Lenova users have complained the computers come with adware, “Superfish,” already installed on laptops sold between September 2014 and January 2015. The adware allows third-party ads to be injected into Google searches and on websites without permission from the user. The adware also has the ability to install signed certificate authority which would allow it to monitor secure connections. The technology routes all encryption through a single password-protected certificate. If someone were to crack the password, the encryption would be useless leaving users vulnerable to hacks. And that is exactly what happened. Thursday, the password was discovered and published by a hacker.
Those who believe their network is at risk should avoid public Wi-Fi networks and connect through a protected VPN when possible.
Since news of the adware has gone viral, Lenovo released a statement highlighting three main points:
- Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the product is no longer active. This disables Superfish for all products in market.
- Lenovo stopped preloading the software in January.
- We will not preload this software in the future.
However the company claims they do not see any substantial security risks associated with the adware.
To uninstall the program:
- Control panel
- Uninstall a program
- Select visual discovery
However, the bad certificates will remain even after uninstalling the program. To remove the bad certificate from your system:
- File, Add/Remove Snap-in
- Certificates, Add
- Computer Account, Next
- Trusted Root Certification Authorities, Certificates
- Delete the one issued to Superfish
Read more here- “How to Remove Superfish Adware From Your Laptop,” (Steven Vaughan-Nichols, ZDNet)