14 DAY TRIAL // Lenovo is very close to leaving behind the Superfish bloatware fiasco after the company agreed on Tuesday to settle a dispute with the Federal Trade Commission and pay $3.5 million in fines, while also implementing a series of measures that would prevent similar cases in the future.
The PC maker allowed a company called Superfish to install VisualDiscovery bloatware on hundreds of thousands of systems that were manufactured in August 2014. The software enabled the collection of sensitive personal information from customers’ PCs, including login credentials, Social Security numbers, and other data.
Lenovo admitted the problem a year later and shipped a dedicated tool to remove the bloatware, describing its collaboration with Superfish as a “significant mistake” and promising to keep systems clean of malicious software in the future.
This hasn’t stopped the FTC and 32 states to start legal action against Lenovo, and as part of the settlement, the company will also be prohibited from misrepresenting pre-loaded software features that could end up with advertising injected into their browsers. In other words, Lenovo would no longer be allowed to lie on its users and instead have to tell them the truth about each feature of the applications that come pre-installed on the devices it sells.
Furthermore, all Lenovo models launched in the next 20 years will have to come with pre-installed security software that will need to pass a third-party security audit, and to require consumers’ affirmative consent should it want to put adware on its devices.
The Get Windows 10 app fiasco
But following Lenovo admitting its wrongdoings, the FTC also revealed more about how Superfish ended up infecting a system using an idea that was previously embraced by an application developed by none other than software giant Microsoft.
FTC commissioner Terrell McSweeny explains in a statement that Superfish’s VisualDiscovery software was triggered when users visited an online store, with a pop-up window displayed on the screen asking them to enable the application. But even if users didn’t agree with the software and clicked the X button in the corner of the window, which is the equivalent of closing the window, they were still enrolled in the program, McSweeny says.
Microsoft used a similar approach when it rolled out Windows 10 and turned to a rather aggressive push with its Get Windows 10 app. Users were provided with upgrade reminders every once in a while and closing the notifications actually opted them into the upgrade program, with files automatically downloaded in the background.
Microsoft later admitted what it called a mistake and updated the Get Windows 10 app to no longer handle closing the window as a user consent to upgrade to the new OS.
Superfish, however, developed software that was capable of doing more nasty things, including reducing download speeds by almost 25 percent and upload speeds by 125 percent.