I don’t own a Lenovo PC, thus I shouldn’t get upset over Lenovo pre-installing adware from Superfish. This adware was apparently infected by a third-party Komodia (Israel startup) which put a bad certificate on the Lenovo PC which allowed a Man-in-the-middle attack for all web sites. The web site’s SSL certificate showed the issuer was Superfish. Now I hate preinstalled software and routinely delete it when I (or a friend) get a new PC. The annoying thing here is that just removing Superfish doesn’t remove the bad certificate and the MITM exploit can continue. Lenovo has apologized and has a removal tool (from McAfee, but other vendors have one as well.) Lenovo has been hit with a class action suit, which I hope will extend to Superfish and to Komodia.
I don’t particularly like government intervention, but if it were clear that Lenovo and its suppliers were guilty of some federal crime and subject to huge fines, it might dissuade PC makers from preinstalling such crap onto their PCs. I know that PC profit margins are thin, and preinstalled software adds revenue, but really! (There is also the fallacy that preinstalled software enhances the PC by making it usable and attractive right out of the box. If you think this is attractive, think about the Superfish infection!
Some people like to reinstall Windows – assuming they have an installation disk from Microsoft. (This is less hassle for open source operating systems, because such a disk image can be downloaded.) In this way, all the crap installed by the PC manufacturer doesn’t get installed.