Under intense criticism over the last few days for its adware-like “search tool”, Lenovo has released a tool to help users remove Superfish, according to a statement released by the company.
Superfish adware came pre-installed on Lenovo PCs
Superfish is an adware program that was pre-installed on Lenovo’s consumer PCs, and as pretty much everyone agrees, made users vulnerable to attack. The Superfish issue rapidly went from bad to worse yesterday when researchers found and published a password that would allow anyone to unlock the certificate authority and then bypass the web encryption used by the computer. That means that anyone with the password and the right software, if they were the same Wi-Fi network as a Lenovo user, could spy on that user, or even insert malware into the data between them and the Internet. Not all that simple to do, but it was at least proven possible.
The new tool that Lenovo has published allows users to automatically uninstall Superfish and remove the certificate from web browsers, which previously had to be done manually. In the statement, Lenovo said “We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem”.
Any users with infected computers should uninstall Superfish and remove the certificate in order to completely fix the issue. Researcher Filippo Valsorda has also created this test to show if your computer is infected.
Superfish comes pre-installed on most Lenovo laptops sold between September 2014 and January 2015, but Lenovo says no Thinkpads were shipped with the adware.
Let us know in the comments if you have an affected Lenovo PC. Would this put you off buying from the company in future?