Sam Trenholme's webpage
Support this website or listen to my music

Superfish

 

February 24 2015

Last Thursday, the Internet’s daily two minutes hate was directed towards Lenovo because they have installed a piece of adware on their more inexpensive computers called “Superfish.”

==What happened==

It has been a long-standing practice for computer makers to get paid for adding software to their Windows installs. The software traditionally has been trial versions of commercial programs; the thinking being that some small percentage of users will purchase the software after the trial period ends.

This is a win-win: It’s a win for the computer makers, because they get some extra money for each computer they sell. It’s a win for the software makers, who get more users of their software. It’s even a win for end-consumers because they usually end up paying less for their computers.

Lenovo took this to the next level: They installed a piece of software called “Superfish”, which injected ads in to user’s web pages. The first complaint about “Superfish” on Lenovo’s forums appeared in September of 2014. They pointed out, in the thread, the Lenovo was not the only computer maker to add unwanted programs; other computer makers add an unwanted and difficult-to-uninstall program called “Wild Tangent Games.”

The thread remained relatively quiet until last Thursday after Robert Graham extracted the root certificate. The Superfish developers were very careless with their security. So careless that the mainstream press promptly reported that Lenovo was adding malware to their computers.

At this point, the floodgates of rage opened and the Lenovo became the victim of last Thursday’s Internet two minutes hate.

==No Thinkpads were affected==

Lenovo never installed the Superfish program on any of their Thinkpads. The software was only installed on their Ideapad consumer line in 2014, and was already being phased out in early 2015 before the mainstream press discovered it was malware last Thursday.

==Lenovo listens to their customers==

The thing to keep in mind is that Lenovo listens to their customers. Why do I know this? Because, last year, Lenovo tried to make their Thinkpads a little better for customers who prefer using a touchpad instead of the trackpoint (the red “button” on Thinkpad keyboards which acts like a mouse) by making the touchpad bigger. They did this by removing the mouse buttons for trackpoint users, having them click the touchpad instead.

The reaction was negative. Not only did traditional Thinkpad users not like it, but also the new method of using the touchpad for the trackpoint mouse buttons got negative reviews in the mainstream press.

Lenovo listened. It was a very pleasant surprise when I looked at the 2015 lineup of Thinkpads and saw that the trackpoint mouse buttons came back.

==Lenovo can redeem themselves==

Since Lenovo listened when it came to the Trackpoint mouse buttons, I have the utmost of confidence that they will listen again and make changes so that something like Superfish never happens again.

One way to rebuild consumer trust is to have many of their computers available as Microsoft Signature computers, ensuring that there is no third party software besides drivers installed on the computers.

Another is to simply have little or no third party software on their Thinkpad lineup. While some Thinkpads may need third party software added to reduce their price (such as their low cost “E” series), the high-end Thinkpads (the small “X” series, medium sized “T” series, and large “W” series) really should only have Windows and Lenovo’s drivers installed; if any other software is installed, the customer can choose to install (or not install) it when configuring their computer.

Just as Lenovo rebuilt trust with their most devoted users by restoring the Trackpoint mouse buttons, Lenovo can rebuild the trust damaged by the Superfish fiasco by giving customers more options about what third party software is or is not installed on their computers.

Comments are closed

Previous entry Next entry Blog index