Lenovo Offers Free McAfee Subscription, Pledges Fewer Preloaded Apps, “Cleaner, Safer PC”

Much to its credit, Lenovo hasn’t let its Superfish flap fester and, in fact, in the week since has taken a number of steps ahead. While the company’s somewhat defensive initial reaction was to claim everyone around it had over-reacted, its subsequent posture has been apologetic and its actions constructive.

In its latest series of steps to regain customer trust, Lenovo said it will offer users affected by the Superfish bungle either a free, six-month subscription to McAfee’s LiveSafe service or a similar length extension for existing subscribers. The vendor hasn’t finalized details of the offer but said it will provide more information within a week’s time.

And, Lenovo said it will reduce the number of preloaded applications it bakes into its PCs. From now on until it launches its first Windows 10-based systems, the standard Lenovo PC screen image will include only icons referencing the operating system and related software, security apps and Lenovo-specific apps, eliminating adware and bloatware, the company said.

“The events of last week reinforce the principle that customer experience, security and privacy must be our top priorities,” Lenovo said in a statement. “With this in mind, we will significantly reduce preloaded applications. Our goal is clear: To become the leader in providing cleaner, safer PCs.”

Lenovo also said it will post information about all the software it preloads on to its PCs, explaining what each application does. The vendor said it will continue to seek feedback from its user community and industry experts to ensure it’s picked the right apps.

“We view these actions as a starting point,” Lenovo said. “We believe that these steps will make our technology better, safer and more secure.”

Just in case you’re unfamiliar with Lenovo’s Superfish adventure, the company pre-installed the Superfish adware on some of its consumer laptops from last September to December, opening an uber-invasive superhighway for attackers to steal users’ encrypted Web data or stored online passwords.

It first claimed it didn’t know that the Superfish adware is constructed to hijack encrypted Web sessions and exposes users to HTTPS man-in-the-middle attacks, then insisted that it installed the Superfish software “to help customers potentially discover interesting products” while shopping.

FInally, overwhelmed by an onslaught of heavy criticism from security experts, Lenovo acknowledged it “didn’t do enough” due diligence prior to pre-installing Superfish, admitted it needed to respond quickly to consumers’ concerns and a few days later released a removal tool to wash any trace of the Superfish app from the infected laptops.