Lenovo Superfish: How To Tell If You’ve Got It, How To Get Rid Of It

Send to Kindle


If You Bought A Lenovo Computer Between Last September And Now, It Probably Has Superfish

Since last September Lenovo has been shipping laptops with Superfish “adware” pre-installed. Once installed, Superfish can display its own ads in your browser. That’s pretty slimy, but it’s not the worst thing about Superfish: in order to get the necessary permissions required to do its adware dirty work, Superfish installs its own (bogus) security certificate on your computer to supersede and override ALL other website security certificates.

Security certificates are those things that tell your browser you’re on a legitimate site and not a fake. Every legitimate site must provide a security certificate to indicate who’s really running the site, and when the certificate presented by a given site doesn’t match the name of the company that runs the site, it’s a major red flag because it often means the site you’re looking at is a fake, intended to trick consumers into giving up personal and financial information.

By supplying its own security certificate and allowing its certificate to override ALL other sites’ security certificates, Superfish does two horribly horrible things: first, it doesn’t allow consumers to see if the sites they’re visiting have trustworthy and accurate security certificates of their own, and second, because the Superfish certificate’s own security credentials (these are like a digital key that opens digital security locks) are public knowledge, it’s virtually effortless for hackers to provide those credentials to any Superfish-ed Lenovo computer they can access and thereby gain TOTAL CONTROL of the computer, to steal or install whatever they want!



Tools To See If You’ve Got It

Only Lenovo computers have been affected by this debacle, because Lenovo itself pre-installed Superfish on computers that began shipping last September. If you bought one of them, here are some trusted sites you can visit that will quickly scan your machine to see if Superfish is installed:

Filippo Valsorda’s Superfish scan

LastPass scan for Superfish

Lenovo has also provided its own list of Lenovo models where Superfish was factory installed, here.


How To Get Rid of It

While Lenovo was initially—and shockingly—dismissive of the Superfish problem, Lenovo has now provided their own tools to remove Superfish.

Windows users who are feeling a little untrusting of Lenovo, which would be understandable, can let the latest Windows Defender update handle the task of removing Superfish. Click here to visit Microsoft’s site with details and instructions on Windows Defender.



Why Did Lenovo Do This?

While Lenovo has made no official statement in this regard, the most likely reason for any computer or software manufacturer to pre-install adware is that the company stands to receive a portion of the ad revenue generated by the adware.

Either Lenovo was unware of the Grand Canyon -sized security hole Superfish opened on its Lenovo computers, or was aware but felt the risk of anyone discovering and taking advantage of the hole was small.

They were wrong. Way back in September, almost immediately after the Superfish-carrying machines started shipping, online discussion/support boards for Lenovo computers started buzzing with consumer complaints and concerns.

As to why it took Lenovo so long to DO something about it…well, you’d have to ask Lenovo.


* * *

And now…

Amazon’s ONE DAY ONLY 15% Off Sale on Fire Tablets provides a great opportunity to grab an excellent tablet that’s already a great value at its full price at a discount. Just be sure to take advantage of this deal TODAY (2/24/15), because prices go back up tomorrow.


* * *

Fire Tablet Tech Tip of the Week: Lifehack: Fire HD6 Makes A Great Camera For ‘Middle Aged Eyes’, or Kids!

* * *


Print Friendly