What is Lenovo Superfish?What Superfish is and isn't is a bit deceptive. The software itself is a legitimate tool created and developed by a legitimate tech company, also named Superfish. It is a Visual Search tool that is used as adware to allow companies such as Lenovo to insert their own custom advertising whenever a user of that PC does a Google search or visits other websites, which generates additional ad revenue for companies using the software.
Unlike most malware, and some adware, it isn't specifically intended to be malicious in nature. Though some would argue that hijacking your searches is a pretty malicious act. So why is it a big deal? Well that would be in how the software acts. Superfish also compromises all SSL connections on the impacted PC. In essence, Superfish uses a “man in the middle” approach, where Superfish is able to monitor and alter data going to and from websites without the knowledge of either the user using the system or the sites being visited. Something that I'm sure no one wants!
I own a Lenovo laptop am I infected by Superfish?Here is a full list of the Lenovo consumer laptops that the company has confirmed it had pre-installed Superfish on, keep in mind they claim to have stopped installations as of January.
- G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
- U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
- Y Series: Y430P, Y40-70, Y50-70
- Z Series: Z40-75, Z50-75, Z40-70, Z50-70
- S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
- Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
- MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
- YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW E Series: E10-30
How do I remove Superfish?Lenovo has announced plans to release an automated tool that will remove the Superfish adware from affected PCs, however that tool has yet to be released. In the mean time the company has offered its own removal instructions,though many have stated that these don't cover everything. Ars Technica has posted a very thorough Superfish Removal Guide that should cover all the bases. Below are some of the basics!
If you’re affected by Superfish, you must first uninstall the program:
- Click the Windows Start button
- Search uninstall program
- Launch uninstall program
- Right-click on Superfish Inc VisualDiscovery and select Uninstall
- If prompted for administrator password, enter or provide confirmation
- Click the Windows Start button
- Type certmgr.msc into the Search box
- Click the certmgr.msc Program to launch it
- If prompted for administrator password, enter the password or provide confirmation
- Click on Trusted Root Certification Authorities
- Open Certificates
- Look for certificates mentioning Superfish Inc.
- Right-click on any Superfish Inc certificates and delete
- Restart your browser and return to this page to see you are safe
Following the removal steps above should get you up and running on a clean PC but that likely doesn't mean all of your questions have been answered. Lenovo and Adi Pinhas, the chief executive of Superfish, have been adamant in regards to any security risks that Superfish may or may not have posed. In a statement released earlier today Pinhas wrote, "Superfish is completely transparent in what our software does and at no time were consumers vulnerable—we stand by this today. Lenovo will be releasing a statement later today with all of the specifics that clarify that there has been no wrong doing on our end.”
So at the end of the day it all comes down to whether or not we trust Lenovo and Superfish's intentions. They have admitted the mistake and we could give them the benefit of the doubt but that doesn't mean we've seen the end of these types of situations. Companies are always looking to gain an edge in the market and monetize your user experience as much as possible!