Give us a week to gut Superfish, begs Lenovo CTO

Lenovo's chief technology officer Peter Hortensius has issued another statement on how the company plans to handle Superfish.

The missive explains that Lenovo has worked with anti-virus vendors to get their products flattening Superfish whenever a PC starts up and issued a removal tool.

Hortensius says Lenovo is now “in the midst of developing a concrete plan to address software vulnerabilities and security with defined actions that we will share by the end of the week.”

He can't say what those actions will be for now, but says the company is “exploring a wide range of options that include”:

• creating a cleaner PC image (the operating system and software that is on your device right out of the box);
• working directly with users, privacy/security experts and others to create the right preload strategy quickly;
• and soliciting and assessing the opinions of even our harshest critics in evaluating our products going-forward.

Hortensius also makes the point that Superfish was only installed on kit aimed at consumers and that the bloat/ad/malware “in no way impacted our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device”.

The statement ends with the promise that “... we are determined to make this situation better, deliver safer and more secure products and help our industry address – and prevent - the kind of vulnerabilities that were exposed in the last week.”

+Comment All of the above is not far off textbook crisis communications techniques: Lenovo's owned the problem, expressed contrition for the indefensible and is now trying to make itself the best source of information on the wider issue of “ the kind of vulnerabilities that were exposed in the last week”.

Admirable stuff: but let's no forget that Lenovo allowed this stuff to be installed on products it sold. It's making the right moves now, but made a series of horrid decisions to put itself in this mess. ®