Recently, Lenovo has been in the news for a mistake that had the potential to impact our clients. An adware program called Superfish opened up a major security vulnerability in Windows computers. In this post, we will break down exactly what Superfish is, how CPURX responded, and what we can learn about security from the Superfish incident.
Understanding Lenovo’s Security Blunder
Before looking at Superfish, it is helpful to understand the context in which. Almost all Windows PC’s are sold with preinstalled software packages. Unfortunately, these software packages are not necessarily put together with the user’s interests in mind. They often contain pieces of software that either spy on users, or display pesky ads trying to get users to purchase software they neither want nor need. Although such programs do not benefit users, PC manufacturers have accepted payment from companies to include these programs, which helps the manufacturers make a profit in a market with tight margins.
The Superfish adware that Lenovo included on their machines was in theory little different than other similar programs, which are commonly on PC’s by other companies. The crucial difference was that Superfish actually interferes with a computer’s security in ways that allow potential attackers access to browser traffic and communications. In other words, a hacker might be able to steal passwords, emails, and other sensitive information. While this is clearly a much more serious problem than most prepackaged softwre, it is worth noting that even “ordinary” adware impacts computer performance, degrades the user experience, and is not in the interests of the user.
The CPURX Team Response
As soon as we learned about Superfish, the CPURX team went to work. Our engineers immediately scanned all client systems for the adware; fortunately, all systems were clean. Soon after the incident, Microsoft responded with its own security patch which was designed to protect systems against Superfish. Once again our technicians responded, making sure the patch was installed across all of our clients’ Windows systems.
Security Depends on Human Beings
Ultimately, security measures are implemented by people, and people are flawed. This becomes obvious in cases where large corporations are easily hacked due to the actions of disgruntled employees. Many other security attacks depend on humans making mistakes, such as performing certain actions, in order to succeed. For instance, a spoofed email may trick users into entering credentials into a website controlled by hackers, but savvy users will realize the email is suspicious and immediately destroy it.
In the case of Lenovo, a corporate decision to prioritize profits actually put users at risk. But it is clear that Lenovo is from being the only technology company willing to act in ways that don’t benefit customers and users. That’s why at CPURX, our technology solutions are built on a foundation of strong relationships, integrity, and trust. As our clients have learned, whatever solutions we implement, we always have our clients best interests at heart, and our goal is not to manipulate or take advantage of our users, but rather to empower them to be more effective and productive.