In a post Superfish world, it's time to hold PC vendors more accountable for adware

Adware. Bloatware. Crapware, Whatever you call it, Superfish shows how something annoying can turn scary.

Lenovo screwed up. The company's admitted it, and it's even almost apologized. But that's not enough. If the egregiously invasive Superfish software teaches Lenovo and other PC vendors anything, it's that they're accountable for the software they preinstall on computers.

Whether you call it adware, crapware, shovelware, bloatware or worse, collectively these terms define any unsolicited software that vendors put onto PCs. It could be a trial version of something that keeps bugging you to buy. It could be some mediocre utility. Or it could be Superfish, an adware package designed to provide alternatives to the products users shop for on the Web.

Though Lenovo presented Superfish as a "discovery" mechanism, the software injected its own advertising into a user's browser. Worse, it also issued its own HTTPS security certificates, essentially hacking a user's PC in what's known as a man-in-the-middle attack.

Lenovo began backpedaling on Thursday. Chief technology officer Peter Hortensius promised the company would issue an automated removal tool. He noted that Superfish did not profile, track, or monitor user behavior. He said Lenovo had disabled all server-side interactions with the Superfish server in January, and it would not preload Superfish in the future. If Lenovo chose to preinstall adware in the future, Hortensius said, it would be a "very long time" before it did so.

Lenovo stopped short of quitting adware altogether, and that's hardly surprising. PC makers have willingly put adware on PCs for many years to pad their profits. Customers have been able to fight off the hordes with ad blockers, spyware protection and good old common sense. They also learned to delete the crapware they didn't want. Even the 1999 craze for free PCs, subsidized by unblockable ads and payments to ISPs, passed quickly.

That's all changed. Instead of luring you to a website ad by ad, today's goal is to own the advertising medium itself, trading your personal information to advertisers in exchange for (comparatively) hefty fees. AT&T, for example, now makes you pay more for broadband service if you don't let it watch as you surf. We've come to expect new web services will adopt the freemium models as a baseline. We've been lulled into believing that this is the way of the world.

A harsher look at adware

We respect the rights of PC makers and other vendors to make money. But selling to customers is a far cry from exploiting customers. PCWorld has always factored in software builds when reviewing OEM machines, but this Lenovo fiasco is a wake-up call for us as well. Our editors convened, and decided to take a harsher stance against all the bloatware that ships with the PCs we test. The result should be more punishing review verdicts for systems loaded with crapware that no one asked for and no one wants. (Note: We never reviewed any of the Lenovo systems on which Superfish was installed. We tend to review higher-end machines, which aren't loaded with quite so much useless drivel.)

Microsoft's Surface Pro 3 and its adware-free, crapware-free Signature Edition notebooks offer another way forward. These systems are more expensive on the outside, to be sure, but less intrusive on the inside.

Lenovo, we don't want your adware. We don't want your antivirus subscriptions, Adobe Reader, iTunes, AOL dialup service or any such crap. We just want a well-made, durable computer. That's something worth paying a little more--though it's a shame it's even come to this.

Join the CSO newsletter!

Error: Please check your email address.

Tags isconotebookssecurityLenovoprivacy

More about AOLCustomersLenovoMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Hachman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place