Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Lenovo to flush 'crapware' from its consumer PCs after Superfish sin

Gregg Keizer | March 2, 2015
By the time Windows 10 ships, Lenovo PCs will include only the OS, security software and first-party apps.

malware keyboard security bug virus

Lenovo today said that it would immediately begin reducing the amount of "crapware" on its consumer PCs, a move triggered by last week's admission that adware pre-loaded onto the Chinese company's machines posed a critical security threat.

"We will significantly reduce preloaded applications," Lenovo said in a Friday statement. "Our goal is clear: To become the leader in providing cleaner, safer PCs."

Over the past nine days, Lenovo has been vilified by customers for bundling the Superfish Visual Discovery adware with its consumer-grade personal computers. "You've basically flushed your credibility down the drain," wrote one customer on the company's support forum earlier this week. "Good luck getting people to actually think about buying your products now."

This week, brand quality measurement vendor YouGov BrandIndex said that Lenovo's brand "buzz" score had dropped by half since the Superfish news broke.

With the no-crapware pledge, Lenovo moved into damage control mode. "The events of last week reinforce the principle that customer experience, security and privacy must be our top priorities," the company said today.

Although Lenovo said it would immediately start to scale back the number of pre-installed third-party programs -- usually tagged with the descriptive labels "bloatware," "crapware" or "junkware" -- it pledged to complete the process by the time Microsoft released Windows 10 later this year.

"By the time we launch our Windows 10 products, our standard image will only include the operating system and related software, software required to make hardware work well (for example, when we include unique hardware in our devices, like a 3D camera), security software and Lenovo applications," the firm said.

Lenovo will also provide explanations -- it did not say where, whether on its website or on the new PCs themselves -- of each still-bundled application's purpose. Those whose PCs had been preloaded with Superfish will be offered a free six-month subscription to McAfee's security software.

McAfee, a partner of Lenovo, also has a deal to pre-load a 30-day trial of its software on the latter's PCs.

Superfish, which Lenovo added to new consumer PCs from September through December 2014, was blasted by security experts who discovered that the software left a gaping hole in the company's computers. Hackers were handed ways to intercept and steal critical information, including passwords, that was not properly safeguarded by encryption.

Earlier this week, other security researchers said that they had uncovered evidence that the underlying vulnerability -- which was not limited to Superfish -- has been used by cyber criminals in actual attacks.

Those security experts called on Lenovo and other OEMs (original equipment manufacturers) to stop loading third-party software on their machines. Such software is added to PCs at the factory for financial reasons: Computer makers receive payments from software vendors who want to get their programs in front of users, and the OEMs take a cut of fees users pay to extend the trial periods of pre-installed programs that come with expiration dates.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.