Thanks for this, I'll keep it in mind if I ever end up with one of these.

Every company seems to want to screw you.

So if I'm understanding this right, this is pretty fucking bad becase any party can use this installed exploit?

Yep...that's right.

Yup, this could damage their rep as badly as the 'root kit' scandal hit Sony, and for mine they fechen deserve it.  Next to bankers and politicians, advertising execs are the next worse class of parasite on the planet, and it IS these parasites who set shit like this up with hardware/software developers. Fechen advertising execs and their cohorts.  If I had my way, those responsible for this diabolical crime would be charged with intrusive cyber crimes.... AND convicted.... AND sentenced to denuttification AND life imprisonment WITHOUT parole.

What with modern HDDS coming with spyware installed in the root; intrusive and aggressive advertising; spyware and crapware being installed on new PCs - not to mention the scammers, hackers and phising parasites, it's a wonder there are any PC sales anymore.  If there's a way to kill the golden goose, it's going to extremes and excesses with one bad idea after another, and advertising execs know precisely how to do that.  Yup, PC sales and usage could see a steep decline if practices like this continue to happen.  In fact, I hope OEMs who agree to it go broke... along with the slimy advertisers who instigate it.

I know that I am becoming more and more dubious about purchasing anything OEM... but then again, if new HDDs come with spyware installed in the root, and it is found to be uninstallable, even building my own PCs could well become a thing of the past.  Thankfully, I've not experienced anything untoward with my HP laptop-come-tablet, but had I found anything remotely similat to this travesty, I'd be screaming it from the highest hill and kicking up such a stick they'd distinctly .hear it at HP HQ

Anyway, this advertising exec walks into a bar with a rather large leech on his head and the barman cracks up laughing for a few minutes.  When he finally settles and has caught his breath he asks: "Look, you don't see this sort of thing every day, so what's the stoey here?

The leech replies: "Well it started out as a very virulent and puss laden boil on my arse."

Now you all know where advertising execs come from.

Yeah, welcome to my "NEVER BUY!!" list, Lenovo.

 Burn in the hell of your own making.

Update:

“We messed up badly here,” Peter Hortensius, Lenovo’s chief technology officer, said in an interview. “We made a mistake. Our guys missed it. We’re not trying to hide from the issue -- we’re owning it.”

No, Mr. Hortensius. The problem is that the world's largest computer making firm made the laptop and for money, you put crapware, bloatware adware and spyware on your computers and someone bought it from you, so now that person "owns" it and the consequences of it, also anyone who buys that computer from him/her...and so on.

Now you expect people to think it was an 'oops'...or as a 15 year old might say, "messed up"...that Lenovo is based in Beijing and no one but no one will believe that you have anyone's security in mind, and you aren't 15.

"I have a bunch of very embarrassed engineers on my staff right now," Lenovo CTO Peter Hortensius said in an interview Thursday. "They missed this. Making this right also means setting up mechanisms to ensure something like this doesn't happen again, Hortensius said. "We'll make sure to have a much more detailed understanding of programs that go on our preload and they will not go if we think they're open to attack."

How lame does that sound? Their engineers weren't doing their job because they realize (just like anyone else would) that their salaries are coming from the money the Superfish "people" (and others) pay Lenovo to put their crap on their computers. So now LeNovo says it won't put adware on their computers anymore also that they will be making available a tool to remove Superfish...if you have a Lenovo, I wouldn't trust it to get the root certificate as well. I'd make sure it did by using the method in the OP.

They've published a "how to" on their website as well: http://support.lenovo.com/us/en/product_security/superfish_uninstall

Intentions are only seen as being right if you action them before you are caught

Yeah it's crap, but it's probably the best response they can make to save as much face as possible. Their only interest from here on out is safeguarding future sales. They'll whitewash, they'll lie, they'll omit, anything that works. This is the sort of thing that gets CEOs fired. 

About as lame as it gets...

"Oh, poo...we got found out....sorry....I'd say 'mea culpa' but I don't speak the lingo"...

Sounds to me like Mr. Peter Hortensius has a complete handle on the bullshit stakes... with the meter running exceedingly high on his press statement.

What he really meant to say was: "Look people, we messed up badly.  Our engineers didn't do a good enough job at hiding it and now everybody knows what low-lifes we've become."

They seem to be more concerned about the preload apps being open to attack than the more fundamental issue which is installing software to show adverts on the users PC.  The one the user purchased from them...

Mistakes happen, but the software they included doesn't seem to me to be a bit of software any sane individual would chose to install if they were given the choice.  On the other hand I can see the benefits for Lenovo.  I imagine profit made is about to be wiped out 10 fold by the PR damage though.

If we are lucky this will make all OEMS think more about what they bundle.  Likewise software developers.  Why should the latest version of Adobe flash try to force something else on me too?  I wanted to get a friend to install ImgBurn the other day, but had to find a link to an older version as the latest includes 'bundled offers' which I knew they would accidentally install.

They aren't sorry that they loaded the software onto their PC's, they are sorry that they got caught...

The only thing they will learn from this is to do a better job of hiding it from detection...and hope they don't get caught again.

So agree...there's no thought as to, "Will this do good for the consumer or not?"...or even more basic: "Would I install this on my computer?"

Who on earth would want adware? No one.

Worse...that root certificate which could be easily backward engineered and screw millions via mitm attacks. That's something ANY engineer would have checked under "Changes to the system after installation"...please don't ask me to believe they don't have software which shows them that!

Maybe we need to check the other OEM's to see if they have done any shenanigans sold the the public. And will not be buying a Lenovo!!!!!