The Channel logo

News

By | Iain Thomson 25th February 2015 01:58

Lenovo CTO: Hey, look around – we're not the only ones with a crapware infection

Friday is D-Day for PC lobber to regain trust

On Friday Lenovo is going to tell the world about how it plans to regain the trust of its users in the wake of the Superfish clusterfuck – and may even launch an independent security audit of its products.

"Our goal, in the end, is to make this right," Lenovo's CTO Peter Hortensius told The Register on Tuesday. "It's going to take a long road to earn trust back."

Lenovo was caught bundling adware Superfish with its cheapo laptops to make a fast buck by injecting adverts into websites, a move that left users vulnerable to online password theft.

Hortensius claims this is an industry-wide problem, and analysts have found other companies slipping software similar to Superfish into people's PCs.

"I'm not going to comment on the competitors but I think you guys know the reality of the state of our industry," he said. "Everyone is one step away from disaster and we're going to make sure that when we're done we're several steps away."

Hortensius said that last Thursday morning was the first he knew of a problem with Lenovo laptops and Superfish, and he initially assumed it was just an adware issue. Within a few hours he realized the problem was more serious, he says, and Lenovo went into crisis management mode.

Lenovo, with the help of Microsoft and antivirus makers, worked to rid its laptops of Superfish, its ad-injection code and its rogue root CA certificate that compromised HTTPS connections, even releasing an open-source uninstall tool.

That was the first step, Hortensius said, but his company recognizes that it's got a much bigger hill to climb to get trust back from buyers. The firm hadn't realized that so many of its PCs were used in businesses, he said, and it was clear that it is going to be difficult to reestablish trust.

"By the end of this week we will release a more concrete statement around exactly what that means and we're still working towards that but we're considering any and all considerations," he said.

One of the most likely scenarios is that Lenovo publishes a full list of all the software that is bundled onto its PCs – something Hortensius said was "a real possibility". He didn’t rule out an independent security audit of the firm's systems by experts in the future either.

"I'm not sure they need a security audit," security guru Bruce Schneier told El Reg. "They need someone sensible in marketing."

Another option is to simply ship computers without demos, trial software, pointless utilities and other bloatware, something Microsoft offers on some Lenovo hardware as part of Redmond's Signature Edition line. Hortensius couldn’t say how much bundling the extra software contributes to his bottom line.

It's clear that Lenovo recognizes quite how deeply it has screwed up. The company had one of the most valuable brands in the computer business and wants that back. ®

comment icon Read 46 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

Locker room jocks photo via Shutterstock
Best locker-room strategy: Avoid emulating AWS directly
STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock