For the world’s largest manufacturer of computers, this case undoubtedly leave its mark. Preinstall adware, adware, it does not necessarily please its customers, especially when they unexpectedly discover.
But when the same application, Superfish, exposes these users to a risk of piracy, it spoils more. Lenovo had to react quickly to try to extinguish the fire. . After the usual press release room for excuses
“We made a mistake”
This is the CTO Lenovo, Peter Hortensius, which provides the service. And difficult in this case to apologize only lip service. “We have seriously messed up” openly acknowledges the leader of the manufacturer.
“We have made a mistake. Our guys have missed [...] I have a lot of very embarrassed engineers in my current staff, “he said in an interview. And if Lenovo officially clearly relativized early the scope of this incident, perhaps is not longer the case. On its support, the security risk is thus qualified high.
“We’re not trying to hide the problem, we assume” said Peter Hortensius yet, which presents itself its customers the company apologized for any inconvenience.
The manufacturer also ensures that adware has at no time been preinstalled on its ThinkPad notebooks, or its PC desktop and smartphones. In a security bulletin, Lenovo also specifies the references of all the models affected by Superfish.
E10-30, Flex2 14 Flex2 15 Flex2 14D, 15D Flex2, Flex2 14 (BTM) Flex2 15 (BTM), Flex 10, G410, G510, G40-70, G40-30, G40-45, G50-70, G50-30, G50-45, Miix2 – 8 Miix2 – 10 Miix2 – 11, S310, S410, S415, S415 Touch, S20-30, S20-30 Touch, S40-70, U330P, U430P, U330Touch, U430Touch, U540Touch, Y430P, Y40-70, Y50-70, Yoga2-11BTM, Yoga2-11HSW, Yoga2-13, Yoga2Pro-13, Z40-70, Z40-75, Z50-70 and Z50-75.
No vulnerable consumers according Superfish
Besides this page, we see that Lenovo had to rectify various points from its first submission. Indeed, the firm began by explaining that only computers shipped between September and December were involved.
As evidenced in the cache of the web page, the press has since been updated and Lenovo says that the installation of Superfish ended in early January. Except that the security bulletin from the same manufacturer specifies it as the software for certain laptops delivered from September 2014 to February 2015, so during a longer period.
For the CEO of Superfish, the publisher of the offending adware, contacted by The Register, all is well … almost. “It is important to note that Superfish is completely transparent about what the software at any time consumers were vulnerable – we stand here today.”
Several security experts have studied this adware and its implementation in the Lenovo computers. And they are far from sharing the optimism of the Superfish editor. Lenovo itself acknowledges that the application exposes users to possible attacks “man-in-the-middle”.
No comments:
Post a Comment