Security researchers have discovered a vulnerability in a piece of adware called Superfish that makes your computer vulnerable to all kinds of attacks. Superfish ships preloaded on many Lenovo computers, but can also be installed on any machine. Here’s what’s going on and how to test if you’re infected
Photo by Vertes Edmond Mihai
What Superfish Is
Superfish is basically run-of-the-mill adware software, but with some big security holes. Lenovo pre-installed it on some computers sold between October 2014 and December 2014, but any Windows computer can be infected.
Superfish is meant to place advertisements in your web browser. The problem is that the software also intercepts encrypted traffic, which opens up your computer to man-in-the-middle attacks (which work in a similar way to the Heartbleed security bug discovered last year).
Superfish also intercepts HTTPS connections. A post over at Errata Security shows that that the HTTPS certificate is incredibly easy to crack, which makes you even more vulnerable. For example, security research Chris Palmer found that when he visited Bank of America’s web site on a computer with Superfish installed, the bank’s certificate was signed by Superfish rather than VeriSign. This means attackers could use the certificate to create fake HTTPS web sites that grab your passwords, or even create viruses that are “signed” to look legitimate.
How to Test Your Computer And Remove The Superfish Software And Certificates
Thankfully, it’s easy to test to see if your computer is affected by Superfish. We had a handful of Lenovo PCs to test on and all ours were clear, but it only takes a second to test yours, so it’s worth testing regardless of what type of Windows machine you have. Uninstalling and removing Superfish is a bit more complicated, though.
- Head to this link to test if your computer has Superfish installed. If you get a no, you’re good, if you get a Yes, continue on. (Note: results may not be reliable if you use Firefox, so use Chrome or Internet Explorer.)
- Open the Windows Start menu or Start screen and search for “Uninstall a program”. Launch it.
- Right-click on “Superfish Inc VisualDiscovery” and select “Uninstall”, then enter your administrator password.
- Next, you need to uninstall the certificates. Head back to the Start menu and search for certmgr.msc. Launch it.
- Click on “Trusted Root Certification Authorities” and open Cirtificates.
- Look for any certificates that include Superfish Inc, and right-click to delete them
- Restart your browser then head back to the link in step 1 to test your computer.
With that, your system should be clear of Superfish, but if you’re really worried, the safest way to eradicate it is to do a clean install of Windows — without all the bloatware. Just make sure you back up your data first.
If you’d like a little more info about the technical (and historical) side of everything, Ars Technica, The Next Web, and Forbes all dig a little deeper.
Comments
3 responses to “How To Test Your PC For The New ‘Superfish’ Security Vulnerability”
Just got a new Lenovo computer last week. No superfish, good. I did go through the uninstall list and scrub a whole lot of stuff, but I don’t recall any superfish.
Forgive my ignorance, but why is Lenovo installing adware on their computers?
I know a lot of manufacturers put anti-virus and other bloatware, but adware? Were they unaware it was adware? Or are adware makers now paying manufacturers to install this crap on new systems?
Lenovo PCs are generally good machines. But they come with a huge amount of unnecessary bloatware that can be safely removed. Not counting the pre-installed 3rd party (i.e. paid to be there) programs.
For example, Access Connections and Power Manager aren’t really necessary any more now that Win7 and onwards have the same functionality built-in. Similarly, with the move to SSDs the drop protection facility isn’t required.
I’ve removed the majority of it from mine and the lappie runs just fine. But keeping the Update utility is important so the hardware drivers stay current.