The largest computer manufacturer in the world, Lenovo has made its biggest mistake in history by pre-installing hidden SuperFish software in consumers’ computer. The computer giant is being criticized for selling laptops, pre-installed with this invasive marketing software that opens up a door hackers and cyber crook.
Some users in late May found the issue when using a new Lenovo laptop that, an automatically downloaded Lenovo updater installed covertly in their computers overwriting a system files on every boot. Lenovo PCs running on windows 7 and 8 has BIOS firmware that automatically downloads and installs Lenovo’s update s/w on boot – any attempt by the users to remove it from computer has become futile.
Also the virus scanner doesn’t pickup adware on m/c’s. Thanks to Roel Schouwenberg, an independent security researcher who brought into attention of Lenovo’s massive vulnerability s/w and discovered possible ways the program could be exploited.
The extent of the vulnerable software is so large that it analyzes user’s internet habits and injects third party advertising into websites on browsers such as Internet Explorer and Google Chrome based on that activities without users’ permission.’
The vulnerability was linked to the way Lenovo utilized a Microsoft Win mechanism in a feature found in its BIOS firmware called Lenovo Service Engine (LSE) that was installed in some customers’s personal computer. As a result of this finding, Microsoft recently released updates and a guideline that strongly recommends customers update their systems with BIOS firmware which disables or removes this feature and LSE functionality is now removed from newly manufactured systems.
Lenovo a statement briefed that it has stopped shipping the adware last month and consumers need not worry about the thing compromising their security.