Lenovo, cel mai mare producătoare de PC-uri din lume, este in mijlocul unui scandal urias, dupa ce mai multi experti au descoperit ca firma chineza a preinstalat pe calculatoare un produs software de tip adware, pentru a afişa anunţuri publicitare pe browserele de internet.
Potrivit Arstehnica, Superfish Visual Discovery funcţionează insa si ca un server proxy şi poate intercepta, astfel, traficul securizat HTTPS.
Folosind un certificat digital propriu, soluţia adware poate intercepta traficul criptat cu ajutorul protocolului TLS şi poate colecta, astfel, date critice cu caracter personal, cum ar fi informaţiile bancare.
La nivel oficial, Lenovo a recunoscut ca foloseşte Superfish Visual Discovery pentru a insera exclusiv publicitate contextuala în cadrul paginilor de internet.
Cu toate ca chinezii au anuntat ca au renuntat la program, acesta poate fi prezent pe calculatoarele voastre. Potrivit unui expert in securitate, citat de TheNextWeb, Superfish da posibilitatea unui hacker sa acceseze informatii esentiale, precum cele bancare, cu ajutorul unui atac de tip man-in-the-middle.
Pentru a vedea daca aveti instalat Superfish Visual Discovery, intrati in consola de management a certificatelor (Start, Run, certmgr.msc) din Control Panel, Programs and Features. verificati sectiunea Trusted Root Certification Authorities si daca apare Superfish, il puteti sterge fara probleme.
UPDATE – Reactia Lenovo la materialul din TheNextWeb
“Superfish was previously included on some consumer notebook products shipped in a short window between September and December to help customers potentially discover interesting products while shopping. However, user feedback was not positive, and we responded quickly and decisively:
1) Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the product is no longer active. This disables Superfish for all products in market.
2) Lenovo stopped preloading the software in January.
3) We will not preload this software in the future.
We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first.
To be clear, Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. Users are given a choice whether or not to use the product. The relationship with Superfish is not financially significant; our goal was to enhance the experience for users. We recognize that the software did not meet that goal and have acted quickly and decisively.
We are providing support on our forums for any user with concerns. Our goal is to find technologies that best serve users. In this case, we have responded quickly to negative feedback, and taken decisive actions to ensure that we address these concerns. If users still wish to take further action, detail information is available at http://forums.lenovo.com.”