

Lenovo Pre-installed malware - meandave
http://www.myce.com/news/lenovo-laptops-come-with-preinstalled-advertisement-injecting-adware-74290/

======
Mithaldu
Forum link where Lenovo employees confirm the issue:

[https://forums.lenovo.com/t5/Security-Malware/Potentially-
Un...](https://forums.lenovo.com/t5/Security-Malware/Potentially-Unwanted-
Program-Superfish-VisualDiscovery/m-p/1860408/)

And here's the money quote about the malware:

"Superfish Inc aka VisualDiscovery aka Similarproducts application will hijack
ALL your secure webconnections (SSL/TLS) by using self signed root certificate
authority, making it look legitimate to the browser"

~~~
0x0
That's pretty amazing. Does their SSL MITM proxy even validate the certs they
are rewriting, or are all these Lenovos completely open to MITM? (And the
certs are marked "all purposes", does that include native and java code
signing too?)

------
0x0
Why would Microsoft even allow Lenovo to license OEM Windows if they treat
customers to an Out-Of-The-Box experience like this? No wonder macs are
popping up everywhere I go...

