Lenovo issued an official apology on Monday for the Superfish advertising software it installed on a number of laptop computers before they were sold to the public. The company’s chief technological officer said it was in the process of removing the adware from customers’ computers, and said none of Lenovo’s Thinkpad line or other business-class products were affected.
“Clearly this issue has caused concern among our customers, partners and those who care about Lenovo, our industry and technology in general,” Peter Hortensius, Lenovo's chief technology officer, said in a statement. “For this, I would like to again apologize.”
Lenovo says it began installing Superfish – a software that collects information about users and alters their Web searches to show different advertisements – in September 2014. Security researchers say attackers could easily take over computers pre-loaded with Superfish because of the way it overrides most Web browsers’ security.
Lenovo said it had begun to stop installing Superfish on new computers in January over customer complaints, but took immediate steps once the security vulnerability was discovered. One customer filed a proposed class-action suit late last week against Lenovo and Superfish, the company of the same name that develops the software that it calls “visual search.”
The plaintiff claims Superfish damaged her Lenovo laptop, calling it “spyware” in court documents, and claiming the companies made its notebook computers vulnerable to viruses and cyberattacks from hackers by loading it on computers. The proposed class action also accuses Lenovo and Superfish of invading customers’ privacy by studying their Web browsing.
Lenovo said it will coordinated efforts with security and privacy experts to determine its next course of action, and is considering the removal of all preloaded software for its PCs. The Chinese manufacturer says it has completely stopped preloading Superfish onto its computers, and says it and partners like Microsoft Corp. have released automatic deletion tools.
An earlier version of this story mistated the year that Lenovo began preloading Superfish on its PCs. It was in September of 2014, not 2013 as previously stated. Lenovo said it started removing Superfish in January over customer complaints, not when researchers found Superfish's security vulnerability. Both references have been corrected.