The Schwartz Report

Blog archive

Lenovo CTO Finally Apologizes for PC Security Fiasco

Lenovo Chief Technology Officer Peter Hortensius yesterday apologized for the SuperfIsh spyware installed on several of its PC models, saying it shouldn't have happened and said the company is putting together a plan to ensure it never happens again.

"All I can say is we made a mistake and we apologize," Hortensius said in an interview with The New York Times. "That's not nearly enough. So our plan is to release, by the end of the week, the beginning of our plan to rebuild that trust. We are not confused as to the depth of that this has caused people not to trust us. We will do our best to make it right. In the process, we will come out stronger. But we have a long way to go to make this right."

Hortensius said so far Lenovo has not seen any evidence that the malicious software that was embedded deep within the company's systems put any customers or their data at risk. "We are not aware of this actually being used in a malevolent way," he told The Times' Nicole Perlroth. Asked if it's possible that Lenovo engineers installed this on any other models than the two already reported (the Yoga 2 models and Edge 15), Hortensius said he didn't believe so but the company is investigating and will have an answer by the end of the week.

Nevertheless, some of his responses were troubling. Why did it take more than a month for Lenovo to get to the bottom of this once it was reported to the company? "At that time, we were responding to this issue from a Web compatibility perspective, not a security perspective," he said. "You can argue whether that was right or wrong, but that's how it was looked at it." Hortensius also wasn't able to answer Perlroth's question regarding how the opt-in processes work.

He was also unable to explain how the company was unaware that Superfish was hijacking the certificates. "We did not do a thorough enough job understanding how Superfish would find and provide their info," he said. "That's on us. That's a mistake that we made."

Indeed mistakes were made. Some might credit him for saying as much and apologizing. But based on the comments from my report on the issue earlier this week, it may be too little, too late.

"I didn't trust Lenovo even before this issue," said one commenter who goes by the name "gisabun." "Expect to see sales drop a bit [even if the corporate sales are generally unaffected]. Microsoft needs to push all OEMs to remove unnecessary software."

"Bruce79" commented: "Inserting a piece of software that opens unsuspecting users up to security attacks? That is a clear betrayal, regardless of price."

Kevin Parks said, "We need a class-action lawsuit to sue them into oblivion. That would tell vendors that we won't accept this kind of behavior."

Another had a less extreme recommendation: "What Lenovo could and should do is simple. Promise to never put third-party software on their machines for [X number] of years. After X number of years, no software will be preloaded; Lenovo will ask if you want the software downloaded and installed."

Was Lenovo CTO's apology a sincere mea culpa or was he just going into damage-control mode? Do you accept his apology?

Posted by Jeffrey Schwartz on 02/25/2015 at 9:36 AM


Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus