One of the biggest tech stories of the year popped up last week when it was revealed that Lenovo had been installing malware that, among other things, would compromise the security of supposedly secure web connections. This would potentially allow someone to hijack things like active user accounts. Ostensibly, the point of the malware was to provide better user ads by injecting them into websites, but the fact that this would work even for https by using a bad certificate authority looks very damaging for Lenovo. A Slate article calls this:
one of the most irresponsible mistakes an established tech company has ever made.
It’s hard to disagree with that statement. By doing this, Lenovo intentionally broke the network security protocols necessary for almost any website requiring a secure connection or user login credentials.
According to Lenovo, this was never installed on ThinkPads (widely used by businesses), but even so, reinstalling the operating system to get rid of any manufacturer software is usually a good idea. Various articles say how to find out if you have the offending software on your computer and how to get rid of it. Anyone whose computer has it should get rid of it ASAP and should probably change the passwords on all their web accounts.