About that root certificate...
This whole thing is disgusting, so please don't think I'm sticking up for Lenovo here, but (not having the equipment to test) I'm puzzled about the issues involving their local root certificate.
Surely it is only accepted by the local browsers when they talk to the superfish program, and NOT the Superfish program as it talks to the outside world, therefore making concerns over thr cerificate key strength/password etc. moot?
Extending on this, interestingly it would become a problem only when the software is removed if the client-installed root certificate is left behind!