A California district court has approved a settlement between the PC manufacturer Lenovo and a group of customers to wrap up a class action that began after an adware that caused a serious vulnerability had been discovered on various Lenovo laptop models (photo of a Lenovo Yoga 2 Pro ©Yaoj1). The laptop maker will pay a total of $7.3 million while Superfish, the producer of the adware, will pay another million dollars to close the litigation for good.
Between September 2014 and January 2015, Lenovo sold around 800,000 laptops with the Superfish adware pre-installed following a commercial deal between the two companies. The initiative was terminated due to customer complaints as for them the software that showed advertisements on their laptops was an annoying crapware. But the worst came soon after, when it was revealed that the adware worked in a way that created serious security problems exposing the laptops owners to attacks by hackers.
Already in February 2015 a class action against Lenovo was started for the Superfish adware but when you go to court it might take a really long time to end the litigation. Actually, Lenovo customers’ lawyers thought they could get a far higher compensation – $35 million – but they advised the customers to settle with Lenovo because otherwise the litigation would continue for a long time passing through a jury decision, which is always a huge question mark. Attorneys fees will have to be calculated separately.
Last year, Lenovo reached a settlement with the American Federal Trade Commission (FTC) and the attorneys general of 32 states paying $3.5 million and accepting a 3rd-party audit for the pre-installed software in the next 20 years. That settlement closed the legal dispute with the American authorities that accused Lenovo of pre-installing software that created a vulnerability in their laptops and transmitted information to Superfish and not doing everything it could to handle the security risk.
During these years, Lenovo has always rejected the accusations stating that it knows of no real damage suffered by its customers due to the vulnerability caused by the Superfish adware. However, even if this were true, the company put its customers in jeopardy because of a commercial deal that made its customers see advertisements.
When the vulnerability was discovered even Homeland Security activated and called Superfish a spyware. The fact that Lenovo is a Chinese company may have contributed to such a harsh statement but the danger was real so I think that Lenovo got away with it. In my opinion, a harsher outcome for the company would have been a warning to all companies that pre-install bloatware and crapware on their PCs. We can hope that at least the attention paid to the security of the pre-installed software has increased.