After ‘Superfish’, Lenovo in fresh security imbroglio

13 Aug 2015

There may be secret software on your Lenovo laptop – the Chinese computer manufacturer has apparently been caught secretly installing its own proprietary software on Windows PCs, and the software appears near-impossible to remove.

A number of users have noticed that Lenovo computers were automatically downloading an application called ''Lenovo Service Engine'' to their machine, and, disconcertingly, said firmware would reinstall itself even after a clean reboot of the Windows operating system was performed.

The problem was first noticed by Ars Technica forum user ''ge814'' about a week ago, reported The Next Web, and presents a security risk, since forcing a PC to download programs could be a gateway for hackers to install similar-looking malware.

The company has since issued a statement saying it had addressed this security vulnerability through an update, and that this patch would be installed in all newly manufactured Lenovo computers.

This follows the ''Superfish'' fiasco for the company in February, whereby a preloaded piece of software called Superfish potentially allowed hackers to see a user's browser traffic (See: Lenovo hit with lawsuit over Superfish ''spyware''). and US government advises Lenovo to remove ''Superfish'' from laptops).

Lenovo scrambled to issue a patch and an apology: ''We messed up badly,'' Peter Hortensius, Lenovo's chief technology officer, told CNET, adding that the company was unaware Superfish was making browser traffic information public.

It remains to be seen if these missteps will affect Lenovo's standing as the world's biggest PC vendor.

In the fourth quarter of last year, the company shipped 16 million units, and had the biggest PC market share at around 19.9 per cent, according to IDC. Hewlett Packard, long considered the leader in this market, was second with a share of 19.7 per cent.