Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Lenovo CTO: We Have No Intention Of Shipping a Superfish Product Again

Illustration for article titled Lenovo CTO: We Have No Intention Of Shipping a Superfish Product Again

Last week, news broke that many Lenovo computers were shipped with a dangerous piece of Superfish adware, which made the computers vulnerable to malicious hacks. Now, with a class action lawsuit looming and anti-virus vendors pledging to root out the adware, Lenovo's CTO has said his company is done with Superfish.

Advertisement

I spoke with Lenovo CTO Peter Hortensius this afternoon, and asked him about how the company's relationship with Superfish. Hortensius has already said that the Superfish program was "adware with a security issue," and has admitted that shipping it was a mistake. Lenovo has worked with anti-virus vendors to create an update that removes the program from Lenovo computers.

Advertisement

But the question on many consumers' minds was how the company would deal with Superfish, their partner, who had deliberately installed what many are calling spyware. "We still have a commercial contract with them, but we have no intention of ever shipping a Superfish product," Hortensius said. "A contract changes nothing — we will not ship more Superfish products."

It seems that Lenovo has severed ties with Superfish for good.

Now it's just a question of what Lenovo is doing to clean house. I asked Hortensius whether they had figured out who was responsible for setting up the Superfish deal, and whether they would be fired or disciplined for it. He replied that the company was "relooking at all our plans and policies in this area to understand [what happened] and are dealing with these issues internally."

When I asked what precautions they would take to prevent another program like Superfish's adware from being shipped, he said Lenovo was coming up with new policies about adware and would make an announcement about them by the end of the week.

If Lenovo hopes to regain customer confidence, however, they're going to need to do more than promise not to ship Superfish products again. They need to end their contract with the company, and explain openly who set up the deal and how it happened. Finally, they need to do more than just promise not to ship adware that is so riddled with security flaws that the proposed class action lawsuit against Lenovo calls it "spyware." Maybe they could start by getting security audits on their adware done by independent analysts.

Advertisement

Share This Story

Get our newsletter

DISCUSSION

CanadianBen
Prismatist

This whole debacle opens up another question too. Okay, they cut ties with Superfish. Great. But they were willing to package adware on computers they sell. This is a high-level corporate attitude that is very suspect. The question remains: are they still willing to sell advertisement space on products they sell to customers? Are they just cutting ties with Superfish, or have they completely changed philosophy and will never again sell their customers to the highest bidder?

Until they somehow prove otherwise (a very tall order), we must assume that this is a sales approach and revenue stream that Lenovo is willing to pursue. So until they do prove otherwise, my company will no longer be buying Lenovo products. I am sure we are not the only one.