The world’s biggest manufacturer of personal computers failed to do proper checks before installing malware-like software on its laptops.
Peter Hortensius, chief technology officer of Lenovo, agreed with security experts that the software, which could intercept personal information and make computers vulnerable to hackers, was “not something we want to have”.
On Thursday it was reported that the company had installed Superfish on nine of its laptop computer lines since at least September last year. The software uses visual recognition technology to place adverts in web browsers, but leaves security holes.
Lenovo said yesterday that it would release a tool to wipe Superfish from affected machines. However, security experts hammered the Chinese company over its handling of the crisis, accusing it of putting out misleading statements when the problem came to light.
The company said on Thursday that it had “completely disabled” Superfish last month so that it was “no longer active” on any machine. Lenovo also said it had investigated the software and could “not find any evidence to substantiate security concerns”.
However, security researchers built websites allowing people to test whether Superfish was active on their PCs. In many cases, users found that it was. Yesterday Lenovo replaced its original statement with one that made no reference to Superfish having been disabled.
Mr Hortensius told The Wall Street Journal: “We have no insight that anything nefarious has occurred. But we agree that this was not something we want to have on the system, and we realised we needed to do more.
“Our reputation is everything and our products are ultimately how we have our reputation.”
Lenovo said yesterday: “We apologise for causing any concern to any users for any reason.”
Adi Pinhas, founder of Superfish, which makes the adware, said that “at no time were consumers vulnerable”.