Superfish

It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time.

The adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.

Lenovo Caught Installing Adware On New Computers

Potentially more troubling:

With Superfish, it’s been claimed Lenovo is using a self-signed certificate to appear as a trusted party (which it no doubt considers itself to be) along the chain. In theory, it is therefore able to see users’ traffic and alter it in whatever way it sees fit. This method, according to Robert Graham of Errata Security, makes Superfish the root Certificate Authority (CA) – essentially the link that decides what encrypted communications to trust.

“It means Superfish can generate a valid (from the browser’s standpoint) encryption certificate for Facebook or Google, or any other site using HTTPS,” noted security analyst Andreas Lindh.

From a privacy perspective, this isn’t ideal…

How Lenovo's Superfish 'Malware' Works And What You Can Do To Kill It - Forbes

Uh, no, that isn't ideal.