You are here

Lenovo adware created security holes

Share this page

If you bought a Lenovo laptop between August 2014 and June 2015, you might have heard about the VisualDiscovery software created by a company named Superfish. VisualDiscovery was a pre-installed adware program that showed comparable products when you shopped online. But there was more to the software than met the eye.

According to the FTC, VisualDiscovery created security vulnerabilities that put people’s personal information at risk. The adware acted as a “man in the middle” between computer users and all of the websites they visited, even if the sites were encrypted. The software then transmitted the user’s browsing information to Superfish without telling the user.  

In addition, the adware created security vulnerabilities that put people’s information, such as login credentials, Social Security numbers, and financial account information, at risk from hackers.

If you bought a Lenovo computer with VisualDiscovery pre-installed, it’s likely you didn’t know it when you bought it. Lenovo did not clearly disclose important information about the program, and it was not readily visible on the laptop. However, because VisualDiscovery’s security vulnerabilities have been public since February 2015, most antivirus companies updated their software to remove the VisualDiscovery software (and the security vulnerability).

You can see if you have one of the affected Lenovo laptop models on Lenovo’s website. If you own a Lenovo laptop with VisualDiscovery installed, you can uninstall the program using these directions and automated tool.

As part of a proposed settlement with the FTC announced today, Lenovo will have to ask users to give permission when the company pre-installs software (with certain limited exceptions) if it functions as adware, or if it sends personal information to another company. The settlement also requires Lenovo to implement a software security program to address future security risks with pre-installed software.


Why would anyone ever buy a product now from Lenovo?

My God-how can a company get to sell a product like this, endangering people's privacy illegally? By the time a person finds out if ever, their PI has already been hacked! Who regulates these products? I'm sure there are STILL more unsuspecting Lenovo users who don't even know this-why isn't it made public in the papers or on the news?

thenk yous

I've got this on my cell phone or FB profile but it's annoying because I price things in different locations across USA and they're not all the same things! ugh! I've purchased a Lenovo laptop this year but I didn't see this as an option. What's the chance it's not listed?

I believe Windows 10 does the same with the apps they load on. Why can't anyone buy a new PC without added apps that yu do not choose? I had to remove more than half of the apps, shut off location and camera. All of the proof shows up in spam emails.

Purchase a desktop a year ago. Now I wonder if the same security risk exist.

$3.5 million is not enough for violating people's trust and putting them at risk.

There are not enuff words to describe what a horrible violation this is. I started building my own machines because of this kind of thing. Buy windows separate so it's just windows. I'm afraid of win 10 still. Not sure where to go after win 7. Try like the very dickens to keep all clean.

I have a key logger who has getting all of my information

Someone stole my tablet and today I got a pop up about that device with a lot of numbers and letters 3 lines saying keyboard trick to see if you are on the same page as a friend what does that mean

Leave a Comment