Update: Lenovo has updated its response to say that pre-installation of Superfish on new PCs began in September, not October as they originally claimed. We’ve updated their statement below and noted the change.
Lenovo has responded to news this morning regarding adware called Superfish that was previously pre-installed on new windows PCs produced by the OEM. Company spokesperson Brion Tingler provided TechCrunch with details regarding the program, noting that it has been disabled completely on the server-side since January, rendering it inactive, and that pre-installation on new PCs also ended in January. Lenovo has also committed to not preloading the software on any new devices in the future.
Tingler told TechCrunch that the lifespan of Lenovo actually using Superfish on new products was brief, and claims it was intended as a means to help customers with product suggestions during their shopping sessions.
“Superfish was previously included on some consumer notebook products shipped in a short window between September [Lenovo corrected from October, the month it originally claimed] and December to help customers potentially discover interesting products while shopping,” he wrote in an email. “However, user feedback was not positive, and we responded quickly and decisively.”
He then outlined the steps mentioned in the opening paragraph above, and went on to say that based on Lenovo’s own internal review, this effectively negates any potential security concerns that might arise from the use of Superfish. Regarding how Superfish worked prior to its server-side shutdown, Tingler offered the following:
To be clear, Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. Users are given a choice whether or not to use the product. The relationship with Superfish is not financially significant; our goal was to enhance the experience for users. We recognize that the software did not meet that goal and have acted quickly and decisively.
To address any continuing user concerns, Lenovo is offering support via its official forums, and anyone with questions or looking to learn more are encouraged to check those resources for further information.
Lenovo’s Superfish installations became the subject of scrutiny today when The Next Web raised security concerns regarding the means in which Superfish injected its ads in user browsers, which effectively employed tactics used in malicious man-in-the-middle attacks.