Lenovo Superfish: Lawsuit, Open Letter to Users, Partners
The first of what could be a slew of lawsuits against Lenovo and Superfish was filed in U.S. District Court in southern California ahead of an open letter from the vendor again apologizing and detailing the steps it's taking to recoup lost user trust.
As expected, Lenovo‘s Superfish blunder isn’t going away anytime soon but, to its credit, the vendor is trying hard to own up to it and explain itself.
In the meantime, the first of what could be a slew of lawsuits was filed in U.S. District Court for the Southern District of California, alleging the vendor engaged in “fraudulent” business practices. Jessica Bennett, the plaintiff in the proposed class-action lawsuit, claimed the Superfish software damaged her Lenovo laptop and also charged the vendors violated her privacy and profited from digesting her Internet browsing history, IDG News reported. The lawsuit asks for damages both from Lenovo and Superfish.
Meanwhile, Lenovo’s chief technology officer Peter Hortensius issued an open letter to again apologize, keep users and partners apprised on the vendor’s progress to fix the problem, and to try to recoup some of the user trust it gambled and lost.
Here’s the text of Hortensius’ letter:
Beginning in September 2014, we made a decision to ship some of our consumer notebooks with Superfish. This software frustrated some users without adding value to the experience so we were in the process of removing it from our preloads. Then, we saw published reports about a security vulnerability created by this software and have taken immediate action to remove it. Clearly this issue has caused concern among our customers, partners and those who care about Lenovo, our industry and technology in general. For this, I would like to again apologize. Now, I want to start the process of keeping you up to date on how we are working to fix the problem and restore your faith in Lenovo.
We have already taken several critical first steps:
We stopped the preloads and will not include this Superfish software in any devices in the future.
We have worked on our own and with our partners to make your PCs safe from this vulnerability as quickly and easily as possible:
On Thursday, Feb. 19, Lenovo provided a manual fix and by Friday, Feb. 20, we provided an automated removal tool to make it simple for our customers to remove Superfish and related files.
Also on Friday, our partners, Microsoft, McAfee and Symantec updated their software to automatically disable and remove this Superfish software. This means users with any of these products active will be automatically protected. We thank them for their quick response.
Together, these actions mean all new products already in inventory will be protected. Shortly after the system is first powered-on the AV program will initiate a scan and then remove Superfish from the system. For systems which are re-imaged from the backup partition on the HDD Superfish will also be removed in the same manner. For products already in use, Superfish will be removed when their antivirus programs update.
We have communicated as rapidly as possible with customers, partners and industry watchers and influencers. I hope that with every communication, we are better informed and more clear on what is important.
Now, we are in the midst of developing a concrete plan to address software vulnerabilities and security with defined actions that we will share by the end of the week. What I can say about this today is that we are exploring a wide range of options that include:
creating a cleaner PC image (the operating system and software that is on your device right out of the box);
working directly with users, privacy/security experts and others to create the right preload strategy quickly;
and soliciting and assessing the opinions of even our harshest critics in evaluating our products going-forward.
While this issue was limited to our consumer notebooks and in no way impacted our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device, we recognize that all Lenovo customers may have an interest in where we are and what is next. The fact is our reputation touches all of these areas, and all of our customers. Now, we are determined to make this situation better, deliver safer and more secure products and help our industry address—and prevent—the kind of vulnerabilities that were exposed in the last week.
Thank you.
Peter Hortensius
About the Author
You May Also Like