echo ''

Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

What Lenovo’s SuperFish Snafu Can Teach Us About Security

March 25, 2015

In mid-February, it was revealed that the PC manufacturer Lenovo had been packaging computers with an app called Superfish. Superfish, by itself, was a piece of software that would modify your search results so that certain products would appear ahead of others, regardless of what browser you used. As annoying as that is, that wasn’t what brought Superfish to the attention of security experts. Instead, it was the revelation that Superfish just happened to be monitoring all of your browser traffic — allowing them to sell it to the highest bidder.

Lenovo’s Superfish scandal reveals the state of security in the contemporary era: chances are, if someone can collect data on you, they will. You have to take your own steps to protect your privacy, and to keep corporations away from your data.

Bloatware Isn’t Safe – Or New

If you’ve purchased a new PC in the last decade, you’ve probably encountered bloatware. Bloatware is software that’s often installed by PC manufacturers, most of which is supposed to be seen by the consumer as a helpful addition. Bloatware comes in many shapes and sizes, from virus scanners to browser bars, and just about everything else in between. While some manufacturers are better than others, almost every single PC sold today comes with some form of the junk.

Bloatware isn’t just annoying though, it’s dangerous, as the Lenovo Superfish scandal shows. As most pieces of bloatware connect to the Internet, they provide yet another potential avenue for attackers to get into your system. Additionally, since a good chunk of bloatware is hidden, you never even know that the vulnerability is there. It’s unlikely that any of Lenovo’s customers were even aware of Superfish or what it was prior to it turning into a national headline. Although it would’ve been a security hazard even if their customers knew about it, the fact that it’s hidden makes it even more dangerous.

Antivirus Software Isn’t Security

In a New York Times article about the Lenovo Superfish fiasco, journalist Nicole Perlroth notes that discovery of Superfish came on a computer with not one, but two virus scanners. This is painted as a sort of revelation, as if the virus scanners should’ve picked up on Superfish.

While we’d like to think that a malware or virus scanner would pick up on something like Superfish, the reality is that not every piece of bloatware is malware — at least not on the surface. While most would be categorized as unwanted software, that doesn’t necessarily mean that it’s intentionally there to harm your machine.

More importantly though, consumers typically think of computer security as being something you don’t have to worry about once you have a virus scanner and a firewall. Unfortunately, that’s not quite all you have to worry about.

Virus scanners and firewalls aren’t enough to keep the bad guys out. After all, while the Lenovo Superfish incident is certainly something hackers are closely watching, Superfish is a problem even if it doesn’t get hijacked by hackers. Remember, this is a piece of software that scans all of your Internet traffic, looking for keywords that it can then sell to advertisers. How comfortable are you with the details of your computer usage being sold to the highest bidder?

Proper computer security protects your privacy, and that means that encryption is a requirement for anyone wishing to protect their information. Encryption protects your information by obscuring the data within, making it impossible to access without your permission. Even if a hacker — or a marketing company — were to stumble on encrypted data, they wouldn’t be able to use it, as they wouldn’t be able to make sense of it.

As far as we’re concerned, until your important files are encrypted along with your email, you don’t have a secure computer.

Don’t Wait for Another Lenovo Superfish Scandal

Chances are, this won’t be the only time a piece of bloatware goes rogue. As big data becomes increasingly more profitable, more and more manufacturers are going to try and gather as much information on you as possible, which means more and more bloatware will find its way onto your new PC.

If you don’t want to let them monitor you, you need to start using encryption today. An easy way to get started is to use Virtru, which will enable client-side encryption for your inbox, allowing you to send and receive email protected by military-grade encryption. Virtru is easy to use, and it works with iOS and Android, meaning that you don’t have to ditch encryption when you’re on the go.

Don’t let another Lenovo Superfish snafu sneak up on you. Have the proper tools ready, so that you’re protected by encryption — not by the lucky discovery of a security researcher.