superfish

Lenovo, the world’s largest PC manufacturer, has been installing a dangerous piece of adware on its consumer laptops. The software, called Superfish, leaves computers vulnerable to man-in-the-middle attacks in which hackers steal data as its sent from a user’s computer to a supposedly secure server.

What is Superfish?

Superfish is supposedly meant to give users “better” ads. (Better for advertisers, that is, and more insidious for consumers). It does this is by tracking all web browsing on computers where Superfish is installed and using that data to insert ads on sites you visit. Targeted ads are just another insufferable part of modern digital life, but it gets worse. Superfish can do this on secure sites too, as the software replaces an encrypted site’s certificate with its own. That’s not good.

ALL A HACKER NEEDS TO GAIN ACCESS TO TONS AND TONS OF SECURE DATA IS FIND A SINGLE KEY

Usually when you visit an encrypted site—say, Bank of America’s—your web browser uses a certificate to confirm that you are in fact visiting the real Bank of America site. That certificate is signed by whichever certificate company the website owner contracted with; in Bank of America’s case, it’s Verisign. On a computer with Superfish installed, however, the certificate from the Bank of America site comes back signed not by Verisign but by Superfish. And your computer has been brainwashed to treat the certificate as legitimate, thereby routing your encrypted data not through the proper and secure certificate, but through Superfish’s.

To make matters worse, the encryption key is the same for all Superfish certificates, so all a hacker needs to do to gain access to tons and tons of secure data is find a single key—which, according to Errata Security’s Robert David Graham, is pretty easy.

Lenovo says it stopped putting Superfish on computers in January, but to make sure your computer is safe, you can check here.

How to clear and protect your computer

First, Microsoft is doing what it can to root out the software. Its Windows Defender anti-virus software began removing Superfish on Feb 20th, 2015 by resetting the certificates that Superfish messed with.

To make sure Windows Defender does its job, update it immediately. Go to Windows Update or open Microsoft Security Software, select the Update tab, and click the Update button.

If you’d rather remove Superfish yourself, do the following:

  • Uninstall “Superfish Inc Visual Discovery.”
  • You Also Need To Remove All Superfish Certificates: You Can Do This By Searching For And Launching Certmgr.Msc From The Start Menu
  • Click On Trusted Root Certification Authorities, And Then Certificates
  • Delete All Certificates With “Superfish Inc” In Their Names.

Anther alternative for removal:

Remove Superfish with MalwareBytes Anti-Malware

Malwarebytes Anti-Malware is a lightweight anti-malware program that is excellent at removing the latest malware.  I’ve personally used this product for years and highly recommend it for any Windows PC user.

  • Download Malwarebytes Anti-Malware to your desktop.
    Buy Premium Version Download Free Version (without Real-time protection)
  • Install MalwareBytes Anti-Malware using the installation wizard.
  • Once installed, Malwarebytes Anti-Malware will automatically start and you will see a message stating that you should update the program, and that a scan has never been run on your system. To start a system scan you can click on the Fix Now button.
  • If an update is found, you will be prompted to download and install the latest version.
  • Malwarebytes Anti-Malware will now start scanning your computer for Superfish.
  • When the scan is complete, make sure that everything is set to Quarantine, and click Apply Actions.
  • When removing the files, Malwarebytes Anti-Malware may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot your computer, please allow it to do so.

Or, as Slate advises:

If you have a Lenovo laptop that has Superfish on it … I would advise nothing short of wiping the entire machine and installing vanilla Windows—not Lenovo’s Windows. Then change all of your passwords.