Lenovo PCs ship with adware that puts computers at risk

Some Windows laptops made by Lenovo come pre-loaded with an adware program that exposes users to security risks.

The software, Superfish Visual Discovery, is designed to insert product ads into search results on other websites, including Google.

However, since Google and some other search engines use HTTPS (HTTP Secure), the connections between them and users’ browsers are encrypted and cannot be manipulated to inject content.

To overcome this, Superfish installs a self-generated root certificate into the Windows certificate store and then acts as a proxy, re-signing all certificates presented by HTTPS sites with its own certificate. Because the Superfish root certificate is placed in the OS certificate store, browsers will trust all fake certificates generated by Superfish for those websites.

To read this article in full or to leave a comment, please click here