If you bought a Lenovo laptop between August 2014 and June 2015, you might have heard about the VisualDiscovery software created by a company named Superfish. VisualDiscovery was a pre-installed adware program that showed comparable products when you shopped online. But there was more to the software than met the eye.
According to the FTC, VisualDiscovery created security vulnerabilities that put people’s personal information at risk. The adware acted as a “man in the middle” between computer users and all of the websites they visited, even if the sites were encrypted. The software then transmitted the user’s browsing information to Superfish without telling the user.
In addition, the adware created security vulnerabilities that put people’s information, such as login credentials, Social Security numbers, and financial account information, at risk from hackers.
If you bought a Lenovo computer with VisualDiscovery pre-installed, it’s likely you didn’t know it when you bought it. Lenovo did not clearly disclose important information about the program, and it was not readily visible on the laptop. However, because VisualDiscovery’s security vulnerabilities have been public since February 2015, most antivirus companies updated their software to remove the VisualDiscovery software (and the security vulnerability).
You can see if you have one of the affected Lenovo laptop models on Lenovo’s website. If you own a Lenovo laptop with VisualDiscovery installed, you can uninstall the program using these directions and automated tool.
As part of a proposed settlement with the FTC announced today, Lenovo will have to ask users to give permission when the company pre-installs software (with certain limited exceptions) if it functions as adware, or if it sends personal information to another company. The settlement also requires Lenovo to implement a software security program to address future security risks with pre-installed software.