Lenovo’s Superfish bloatware copy Windows 10’s forced upgrade strategy

by Radu Tyrsina
Radu Tyrsina
Radu Tyrsina
CEO & Founder
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of... read more
Affiliate Disclosure
Lenovo Superfish bloatware

It’s the ghost of Windows 10 past!

Lenovo pulled a fishy technique on its users that recalls a similar one used by Microsoft. In case you missed it, Lenovo allowed a company called Superfish to install VisualDiscovery bloatware on hundreds of thousands of systems built back in August 2014. The nasty software enabled the collection of personal and sensitive information, including user login credentials, social security numbers, and more.

Lenovo admitted the issue a year later

The company acknowledged the problem after a year and created a dedicated tool to remove the bloatware from affected systems. Lenovo described the debacle as a major mistake and promised to keep the systems clean and free of malicious software from then on.

The United States FTC and 32 other states took legal action against Lenovothat resulted in $3.5 million in fines and a prohibition from misrepresenting pre-loaded software features that could end up with ads injected into browsers. Now, Lenovo has to tell the truth about each of the features found in the apps that come pre-installed on the devices the corporation sells.

It doesn’t end there, though. All Lenovo models launched in the next 20 years will have to come with security software pre-installed, and those programs will have to pass a third-party security audit as well just to make sure that everything is up to par. They must also require consumer consent in case it wants to put adware on its devices.

FTC revelations revealed something fishy about Superfish’s VisualDiscovery

The FTC also unveiled more details on how Superfish managed to infect a system using an idea that was previously embraced by an app developed by Microsof, being triggered when a user visited an online store with a pop-up window displayed on the screen that asked you to enable the app. Even if users didn’t agree, they were still enrolled in the program, according to Terrell McSweeny. Ouch!

Microsoft used the same technique as well

Microsoft also used a similar approach when it rolled out Windows 10 and turned to an aggressive push with its Get Windows 10 application. Users received upgrade reminders all the time and closing the notification actually opted them into the upgrade program, with files automatically downloaded in the background. Obviously, Microsoft called this a very big mistake and the company updated the Get Windows 10 app to no longer handle the window as a user consent to upgrade to Windows 10.


This article covers:Topics: