Lenovo’s been caught going a bit too far in its quest for bloatware money, and the results have put its users at risk. The company has been preloading Superfish, a "visual search" tool that includes adware that fakes the encryption certificates for every HTTPS-protected site you visit, on its PCs since at least the middle of 2014. Essentially, the software conducts a man-in-the-middle attack to fill the websites you visit with ads, and leaves you vulnerable to hackers in its wake.
The biggest problem with Superfish isn’t the adware itself so much as the way it hijacks legitimate SSL traffic. It does so by installing a self-generated root certificate in the Windows certificate store—a hallowed area usually reserved for trusted certificates from major companies like Microsoft and VeriSign—and then resigns all SSL certificates presented by HTTPS sites with its own certificate.
You can test here to see if your Lenovo has Superfish
I have just read they are denying installing adware into their laptops (obviously trying to cover their asses). That's what I hate the most about laptops and the kind... They come preloaded with all sort of bloatware. Another thing that I don't understand is why laptop bioses only have some options and not a full-fledged bios.
This was a pretty bad move by Lenovo. I usually like their hardware but this would honestly make me think twice about buying a laptop from them in the future. They make some of the best windows laptops on the market right now(thinkpad carbon, yoga) and they sell some pretty expensive machines. I know they are trying to find ways to make money on their cheaper(IE sub $300) computers but this is unacceptable.
If you ever want to buy a nice windows computer without the junkware, I suggest you get it from the microsoft store:
I bought a dell off there a few weeks ago and it had pretty much noting installed except adobe reader. There was no antivirus trials, no adware filled games, ect. Really nice experience. They call it a microsoft signature version, which means you get the OS the way microsoft intended. In my mind this is one of the real advantages to a Mac, they don't come bogged down with junk software and now you can get the same experience on windows.
Recent threads on Reddit and Hacker News indicate that Lenovo used a utility it called Lenovo Service Engine in the BIOS of some products that downloaded a program called OneKey Optimizer to user systems and sent "non-personally identifiable system data" to Lenovo servers.
Since the tool is based in the BIOS, it will do its work even if the Lenovo machine is formatted and Windows is installed cleanly afterwards.
<div class="ipsQuote_contents">
<p>
<span style="font-size:14px;"><span style="background-color:rgb(255,255,255);color:rgb(51,51,51);">Nearly four years after Lenovo's adware-installation practices were spotted - and curtailed - the company has reached a settlement agreement with consumers who bought one of the affected systems </span></span>
</p>
</div>
Quote
<div class="ipsQuote_contents">
<p>
<span style="font-size:14px;"><span style="background-color:rgb(255,255,255);color:rgb(51,51,51);">Anyone who purchased one of the affected Lenovo laptops - but not anyone who subsequently bought one second-hand - will be eligible to receive $40 as part of the settlement agreement.</span></span>
</p>
</div>