Earlier this week, various news outlets reported that some Lenovo laptops had been shipped with factory-installed adware — called Superfish — that was surreptiously inserting custom, third-party advertisements into Google search results by those users. Our own Paul Thurrott reported that Lenovo claimed that Superfish was simply a “visual search enhancement,” but security experts debunked Lenovo’s claim by explaining that Superfish does far worse that simply inject advertising into search results.
Security expert Marc Rogers (@marcwrogers) — a Principal Security Researcher at CloudFlare — wrote a blog post detailing what Superfish does, and mentioned that Superfish also compromises all SSL connections on the impacted PC. In essence, Superfish uses a “man in the middle” approach, where Superfish is able to monitor and alter data going to and from websites without the knowledge of either the user using the system or the sites being visited.
Technically referred to as Superfish – Powered by Visual Search is adware that is developed by Superfish, a tech company with offices in Israel and Palo Alto, CA. In essence, Superfish allows Lenovo to insert their own custom advertising whenever a user of that PC does a Google search or visits other websites, which generates additional ad revenue for Lenovo.
According to a recent public statement by Lenovo, the company said that they “…thought the [Superfish adware] product would enhance the shopping experience, as intended by Superfish. It did not meet our expectations or those of our customers.” Lenovo also said that is stopped preloading the Superfish software on Lenovo products in January 2015, shut down the server-side connections that make the software function, and provided resources for customers who want to remove the Superfish software.
Lenovo said that Superfish may have been pre-installed on the following consumer computer models:
In the same statement, Lenovo also stressed that Superfish was never installed on any enterprise products:
“Lenovo never installed this software on any ThinkPad notebooks, nor any Lenovo desktops or smartphones. This software has never been installed on any enterprise product — servers or storage — and these products are in no way impacted.”
As of this writing, there are three easy ways to find out if your Lenovo PC has the Superfish software: Use the web-based Superfish detectors by LastPass and CloudFlare Security Engineer Filippo Valsorda, and/or use Microsoft’s free Windows Defender product, which has just been updated (version 1.193.444.0) to detect and remove SuperFish. All three are linked below.
Lenovo has provided a detailed step-by-step tutorial on how to uninstall Superfish, and the removal really involves two main steps: Removing the Superfish Inc. Visual Discovery program and then removing the SuperFish certificates. Make sure that you’re performing both of these actions while logged in as a local administrator.
So have any of your Lenovo PCs been affected by Superfish? I’d love to hear your story, so please add a comment to this blog post, or contact me on Twitter or Google+. You can also catch up on my posts in the Petri IT Knowledgebase forums.