Lenovo’s been shipping Superfish on their PCs for months. This is a security disaster, and it shows how little PC manufacturers actually care about your PC’s security. There’s only one way to ensure your new PC is actually safe to use.

Superfish is just the tip of the iceberg. PC manufacturers include all kinds of junkware on their new PCs, and there are probably other horrifically vulnerable bits of junk software on other manufacturer’s PCs. The Windows hardware ecosystem is sick.

Yes, the Microsoft Store

RELATED: How Computer Manufacturers Are Paid to Make Your Laptop Worse

While Apple’s Macs obviously come clean of any additional junkware, Google also forces Chromebook manufacturers to not tamper with the software. But Microsoft doesn’t seem to care that PC manufacturers are packing their PCs with software that slows them down and installing root certificates that destroy a computer’s security. If you buy a computer from a typical retail store, an online shopping site, or direct from a manufacturer — well, you have no guarantee it’s not packed with software like Superfish.

But Microsoft does care about “Signature PCs” that you can buy from the Microsoft Store. When you buy a computer from the Microsoft Store — either one of Microsoft’s physical stores, or the Microsoft Store website online — you’re guaranteed to get a “Signature Edition” of that computer. Microsoft controls the software that ships on these PCs, and they strip out the worst stuff to ensure you have a clean copy of Windows with only useful utilities and drivers.

So, if you want a safe Windows PC, buy it from the Microsoft Store. And yes, Microsoft offers a wide variety of Windows PCs, not just their own Surface line.

No, we’re not bought and paid for by Microsoft. But, if you want a Windows PC, you might as well get it straight from Microsoft and prevent those Windows hardware manufacturers from messing things up too badly. Microsoft will only guarantee you a clean copy of Windows if you go through them.

Or You Could Reinstall Windows, But…

RELATED: Beginner Geek: How to Reinstall Windows on Your Computer

You could also just reinstall Windows on your new PC, too. Geeks often do this. On a new Windows 8 or 8.1 PC, this should be easier than ever. You can download the Windows installation media straight from Microsoft to create a Windows 8.1 disc or USB drive with the latest update and install it on your new PC. Modern Windows PCs often have their product key embedded in the UEFI firmware, so you may not even have to enter a key when installing it.

No, you unfortunately can’t reinstall Windows from your computer’s recovery partition or even Refresh or Reset it. That’ll just bring all the junkware back.

While this is a good tip, it’s still not completely supported by Microsoft. Don’t be surprised if you encounter an issue. And, after you reinstall Windows, you may want to visit the hardware manufacturer’s site and download certain utilities that actually help your computer function. (Microsoft does bundle some of these manufacturer utilities with their Signature PCs, but only if they’re actually useful.)

Obviously, you could also build your own PC from scratch and install Windows on it when you get your hands on it. But good luck building your own laptop from scratch! Really, it’s much easier to just order your next laptop from the Microsoft Store and skip all this.

Now Keep That New Computer Secure

RELATED: Yes, Every Freeware Download Site is Serving Crapware (Here's the Proof)

Getting a computer that isn’t packed with junk that spies on you and opens massive security holes is difficult enough. But it’s not just a problem when you buy a PC. You’ll have to keep dodging this terrible software because download sites and Windows freeware authors want to smuggle this unwanted software onto your computer. That’s how they make their money.

Follow our tips to staying junkware-free after getting your computer into a safe state. Avoid software download sites and stick to Ninite. Test software in a virtual machine if you’re not sure of it. Disable or uninstall those under-attack browser plug-ins. Set up Microsoft’s own EMET tool to protect yourself from security holes. Follow all the usual tips for staying safe online.

And yes, there’s apparently another tip now — don’t just buy a PC from a retail store or typical hardware vendor. Get a Signature PC from a Microsoft Store or at least be sure to reinstall Windows immediately when you get your hands on it.

Please, Microsoft, do something!

Perhaps they’re flinching away from being too controlling because of the monopoly trial, or perhaps they just don’t want to upset all their hardware partners who depend on this junkware for profits.

But the situation is getting worse and worse. This junkware isn’t just slowing down computers and annoying users — it’s opening massive security holes in Windows. All the good work Microsoft is doing to make Windows more secure means nothing if computer manufacturers install huge security holes in their computers before selling them to actual users.