A couple of you have mentioned that Lenovo was shipping consumer laptops with software called Superfish. I'd like to summarize what I'm learning so that we can work with facts as we advise each other. Please add any facts you have found. Scare stories don't impress me as much as facts that come from trusted sources.

This software apparently was designed to determine what you are browsing and download targeted ads. What is unique about Superfish is it is able to view images and determine content from that. Other systems are text based. The so-called benefit to the user was that you would see ads that were more towards things you are interested in. (I don't understand how corporations can't understand we don't want that, but they keep thinking otherwise). Because many websites are secure (address starts with https), they used code from a company called Komodia that allowed Superfish to see the secure stuff.

Lenovo pre-installed Superfish on consumer laptops (nothing in any Thinkpad series) from Sept/14 to Jan/15. They stopped their end of the service at that time due to customer complaints about the ad targetting. They also stopped pre-loading Superfish on any new laptops going out the door since then. However, the Komodia code was still on the laptops already on the market.

Last week, methods were discovered to use the Komodia code to compromise the laptops using something called a "man in the middle" attack. I don't know what that really means. That raised the issue to a higher level. Lenovo claims they worked with Microsoft, Symantec and others to develop anti-virus tools to remove this code. This was done in the past day or so and should be rolling out as the anti-virus tools update on your computer.

Superfish wasn't the only company to have the Komodia code. Lavasoft makes so-called security software such as Ad-Aware. Their Web Companion software had the code in it for some time. Their claim is they have re-written Web Companion once they realized the security risks of the Komodia system. This seems to be a work in progress though and the time-line seems to be driven by the bad publicity Lenovo is getting. See http://www.kb.cert.org/vuls/id/BLUU-9TWT2Y for some basic information.

There are numerous other software products with the Komodia code. I didn't recognize any others.

Let me know if you find any other significant programs that are vulnerable. So far, nothing I've used or recommended is compromised. My daughter's consumer Lenovo laptop is old enough that she isn't affected, but it's a reminder to keep a strong vigil about the crap-ware on any consumer computer.