The largest computer manufacturer in the world, Lenovo has made its biggest mistake in history by pre-installing hidden SuperFish software in consumers' computer. The computer giant is being criticized for selling laptops, pre-installed with this invasive marketing software that opens up door hackers and cyber crook.
Some users in late May found the issue when using a new Lenovo laptop that, an automatically downloaded Lenovo updater installed covertly in their computers overwriting a system file on every boot. Lenovo PCs running on windows 7 and 8 has BIOS firmware that automatically downloads and installs Lenovo’s update s/w on boot - any attempt by the users to remove it from the computer has become futile.
Also, the virus scanner doesn't pick up adware on m/c's. Thanks to Roel Schouwenberg, an independent security researcher who brought into attention of Lenovo’s massive vulnerability s/w and discovered possible ways the program could be exploited.
The extent of the vulnerable software is so large that it analyzes user’s internet habits and injects third-party advertising into websites on browsers such as Internet Explorer and Google Chrome based on that activities without users’ permission.'
The vulnerability was linked to the way Lenovo utilized a Microsoft Win mechanism in a feature found in its BIOS firmware called Lenovo Service Engine (LSE) that was installed in some customers' personal computer. As a result of this finding, Microsoft recently released updates and a guideline that strongly recommends customers update their systems with BIOS firmware which disables or removes this feature and LSE functionality is now removed from newly manufactured systems.
Lenovo a statement briefed that it has stopped shipping the adware last month and consumers need not worry about the thing compromising their security.