by Jason Ditz, February 22, 2015
The Department of Homeland Security (DHS) has advised Chinese laptop maker Lenovo Group to stop installing the Superfish adware on its computers, saying it makes those computers vulnerable to cyberattacks.
Superfish, developed by Israel-based Komodia, has been installed on all computers by Lenovo, the world’s largest PC maker, since 2010. The software introduces vulnerabilities in the way it collects data to serve up ads, and security experts warn it could easily be co-opted to steal user data outright.
Lenovo has denied that Superfish monitors user behavior or records any data, though it is clear that the vulnerabilities it introduces, including a self-signed certificate, could be used to do so.
Lenovo has offered a removal tool on its website as well as instructions to manually remove Superfish from a computer, which users are urged to do. Superfish is Windows exclusive, so consumers who have bought Lenovo laptops but are not running Windows on them are not impacted.