Superfish

I'll do a bit of digging when I get home if it helps @ Sheal - be around 4-ish

 

@Sheal - I have been beaten to it; once again the knowledgeable ladies and gents of GC have answered the question swiftly; hopefully your PC isn't a Lenovo?

 

Lenovo Group Ltd. /lɛnˈoʊvoʊ/ is a Chinese multinationalcomputer technology company with headquarters inBeijing, China, and Morrisville, North Carolina, United States.[4] It designs, develops, manufactures and sells personal computers, tablet computers, smartphones,workstations, servers, electronic storage devices, IT management software and smart televisions. In 2014, Lenovo was the world's largest personal computer vendorby unit sales.[5] It markets the ThinkPad line of notebook computers and the ThinkCentre line of desktops.[6]

Lenovo has operations in more than 60 countries and sells its products in around 160 countries. Lenovo's principal facilities are in Beijing, Morrisville and Singapore, with research centers in those locations, as well as Shanghai, Shenzhen, Xiamen, and Chengdu in China, and Yamato in Kanagawa Prefecture, Japan. It operates a joint venture with EMC, LenovoEMC, which sells network-attached storage solutions. It also has a joint venture with NEC, Lenovo NEC Holdings, which produces personal computers for the Japanese market.

Lenovo was founded in Beijing in 1984 as Legend and was incorporated in Hong Kong in 1988. Lenovo acquiredIBM's personal computer business in 2005 and agreed to acquire its Intel-based server business in 2014. Lenovo entered the smartphone market in 2012 and as of 2014 is the largest vendor of smartphones in Mainland China. In January 2014, Lenovo agreed to acquire the mobile phone handset maker Motorola Mobility from Google, and in October 2014 the deal was finalized.[7][8]

Lenovo is listed on the Hong Kong Stock Exchange and is a constituent of the Hang Seng China-Affiliated Corporations Index, often referred to as "Red Chips."

 

Not soon enough, if Lenovo's Superfish software scandal is any indication.

From September to January, Lenovo shipped more than two dozen laptop models with Superfish software that inserted its own ads in Web search results. (It's widely estimated that means millions of computers, though the company hasn't gone into detail.) More than that, Superfish exposed the laptops and their Internet traffic to hackers in a way security experts have described as egregious and easily exploitable.

Lenovo's chief technology executive claimed the company was just trying to improve the user experience. "Our teams did not understand the significant security problem that [Superfish] presented," Peter Hortensius said Tuesday. "We're desperate to understand why we missed that." The company on Friday issued a statement pledging to reform its ways.

Superfish, too, pleaded ignorance. Founder and CEO Adi Pinhas blamed a small Israeli startup called Komodia. It's Komodia's software that allowed Superfish to decode Internet traffic and insert ads. Komodia did not respond to a request for comment, but in a 2009 blog, CEO Barak Weichselbaum detailed working on a security program designed to hijack secure Internet traffic.

Lenovo's Superfish debacle highlights a growing problem in the software world: As more software components are outsourced, consumers are placed at greater risk than ever before. Software used by billions of consumers and businesses almost always relies on components made by development companies far removed from the final product, each trusting the other to do their due diligence. Few are, however, and that's putting you at risk, experts say.

Imagine that software is a jigsaw puzzle, with everyone from at-home hobbyists to multinational conglomerates supplying pieces they trust to be well-made, said Herb Lin, a senior researcher for cyber policy at Stanford University's Hoover Institute. The problem is they are "too trusting" of their partners, he said.

"Testing is known to not be sufficient," said Lin. "The usual way of vetting software is that I give you a specification and you give me back a program," he said. "I then test it to see if it meets those particular specs. But it's only a part of a program, and it hasn't been tested with all [the other] components." The smaller software component may even work perfectly until it's built into a larger program or app, at which point the flaw gets introduced.

Third-party software havoc
Holes made by third-party software that are ripe for exploitation by hackers go far beyond Lenovo. Security researchers last year discovered major vulnerabilities in two widely used open-source software tools, dubbing the flaws Heartbleed andShellshock. Although they were accidentally introduced, they had survived for decades because companies trusted that the small teams of volunteers developing the software had thoroughly checked the software.




Superfish code hides in hard-to-reach places on a Lenovo PC, making it difficult to remove.Screenshot by Robert Graham/Errata Security
There's also the intentional security hole the National Security Agency is accused of inserting into a tool made by the RSA Corporation that scrambles user data to protect it. It's highly unlikely companies would have paid RSA to protect their data had they known, and RSA deniesthat it knew about it.

To be sure, Lenovo's Hortensius said his company has taken steps to ensure few users can still run into Superfish. But it was only after security experts began howling about Superfish's behavior that some security programs -- from Microsoft, Symantec and McAfee -- detected and removed the software.

 

They aren't bad @Sheal - bit to the cheaper end of things, but seem to be fairly reliable.