Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday February 21 2015, @03:46PM   Printer-friendly
from the fishing-for-answers dept.

Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers. According to an alert released through its National Cyber Awareness System, the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites, and perform other attacks on Lenovo PCs with the software installed.

Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability. "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement to Reuters early on Thursday. On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling "Superfish". "We should have known about this sooner," Tingler said in an email. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on."

[Editor's Note: For background information on this threat, Ars Technica has coverage here, here, here, and here.]

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by frojack on Saturday February 21 2015, @06:06PM

    by frojack (1554) Subscriber Badge on Saturday February 21 2015, @06:06PM (#147827) Journal

    Returning Computers to the store is WORSE advice than taking your car in for a recall.

    You're suggesting everyone who purchased a Lenovo hand all their data to some local retailer, who in turn hands it over to Lenovo, which is located in China. Nice windfall for them. Customer is left without both their data AND their computer. Thanks a lot buddy.

    Fortunately the Government isn't that stupid, and knows that removing all traces of sensitive data from a computer is a tougher job then the average housewife can handle, and doesn't make such silly mandates.

    The automatic removal tool and/or the manual removal steps [lenovo.com] are simple enough, and Microsoft Security Essentials (which also comes pre-installed) will remove it for you.

    A nice fat fine for Lenovo is all that is required here.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by fritsd on Saturday February 21 2015, @06:56PM

    by fritsd (4586) on Saturday February 21 2015, @06:56PM (#147847) Journal

    Hm.. good point.. to continue the car analogy, it is advised to first take your child out of the car before you bring the latter to the garage for recall. Unfortunately your computer doesn't protest as loudly when you bring it back to the shop where you bought it.

    And one of the first things you'd want to do with a new computer is put all the stuff from the old computer on it, so what you describe is probably quite common.

    So what's the solution? Some local company that specializes in trusted wiping of computers? (Fee to be sent to Lenovo) and then return it to the retailer?

    • (Score: 2) by frojack on Saturday February 21 2015, @07:08PM

      by frojack (1554) Subscriber Badge on Saturday February 21 2015, @07:08PM (#147851) Journal

      The solution was pointed out in my first reply. Maybe re-read that?

      Remove the malware, and get on with your life.

      --
      No, you are mistaken. I've always had this sig.
    • (Score: 3, Interesting) by JNCF on Saturday February 21 2015, @08:14PM

      by JNCF (4317) on Saturday February 21 2015, @08:14PM (#147875) Journal

      Well if we're going to be statists about the thing, the recall could simply instruct consumers on how to remove their hard-drives. I don't know how difficult that would be on the affected models, but on my ThinkPad it's about as difficult as swapping out batteries on a normal consumer device. You'll need a screwdriver, but it's a world of difference from trying to wipe the thing clean before returning it. Let Lenovo eat the cost of not getting their hard-drives back.