- A Lenovo ThinkPad had the longest battery life between the four competitors at the Wall Street Journal offices in San Francisco. Laptops such as this one were preinstalled with Superfish adware between September and January.
- Jason Henry for The Wall Street Journal
Lenovo is working quickly to wipe all traces of an app it had pre-installed on some consumer laptops, responding to security researchers’ warnings that the app could give attackers a way to steal people’s encrypted Web data or online passwords.
In an interview Thursday, Lenovo’s chief technology officer, Peter Hortensius, acknowledged that “we didn’t do enough” due diligence before installing Superfish, but that the company doesn’t believe laptop owners were harmed by the app. He said the company realized it needs to do more to respond to consumers’ concerns.
Lenovo, the world’s biggest seller of PCs, is working to write software that will delete any data from the Superfish software off laptops on which it had been installed. Hortensius also said the company should have done more due diligence on the security of the Superfish shopping-search app, which was installed from September to December on Lenovo consumer laptops.
Here are edited excerpts of the interview:
WSJ: What are you doing now to ensure the security of people who bought Lenovo laptops with the Superfish app?
Hortensius: As soon as the programmer is finished, we will provide a tool that removes all traces of the app from people’s laptops; this goes further than simply uninstalling the app. Once the app-wiping software is finished tonight or tomorrow, we’ll issue a press release with information on how to get it.
WSJ: There seems to be a disparity between what security researchers are saying about the potential dangers of this Superfish software, and what the company has said about this app not presenting a security risk.
Hortensius: We’re not trying to get into an argument with the security guys. They’re dealing with theoretical concerns. We have no insight that anything nefarious has occurred. But we agree that this was not something we want to have on the system, and we realized we needed to do more.
WSJ: Do you do due diligence on software you pre-install on Lenovo machines to make sure it’s secure?
Hortensius: Yes, we do. Obviously in this case we didn’t do enough. The intent of loading this tool was to help enhance our users’ shopping experience. The feedback from users was that it wasn’t useful, and that’s why we turned it off. Our reputation is everything and our products are ultimately how we have our reputation.
WSJ: Isn’t the best prevention tool to simply stop pre-loading any software on Lenovo computers?
Hortensius: In general, we get pretty good feedback from users on what software we pre-install on computers. What we’re going to do in the next few weeks is dig deeper, and work with users, industry experts and others to see how we can improve what we do around software that comes installed on consumers’ computers. The outcome could be a clearer description of what software is on a user’s machine, and why it’s there.
Read more: Lenovo Turns Off Superfish PC Adware Following Customer Complaints
______________________________________________________
For the latest news and analysis, follow @wsjd
Get breaking news and personal-tech reviews delivered right to your inbox.
More from WSJ.D: And make sure to visit WSJ.D for all of our news, personal tech coverage, analysis and more, and add our XML feed to your favorite reader.