http://arstechnica.com/security/2015/02/superfish-doubles-down-says-https-busting-adware-poses-no-security-risk/

It’s almost a rite of passage.  You buy a shiny new computer (or tablet, or phone) and the very first thing you do (well, many of us anyways) is to start killing bloatware.  Virus checkers, game suites, custom browsers that direct you to a very specific set of stores, you name it, someone has paid the fee to have it sitting right there on your desktop as soon as you boot your machine for the first time.

But you don’t tend to think of these things as malicious.  Opportunistic?  Yes.  Annoying as all h*ll?  Absolutely.  Occasionally useful?  Okay, maybe.  And, while Just about everyone on the planet thinks it’s a P.I.T.A, not a lot of people seem to regard it as a threat.

Until now.

The issue, in this case, is not so much that the company in question is allowing ads to sneak in (that’s total crap, but not beyond the pale for the kinds of bloatware you find).  The real issue is that, in order to do it, they are bypassing security.  They are opening a door that a hacker with enough time and energy can exploit (and, lets face it, if there is a hole, they WILL find it.  period.  It’s not an IF question, it’s a WHEN and what color HAT are they wearing today question).