The good news about the surfacing of the Superfish bloatware on Lenovo machines is that the company has pledged to clean up its act. But for IT departments and end users alike, this problem goes way deeper than any one security breach. Here’s what you should know before plunking down cash on a new laptop.
Lenovo’s bad press is good news for the PC industry as a whole.
The Chinese hardware manufacturer makes some of the best machines out there, particularly in the professional market, with its ThinkPad brand leading the way.
But the company’s previously solid reputation took a major hit last month after the company was caught red-handed selling PCs that relied on a form of adware called Superfish.
Breaking down what Superfish did is no easy task, but here’s the best non-technical way to explain it: Effectively, the software stood in the middle of every bit of data that passed between your computer and the internet, and parsed it to see if it could add a little something special to some of your web pages—you know, ads.
It was intrusive, yes, but the real problem was that it was easily hackable, and that meant thousands of computer users were at risk of having their bank numbers and computer passwords stolen by just about anyone.
The Pledge to Change
This is awful and a huge PR disaster for Lenovo, one that cost it far more in goodwill than the modest profits that the adware endeavor earned it. But computer users and IT buyers got a pretty significant win out of this whole mess, and it needs to be underlined.
Licking its wounds from the crisis, Lenovo announced it was going to change its tune on bloatware.
“The events of last week reinforce the principle that customer experience, security, and privacy must be our top priorities,” the company wrote in a news release. “With this in mind, we will significantly reduce preloaded applications. Our goal is clear: to become the leader in providing cleaner, safer PCs.”
This is huge. Low-end Windows PCs these days are a barren wasteland of bloat, with your average Dell, Acer, or Hewlett-Packard machine including a number of extra apps, such as trials for pay apps or default tools that plug into certain ad providers. The companies don’t add those because they make their machines better, generally; rather, it’s an extra stream of revenue for a product line with tight margins.
A Supply-Chain Problem
Lenovo’s call may have been made under duress, but it nonetheless draws a line in the sand, and if Lenovo holds up its end of the bargain, it may just win back much of that lost goodwill.
“I know a lot of IT pros that would love that,” Haurey said. “CVS put principle before profit by ceasing the sale of cigarettes.”
But Lenovo is only part of a bigger problem, and it’s one that’s only becoming more prominent as we become more reliant on third-party apps.
CNET reporter Seth Rosenblatt put the situation depressingly: “Software used by billions of consumers and businesses almost always relies on components made by development companies far removed from the final product, each trusting the other to do their due diligence. Few are, however, and that’s putting you at risk, experts say.”
That’s what happened in the case of Superfish. The company used a piece of software to enable its visual-search ad platform, and it turned out that the software had a significant hole in it that was causing big problems for Lenovo users.
Associations spend a lot of time analyzing the services they use, the vendors they rely on, and the technical needs they have. If anything, this saga offers an important reminder of just how deep this vetting process goes.
The machines on your desks—and the companies that manufacture them—deserve just as much scrutiny as the decision-making process for your AMS or cloud-computing platforms.
Because for every Lenovo that changes its tune, there are many more out there that haven’t—and the shrink wrap isn’t enough to guarantee that you’re getting an unadulterated experience with your new machine.
Sorry to be the bearer of bad news.