Lenovo won’t pay a fine for preinstalling Superfish adware
In 2014, Lenovo began bundling a third-party adware program called “Superfish” into its consumer PCs. Now, nearly three years later, the company is facing the consequences. Today, Lenovo settled a lawsuit by the Federal Trade Commission over the Superfish adware, agreeing to get affirmative consent for any future adware programs, as well as audited security checks of their software for the next 20 years.
Installed on Lenovo laptops between September 2014 and January 2015, Superfish was granted root certificate access, allowing it to insert ads into even HTTPS-protected webpages. Unfortunately, that also meant hackers could forge Superfish’s certificate to break HTTPS protections entirely, an attack that occurred shortly after the program…
