Lenovo appologizes for 'Superfish' malware built into laptops2015-02-20 10:10 by Daniela
Tags: Lenovo, laptop, malware
Chinese computer manufacturer Lenovo has been accused of intentionally pre-installing its laptop computers with adware, called "Superfish". Superfish is a browser add-on that injects ads onto websites that users visit. So far, users have reported finding it on Lenovo Y50, Z40, Z50, G50 and Yoga 2 Pro models.
"We messed up badly here," Peter Hortensius, Lenovo's chief technology officer, said in an interview. "We made a mistake. Our guys missed it. We're not trying to hide from the issue - we're owning it. We apologize for causing any concern to any users for any reason. Lenovo never installed this software on any ThinkPad notebooks, nor any Lenovo desktops or smartphones."
According to researchers, the add-on is problematic because it undermines basic computer security protocols, thus making users' computers vulnerable to a "man-in-the-middle" attack that can steal information from websites that appear secured by HTTPS.
"The Superfish software undermines Internet security for the rather ridiculous purpose of serving advertisements," said Rainey Reitman, director of activism at the Electronic Frontier Foundation. "It's a severe security issue, and frankly a betrayal by Lenovo of all of its affected customers."
As for the security concerns, here's what the company's spokeswoman states:
"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns". Superfish "does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted... The relationship with Superfish is not financially significant."
You can manually check for the Superfish adware and uninstall it, by going to the Windows Control Panel -> Programs -> Uninstall a Program. If there is a progtam called "VisualDiscovery" in the list with installed programs, click the program and select Uninstall.
This is not enough, though, there is one more step. The Superfish certificates should also be uninstalled. Start by clicking the Windows Start button and typing certmgr.msc in the search box. Launch the certmgr.msc program, click on Trusted Root Certification Authorities, followed by Certificates. If there is something mentioning Superfish Inc among those certificates, right-click it and select Delete.
Read more -here-
Update (2015-02-21) Lenovo has released a "Superfish removal tool" under public license that can be used to clean the adware as well.