Lenovo will be facing light consequences for bundling a third-party adware program called “Superfish” into its consumer PCs: the settlement merely requires Lenovo to give clear notice to customers of any data collection or ad-serving programs bundled on their laptops, and get affirmative consent before the software is installed. Superfish had root certificate access and was capable of inserting ads into even HTTPS-protected webpages.



As part of the settlement with the FTC, Lenovo is prohibited from misrepresenting any features of software preloaded on laptops that will inject advertising into consumers’ Internet browsing sessions or transmit sensitive consumer information to third parties. The company must also get consumers’ affirmative consent before pre-installing this type of software. In addition, the company is required for 20 years to implement a comprehensive software security program for most consumer software preloaded on its laptops. The security program will also be subject to third-party audits.

Discussion

Source: [H]ardOCP – Lenovo Won’t Pay a Fine for Preinstalling Superfish Adware