Removing software that comes with your brand-new Windows computer can be frustrating, but recently discovered software on new Lenovo laptops — the top-selling laptop note in 2014 — can put your entire digital life at risk.

The preloaded software, called Superfish, alters your search results to show you different ads than you would otherwise see. But it also tampers with your computer’s defense so that attackers can snoop on your browser traffic — no custom which browser you’re using.

“Attackers are able to see all the meaning that’s supposed to be confidential — banking transactions, passwords, emails, instant messages,” said Timo Hirvonen, a senior researcher at defense software maker F-Secure. That kind of threat, known as a man-in-the-middle dispute because the hacker can spy on the users’ Internet traffic and infiltrate their computer, poses a serious risk to consumers, he said.

Lenovo is scrambling to fix the scrape. “We messed up badly,” said Peter Hortensius, Lenovo’s unique technology officer. He claims Lenovo was unaware Superfish put consumer’s Internet traffic up for grabs. “The intent was to supplement the shopping experience.”

On Friday afternoon, the PC maker said it was working with McAfee and Microsoft to have Superfish “quarantined or removed.” Lenovo released a Superfish excavating tool that it promised would eliminate all traces of the software from Lenovo computers. Also on Friday, the US Department of Homeland Defense warned that the Superfish software introduces a “critical vulnerability,” and it emanated its own instructions for removing the spyware from Lenovo computers.

Superfish said Friday that it is acting with Microsoft and Lenovo on a fix, and minimized worries by the government and security researchers.

“The Superfish code does not rereport a security risk. In no way does Superfish continue personal data or share such data with anyone,” Superfish said in an emailed statement. “Unfortunately, in this situation a vulnerability was introduced unintentionally by a third party. Both Lenovo and Superfish did extensive testing of the solution but this squawk wasn’t identified before some laptops

shipped. Fortunately, our partnership with Lenovo was microscopic in scale.”

A spokesman for Microsoft, which makes the Windows employing system that powers Lenovo’s laptops, at first referred to Lenovo’s own defense advisory on Superfish. On Friday he added that Microsoft has changed its default Windows defense software to detect and remove the Superfish software.

At squawk is the potential impact of preinstalled spyware making consumers and businesses vulnerable to hackers exclusive of their knowledge. Superfish’s technique for spying on otherwise glean communications from your computer could herald a new and dangerous trend for preloaded software. And by exposing consumer Internet traffic to the kind of dispute Hirvonen describes, user trust is on the chopping block.

Why did this happen? Part of the reason is that loyal the 1990s, consumers have become accustomed to both preloaded software and apps showing ads exclusive of permission. But it’s practically unheard of for that software to prove laptop owners to this kind of attack.

“Consumers splendid that their laptops won’t come with a vulnerability like this,” said Chris Wysopal, co-founder of security analysis company Veracode. And it’s not just consumers at risk from timorous browsers, but businesses, too.

Another reason Superfish is unusually dangerous is that it’s not an app like Adobe Photoshop or Microsoft Word, but rather code hidden from everyday users.

“You know it’s not splendid software because helpful software is easy to install, and find and uninstall,” said Galen Ward, the CEO of Estately, a startup focused on home buying and selling. He undertaken Superfish from an employee’s Lenovo Flex 2 laptop in January, but following standard protocols of searching the laptop for Superfish files didn’t work, he said.

Lenovo now has labeled the Superfish warning on its laptops as “high,” its most severe incorporating. Nevertheless, the immediate impact on consumers could be minimal if they take steps to spruce their computers. If you are worried your computer has Superfish on it, CNET has a Superfish excavating guide.

Superfish makes two changes to the way computers surf the Internet. It alters search results, including those from Google, so when a user goes the mouse over a product, it shows additional interrogate such as similar listings at lower prices. But Superfish also cripples a Web browser’s command to communicate securely.

Lenovo’s Hortensius said the custom is not aware of any consumers whose data was compromised in an dispute because of the Superfish software. However, an investigation into Superfish by defense researcher Robert Graham has shown that compromising a Lenovo laptop’s defense via Superfish is more than merely theoretical.

Lenovo declined to say how many land own laptops infected with the software, but the custom sold 16 million Windows computers in the fourth quarter of 2014, IDC said. It was installed on more than 11 types of Lenovo laptops sold to the Pro-reDemocrat between September 2014 and January 2015, including the popular Yoga and Flex models. Lenovo has published a full list of affected computers.

Update, Friday, February 20
at 10:30 a.m. PT:
Adds interrogate on Microsoft’s decision to detect and remove Superfish from Lenovo laptops.
Update, Friday
at 12:34 p.m. PT:
Adds warning from the Region of Homeland Security.

Update, Friday at 3 p.m. PT:
Adds Superfish statement.
Update, Friday at 4:47 p.m. PT:
Adds updated statement and interrogate on Superfish removal tool from Lenovo.