Whether you believe that Lenovo was misled by Superfish (which is to say, Lenovo would be a sort of victim in all of this) or you think the company nefariously put spyware onto its products on purpose, or something in between those extremes, the company is saying all the right things at this point.
The company posted (yet another) statement (opens in new tab) on its website today, offering Lenovo users an olive branch in the form of a free 6-month subscription to McAfee LiveSafe service (existing subscribers get a 6-month extension) as well as a pledge to stop loading bloatware on its PCs in the future.
"The events of last week reinforce the principle that customer experience, security and privacy must be our top priorities. With this in mind, we will significantly reduce preloaded applications," read the post. Lenovo also stated that it will begin this practice right away.
Further, "...and by the time we launch our Windows 10 products, our standard image will only include the operating system and related software, software required to make hardware work well (for example, when we include unique hardware in our devices, like a 3D camera), security software and Lenovo applications."
The company also promised to be transparent about any software that it henceforth does include on its systems, as well as what that software does.
For some users, this is all too little, too late. Lenovo allowed "Superfish" bloatware on some of its systems, beginning in September of 2014. We and our sister sites have covered the what and how of Superfish, and thus won't repeat ourselves here, but the habit-tracking software certainly extended its reach beyond what most would consider acceptable, and worse, it left users further vulnerable to attacks (despite Lenovo's protestations to the contrary).
Read more: Superfish Flaw May Not Be Limited To Lenovo
Here's a list of potentially affected systems, according to Lenovo:
|Affected Lenovo Products|
|G Series||G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80|
|U Series||U330P, U430P, U330Touch, U430Touch, U530Touch|
|Y Series||Y430P, Y40-70, Y50-70, Y40-80, Y70-70|
|Z Series||Z40-75, Z50-75, Z40-70, Z50-70, Z70-80|
|S Series||S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch|
|Flex Series||Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10|
|MIIX Series||MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030|
|YOGA Series||YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro|
|Edge Series||Edge 15|
Lenovo's tune has changed a bit over the past week, though. It admitted that it screwed up (opens in new tab) by preloading Superfish on devices. (The company said that it stopped doing so by January and also killed the server connections that allowed Superfish to do its work.) It posted a guide (opens in new tab) on how to remove Superfish.
On February 23, Lenovo CTO Peter Hortensius penned an open letter (opens in new tab) wherein he essentially admitted that security professionals were right about the security vulnerability, stated that Lenovo worked with the likes of McAfee and Symantec on updates to remove Superfish, and pledged to solicit help and feedback from both privacy/security professionals and "our harshest critics."
And today, we got the promise of cleaner PCs, free (or almost free) of bloatware.
Lenovo screwed up, big time. There's no question about that, regardless of what its motives may or may not have been, and what it may or may not have known, and it will take a long time to rebuild trust among users. But in the wake of this scandal, or fiasco, or disaster, or whatever term you want to apply to it, the company is at least responding correctly. Lenovo has been proactive and contrite, and it has offered immediate solutions and promises of change.
Whether all of the above will lead consumers to trust the company again and buy its PCs is something that sales numbers will bear out this year.