Lenovo came under fire a few years ago for pre-installing adware called VisualDiscovery (developed by Superfish) onto new machines. Now that the legal dust has settled, the laptop maker has agreed to pay $3.5 million in fines to a 32-state coalition “to resolve their concerns” related to the nefarious bloatware app. In 2015, the worry was that the software performed a man-in-the-middle attack on supposedly secure connections and could be used to spy on encrypted communications. The company issued a tool for removing the software at the time.
“As part of the settlement with the FTC, Lenovo is prohibited from misrepresenting any features of software preloaded on laptops that will inject advertising into consumers’ internet browsing sessions or transmit sensitive consumer information to third parties,” the trade group writes.
That’s pretty clear cut, but the FTC has more stipulations in place too.
“The company must also get consumers’ affirmative consent before pre-installing this type of software. In addition, the company is required for 20 years to implement a comprehensive software security program for most consumer software preloaded on its laptops. The security program will also be subject to third-party audits.”
Despite coming to grips with the gravity of the situation at the time, Lenovo said today that it “disagrees with allegations contained in these complaints,” but that it’s happy to finally close the case over two years later.
Lenovo also said that it wasn’t aware of any third parties exploiting the app to gain access.