The Broadband Guide
search advanced
 forgot password?

Lenovo appologizes for 'Superfish' malware built into laptops

2015-02-20 10:10 by
Tags: , ,


Chinese computer manufacturer Lenovo has been accused of intentionally pre-installing its laptop computers with adware, called "Superfish". Superfish is a browser add-on that injects ads onto websites that users visit. So far, users have reported finding it on Lenovo Y50, Z40, Z50, G50 and Yoga 2 Pro models.

"We messed up badly here," Peter Hortensius, Lenovo's chief technology officer, said in an interview. "We made a mistake. Our guys missed it. We're not trying to hide from the issue - we're owning it. We apologize for causing any concern to any users for any reason. Lenovo never installed this software on any ThinkPad notebooks, nor any Lenovo desktops or smartphones."

According to researchers, the add-on is problematic because it undermines basic computer security protocols, thus making users' computers vulnerable to a "man-in-the-middle" attack that can steal information from websites that appear secured by HTTPS.

"The Superfish software undermines Internet security for the rather ridiculous purpose of serving advertisements," said Rainey Reitman, director of activism at the Electronic Frontier Foundation. "It's a severe security issue, and frankly a betrayal by Lenovo of all of its affected customers."

As for the security concerns, here's what the company's spokeswoman states:

"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns". Superfish "does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted... The relationship with Superfish is not financially significant."

You can manually check for the Superfish adware and uninstall it, by going to the Windows Control Panel -> Programs -> Uninstall a Program. If there is a progtam called "VisualDiscovery" in the list with installed programs, click the program and select Uninstall.

This is not enough, though, there is one more step. The Superfish certificates should also be uninstalled. Start by clicking the Windows Start button and typing certmgr.msc in the search box. Launch the certmgr.msc program, click on Trusted Root Certification Authorities, followed by Certificates. If there is something mentioning Superfish Inc among those certificates, right-click it and select Delete.

Read more -here-

Update (2015-02-21) Lenovo has released a "Superfish removal tool" under public license that can be used to clean the adware as well. 


  User Reviews/Comments:
by anonymous - 2015-02-20 17:23
Once the Chinese buy an American company I never buy from them again. I'll bet the Red Army had more than "Adware" in there. ;>)
by Bilbo - 2015-02-21 08:37
To anonymous 20/2/2015 :
You think that a computer is bad and can't be trusted because of a little not hidden and easily removable adware found ?

Oh yes, you're right little boy : go buy a US made computer filled with governemental rootkits to the bones, or a hard drive made in the US that includes rootkits even in the firmware :

Which country do you come from to ignore what 99% of the world knows ?
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About