Lenovo “Superfish” Adware, Frankly I’m not Surprised

Lenovo “Superfish” Adware, Frankly I’m not Surprised

Gone are the days of PC manufacturers taking pride in not just the hardware they ship, but the configuration and setup of the Operating System. I remember reading PC Magazine way back when drooling over benchmarks that the new Micron Pentium MMX 200 tower was a split second faster than the Dell Pentium MMX 200. Back then manufacturers would try to squeeze every little drop of performance out of their boxes to compete for king of the hill. Now we are so spoiled with multicore handheld supercomputers that manufacturers don’t care about benchmarks anymore.

They know they can load that box with as much junk as they want and it will probably have very little performance impact on the box to the average user. I’ve been building computers for over 20 years and I have first-hand seen this evolution unfold over the years. If you remember E-machines, they were one of the first to pioneer this field. Their desktops were dirt cheap mainly due to cheap hardware but also the fact that they came preloaded with loads of adware with the goal of learning your habits and feeding you ads.

So, what Lenovo has done is nothing new, they were just very shady about it. At least when you got an E-Machine you sort of knew what you were getting into up front. Lenovo, on the other hand, stooped to a new low, and preloaded adware that was hidden from the user leveraging advanced malware like techniques such as monitoring encrypted SSL web traffic with self-signed certs better known as man in the middle attacks.

The other slap in the face is this new trend where most computers don’t come with the operating system media. Back in the day, your computer always came with a Windows CD, license key, or some sort of restore disc. It seems like Lenovo went the extra mile to ensure that the average consumer was stuck with an adware laden machine. The lack of any restore media or Operating System Media means the user was at their mercy.

The most common trend on these adware boxes is a special boot partition for emergency recovery. This way, if windows completely melted or you otherwise broke your PC, you could easily revert back the changes just by hitting a special button and have your PC restored. But, the only catch is that the adware is present in the restore image, so no matter what you’re still going to be stuck with an infected PC. That is unless you are like me and don’t even boot a new laptop the first day you get it. I know that no matter what brand laptop I buy it’s going to be riddled with adware, freeware, and who knows what else these days so I don’t even waste my time. I boot right from DVD and blow away everything that came from the factory and installs my OS of choice from scratch. The thought of using any factory installed operating system makes me cringe these days and unfortunately, the average consumer will get hit the hardest through these bad practices. In the end, one hopes that stories and examples like these can help educate the consumers and force manufacturers to produce better PC products.

In regards to security concerns of Lenovo’s “Superfish,” I feel they definitely hold water. From the evidence I have seen, the adware was capable of passing phony self-signed certs to the browser so that it could ease drop on encrypted SSL web pages, you know the ones that are supposed to make you feel safe inside. The main reason they did this was probably to sniff traffic from sites like Facebook and Google that default to using SSL these days. This is where most of your average consumers are spending their time, to be blind to that traffic would make adware useless in a sense. The security concern is that the adware responsible for monitoring your SSL traffic could be compromised by hackers, other malware, malicious sites, etc. Thus, making it much easier to steal sensitive information from that PC such as passwords, online banking information, etc.

For more information, check out this article: http://www.bbc.com/news/technology-31533028

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.