to break SSL encryption and inject web advertising into your browsing session.

This is similar to the nonsense where Samsung Smart TVs inject adverts into your viewing. Not Sky, Virgin or ITV but Samsung, the people who sold you the TV.

Lenovo has admitted its mistake and listed a tool to remove Superfish, which is better than nothing I suppose. Most of us know that most owners of a consumer laptop will never understand the concept of a rootkit or get round to removing the malware.

I consider the situation is outrageous and unacceptable. The idea that a company sells a laptop infected with a rootkit is totally beyond the pale. It is bad enough that they think they have the right to hijack your browser for their own commercial ends but the inevitable next step is that malware writers will exploit the same rootkit for their own dark ends.

Lenovo has sold a bunch of laptops that are infected with malware that cannot be detected by most security software. Their shoddy motive doesn't matter as there can be no justification. Much as I adore ThinkPads I strongly advise you to avoid Lenovo from here to eternity.

Anonymous