One of the world’s largest computer manufacturers has come under heavy criticism from users and security experts for shipping computers with pre-installed Adware program. It has been claimed that the Superfish Adware program in Lenovo computers has potentially left users vulnerable to attack by hackers and their privacy at risk.
What is Superfish
According to Lenovo, the Superfish software program was pre-installed on its computers to help users find products by visually analysing images on the web and find the cheapest products online.
However, this did not go well with the users who initially started complaining about intrusive pop-up ads appearing on their browsers. Later, the computer experts started warning Lenovo users that the Superfish Adware program on their computers could potentially compromise their security and privacy.
It was found that the Adware program was substituting encryption certificates issued by other websites with its own security key, in order to display ads on encrypted pages. Such by-passing of security protocols could potentially allow anyone with criminal intent to intercept encrypted information such as users banking details and passwords.
Security experts have expressed concerns about how badly the Superfish Adware program is coded and how it could be easily hijacked and used to generate security certificates for criminal websites, making them appear legitimate to unsuspecting users.
How to Test Your Computer for Superfish
Your Lenovo computer could be at risk, especially if you bought one between September 2014 and January 2015.
You can check your computer for Superfish Malware at this website set up by Italian security consultant Filippo Valsorda. The website will display the following message if your computer is free of the Superfish Adware program.
How to Remove Superfish
Follow these steps in order to remove Superfish from your Windows browser.
- Go to Control Panel
- Click on Programs
- Click on Uninstall a Program and look for VisualDiscovery.
- Uninstall VisualDiscovery!
Removing VisualDiscovery program does not completely solve the problem. You still have the rogue root certificate that your Superfish infected computer has self-generated and installed in the Windows certificate store. This is basically a restricted area that Windows software reserves for trusted certificates from major companies like Microsoft and VeriSign.
You can use the following steps to remove the rogue root certificate from your Lenovo computer.
- Press Windows key + R on your keyboard (this will bring up the Run tool)
- Search for certmgr.msc to open your PC’s certificate manager
- Next click on “Trusted root certificate authorities” to bring up a list of all trusted root certificates on your computer.
- Look for Superfish entry, right-click and select “Delete.”
According to Lenov0, it has stopped adding the Superfish Adware program on its new computers and the company has issued an apology to its users.
We apologise for causing these concerns among our users – we are learning from this experience and will use it to improve what we do and how we do it in the future.
Lenovo has just released a tool to remove the Superfish malware from its affected computers. This site offers tools and instructions to remove the Superfish malware from Internet Explorer, Chrome, Opera, Safari and Mozilla Firefox browsers.