In a rare "weekend edition" of my blog, I want to address concerns about recent news reports that Lenovo has been pre-installing malware known as Superfish.
Superfish is an intrusive program that can alter search results to provide you with advertiser funded results when you do a search in your browser. The program also installs a trusted root certificate that is, well, untrustworthy. It essentially opens a back door into your computer that could in some circumstances allow hackers to steal sensitive information.
Many malware programs have been doing things like this for years. What makes this recent issue so newsworthy is that Lenovo has been installing this program at the factory, meaning your computer is infected before you even get it.
Fortunately, this does not seem to cause a problem for the firm. According to Lenovo, only a certain limited line of consumer devices were outfitted with Superfish. None of them were Thinkcentres or Thinkpads, and they all appear to be Windows 8 devices, not Windows 7 as the firm uses. Also, Lenovo only began doing this in September 2014. Virtually all firm computers in use are older than that.
Despite all these assurances, we have been checking sample models of the new lines of laptops and desktops purchased by the firm to make sure there are no indications of Superfish. None have been found.
Both Microsoft and Lenovo have responded to this problem by releasing security programs through Windows Updates and Lenovo Updates which will detect and remove Superfish, so all computers will be scanned by these updates when they are automatically downloaded and run.
As I hope I have made clear, there does not appear to be any danger that any work computers have been affected by this. But if you have a home computer that you purchased from Lenovo in the last few months, and don't trust the automatic security tools in Windows updates, you can check your computer yourself. Lenovo has made available detection and removal tools, which you can access through this Lenovo Link.
Computer security is always a top concern for the IT Department. At this point, we are confident that this Superfish issue poses no threat to firm devices.
No comments:
Post a Comment