Lenovo to flush 'crapware' from its consumer PCs after Superfish sin

Lenovo will immediately begin reducing the amount of "crapware" on its consumer PCs, a move triggered by last week's admission that adware pre-loaded onto the company's machines posed a critical security threat.

Lenovo today said that it would immediately begin reducing the amount of "crapware" on its consumer PCs, a move triggered by last week's admission that adware pre-loaded onto the Chinese company's machines posed a critical security threat.

"We will significantly reduce preloaded applications," Lenovo said in a Friday statement. "Our goal is clear: To become the leader in providing cleaner, safer PCs."

Over the past nine days, Lenovo has been vilified by customers for bundling the Superfish Visual Discovery adware with its consumer-grade personal computers. "You've basically flushed your credibility down the drain," wrote one customer on the company's support forum earlier this week. "Good luck getting people to actually think about buying your products now."

This week, brand quality measurement vendor YouGov BrandIndex said that Lenovo's brand "buzz" score had dropped by half since the Superfish news broke.

With the no-crapware pledge, Lenovo moved into damage control mode. "The events of last week reinforce the principle that customer experience, security and privacy must be our top priorities," the company said today.

Although Lenovo said it would immediately start to scale back the number of pre-installed third-party programs -- usually tagged with the descriptive labels "bloatware," "crapware" or "junkware" -- it pledged to complete the process by the time Microsoft released Windows 10 later this year.

"By the time we launch our Windows 10 products, our standard image will only include the operating system and related software, software required to make hardware work well (for example, when we include unique hardware in our devices, like a 3D camera), security software and Lenovo applications," the firm said.

Lenovo will also provide explanations -- it did not say where, whether on its website or on the new PCs themselves -- of each still-bundled application's purpose. Those whose PCs had been preloaded with Superfish will be offered a free six-month subscription to McAfee's security software.

McAfee, a partner of Lenovo, also has a deal to pre-load a 30-day trial of its software on the latter's PCs.

Superfish, which Lenovo added to new consumer PCs from September through December 2014, was blasted by security experts who discovered that the software left a gaping hole in the company's computers. Hackers were handed ways to intercept and steal critical information, including passwords, that was not properly safeguarded by encryption.

Earlier this week, other security researchers said that they had uncovered evidence that the underlying vulnerability -- which was not limited to Superfish -- has been used by cyber criminals in actual attacks.

Those security experts called on Lenovo and other OEMs (original equipment manufacturers) to stop loading third-party software on their machines. Such software is added to PCs at the factory for financial reasons: Computer makers receive payments from software vendors who want to get their programs in front of users, and the OEMs take a cut of fees users pay to extend the trial periods of pre-installed programs that come with expiration dates.

The revenue can be the difference between profit and loss on a PC, especially the lowest-priced models, as OEMs have raced to the bottom bands to keep pace with cut-throat competitors. The practice goes back decades.

While the Superfish fiasco sparked renewed dump-crapware debate, Stephen Baker, an analyst with the NPD Group who specializes in tracking retail computer sales in the U.S., said calls to completely scrub PCs was idealistic at best.

"Compared with, say, five years ago, there is way, way less [bloatware] than there used to be," said Baker. "But at the end of the discussion, people who complain about this have their eyes on the sky. No one is giving the PC guys money, and so they have to make some very tough choices."

That reduction in crapware was driven, like everything, by economics. "It's been getting harder to pick up a couple of dollars here and there," Baker said. As software prices have plummeted and many add-on programs' functionality has been absorbed by either the OS or free offerings, like browsers, the selection of bundled software consumers were willing to pay for after their PC purchase shrank.

One of the few remaining junkware additions that still put money in OEM pockets was security software. "That's something that people need," Baker observed. "It's not bloatware, that's something that has some value."

No surprise, then, that Lenovo specifically said that security software offers wouldn't be stripped from its PCs.

Realistically, price-pressured OEMs have to have a way to monetize the customer after the sale, Baker argued. And if not crapware, then some other mechanism.

"They may turn to more connections to their own sites or others', to create opportunities to sell stuff to people, as opposed to getting the money up front [from pre-install deals]. The goal would be to depend more on [after-sale] consumer actions," Baker said.

Some have pointed out that Apple is able to sell its devices, Macs included, without adding third-party software; so other OEMs should be able to, as well.

However, that argument's fallacy lies in the fact that Apple creates its own software, and spends considerably to do so. Windows PC OEMs, even if they had the resources, don't have the expertise to replicate Apple's approach. Nor would they, not with multiple rivals ready to drive down prices in a sometimes-futile search for volume rather than profits.

Baker's point was that Lenovo will be pressed to generate revenue in other ways -- ways not tied with the price of the hardware -- by dropping pre-loads. "They have to find those shekels somewhere," he said.

"This is all rooted in a historically tough market," Baker said. "Pretty much everyone has these things, including Microsoft with its 30-day trials of Office 365. But OEMs have to deal with the changing environment."

Join the Computerworld newsletter!

Error: Please check your email address.

Tags Malware & VulnerabilitiesantispamsecurityYouGovLenovo

More about AppleLenovoMacsMicrosoftNPD Group

Show Comments