When will individuals pay for security?
In the corporate world, it is well established that being on the front foot when it comes to security is an issue that demands money. As individuals feel the consequences of compromising security for convenience, will consumers change their ways?
Last week's discovery of Lenovo bundling Superfish malware that chose to insert its own self-signing certificate authority into Windows' trusted certificate chain under the auspices of serving ads to Lenovo customers highlights the extent to which hardware makers will try to squeeze a profit out of a low-margin business.
Throughout the Chinese hardware manufacturer's twisting and turning last week -- from outright denial of Superfish's security impacts to the weekend's mea culpa that Superfish was indeed a security concern and not the "potentially unwanted program" that Lenovo was trying to label it as -- perhaps the most damning admission was that the whole preloading affair was conducted late last year for a pittance.
