Pre-Loaded Asware

Discovered: Adware preinstalled in this brand’s new laptops

rp_hacker-bank-300x1681.jpg

When you buy a new laptop, you trust that the hardware and software are top of the line, and that it won’t have programs on it that it shouldn’t. Unfortunately, that’s not always the case.I’ve talked in the past about the problem of manufacturers putting “bloatware” on new machines that slow them down. Now, one of the biggest and most reputable laptop brands in the world has crossed the line.
It recently shipped laptops with an adware program called “Superfish” that watches what you’re doing online so it could serve you relevant ads. That’s shady enough, but it gets worse.
The way Superfish works means that any hacker can direct you to malicious websites and bypass any warnings you might normally get that the site is fake. This is a serious problem, and you need to know if you’re at risk.
The company under fire is Lenovo. If you bought a Lenovo laptop or Ultrabook between September 2014 and December 2014, there’s a good chance that you have Superfish on your computer.
However, Lenovo forum users say the problem has been identified as far back as mid-2014, so if you have any Lenovo laptop from 2014 you should keep reading.What does Lenovo have to say about all this? You can read its full statement on the matter here, but basically it said that Superfish was installed to help users find products they might like, Lenovo wasn’t making much money from it, and it doesn’t see a security problem with the way the program works.

However, because users are complaining it ended its relationship with Superfish in January 2015 and is making Superfish release a patch that turns it off in affected laptops. Speaking of which, let me show you exactly how Superfish works, then I’ll tell you how to get rid of it.

Superfish gives you visual search results based on your search history. For example, if you were searching for an Intel product, you might see the following:

badfish

Image courtesy of user iknorr on the Lenovo forum.

That “Powered by VisualDiscovery” notice just above and to the right of the images is Superfish. The real problem, though, is how it does that. It signs its own security certificates.
-advertisement-
Using the security certificate, Superfish gives itself permission to hijack your secure connection to sensitive websites. Click here to learn more about certificates and why they’re so important to Internet security.

Security experts call this a “Man in the Middle” attack. It’s bad enough a company is doing this, but as I said earlier, Superfish’s security is so bad any hacker can use the certificate to snoop on your secure browsing. So even if you see “https” in the website address, you’re not safe.

There is some good news, though. You can visit a site that will instantly tell you if you have the Superfish adware. Click here to check your laptop now. Also, the Mozilla Firefox browser is not affected by Superfish because it uses its own security certificate manager.

If your Lenovo laptop tests positive for Superfish, I recommend switching to Mozilla Firefox until it’s gone, and uninstalling Superfish as soon as you can. Revo Uninstaller and GeekUninstaller are both strong program removers. Use them to remove VisualDiscovery, which is an alias of Superfish.

However, you will also need to remove the false security certificate that Superfish created for itself. Even if you use Firefox as your main browser, you need to do this because it still puts your computer in danger.

In Windows 8, press the Search magnifying glass icon on the Start Screen or press Windows Key + S to bring up a search window. In Windows 7, click the Start button and look for the “Search programs and files” just above it.

Then type in “certmgr.msc” (minus the quotes) and wait for it to pop up in the search list. Then right-click on it and choose “Run as administrator.” Type in your administrator password (if the computer asks) and then you’ll see the certificate manager appear.

In the left column, click “Trusted root certificate authorities” and then double click on the “Certificates” folder in the right column. Now, look through the certificates to find “Superfish.” Right-click on Superfish and then choose “Delete.” That will take care of it for good.

Warning: Removing certificates can cause problems browsing the Internet. Only remove Superfish’s certificate and nothing else.

Source: The Next Web

LENOVO STATEMENT ON SUPERFISH
At Lenovo, we make every effort to provide a great user experience for our customers.  We know that millions of people rely on our devices every day, and it is our responsibility to deliver quality, reliability, innovation and security to each and every customer.  In our effort to enhance our user experience, we pre-installed a piece of third-party software, Superfish (based in Palo Alto, CA), on some of our consumer notebooks.  The goal was to improve the shopping experience using their visual discovery techniques.

In reality, we had customer complaints about the software.   We acted swiftly and decisively once these concerns began to be raised.  We apologize for causing any concern to any users for any reason – and we are always trying to learn from experience and improve what we do and how we do it.

We stopped the preloads beginning in January.  We shut down the server connections that enable the software (also in January), and we are providing online resources to help users remove this software.   Finally, we are working directly with Superfish and with other industry partners to ensure we address any possible security issues now and in the future.  Detailed information on these activities and tools for software removal are available here:

http://support.lenovo.com/us/en/product_security/superfish
http://support.lenovo.com/us/en/product_security/superfish_uninstall

https://filippo.io/Badfish/ — Superfish CA + Komodia vulnerability test (updated!)

To be clear: Lenovo never installed this software on any ThinkPad notebooks, nor any desktops, tablets, smartphones or servers; and it is no longer being installed on any Lenovo device.  In addition, we are going to spend the next few weeks digging in on this issue, learning what we can do better.  We will talk with partners, industry experts and our users.  We will get their feedback.  By the end of this month, we will announce a plan to help lead Lenovo and our industry forward with deeper knowledge, more understanding and even greater focus on issues surrounding adware, pre-installs and security.  We are confident in our products, committed to this effort and determined to keep improving the experience for our users around the world.

Superfish may have appeared on these models:
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30

This entry was posted in After Retirement, Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *