Written by: Daniel Haurey on 02/24/15

Last week, security blogger Marc Rogers posted an article describing how Lenovo admittedly installed adware on consumer laptops which compromised users’ security.

Lenovo’s response was feeble and insulting, hinting at the sort of hubris that only a corrupt politician could expect his or her constituents to endure without question.  Although still insufficient, an apology would be nice (or at least marginally more sincere), but let’s not hold our breath lest we pass out waiting for it.

Maybe a quick note, something like the following, would do some good.

Dear Lenovo:

As a consumer, I’d like to personally thank Lenovo for making a choice for me that I didn’t ask them to make, thereby eliminating any of the pesky and brain-cycle-draining thought I’d have to put into shopping online for holiday knick-knacks. It’s comforting to know that ALL of my internet traffic would filter through one service, without my clear knowledge and consent, and be used to provide targeted shopping ads to me and the rest of the unwitting saps who are foolish enough to put our trust in a brand that purports to have a culture of a “trusted business that is well respected around the world”, yet so clearly has placed greater emphasis on whatever monetary gain was generated by a partnership with a company that quite obviously develops and maintains Ad- and Spyware products. I think I’d prefer to keep my online banking traffic exclusively between me and my bank, but thanks for your interest in enabling someone to intercept it in the interest of better shopping, Lenovo.

As an IT Professional, I’m insulted by Lenovo’s justification for preloading the software on certain models: “The goal was to improve the shopping experience using [Superfish] visual discovery techniques”. That Lenovo states they never installed this software on any commercial-grade machines indicates that they are either suffering from extreme security nearsightedness or expects the rest of the Information Technology world to believe that consumer products might never leak their way into a commercial environment, and as such we are expected to believe that this transgression is somehow permissible. As a trusted advisor to our clients, and reseller of Lenovo laptops and desktops (almost exclusively selling Lenovo laptops), it is disconcerting that I now feel such trepidation in putting our name behind a brand who has willfully neglected the security and violated the trust of its consumer base. Additionally, I am wondering how we can recoup the damage to our help desk’s efficiency from dealing with the ripple effects of having so fervently advocated what has become, in quick fashion, an untrustworthy partner.

Shame on you, Lenovo. As a leader in the global IT and technology products and services market, you have a responsibility to steward the security and needs of consumers who have entrusted you with their precious data pipeline.

Sincerest Regards,
A disillusioned Lenovo-using, selling and supporting Information Technology Professional.


IT Security