Security Advisor

Microsoft Kills Lenovo Superfish Adware

Windows Defender will now block and prompt users how to easily remove the adware found preinstalled on some Lenovo systems.

Microsoft has updated its Windows Defender to remove the certificate for the adware software called Superfish, which was discovered to come preloaded on Lenovo devices.

The update to Microsoft's free malware protection software will now block Superfish from running and will prompt users to remove the adware. What makes Superfish so dangerous is that besides altering online searches with unwanted ads, the preinstalled software also monitors SSL traffic, leading to increased security threats.

"The security concern is that the adware responsible for monitoring your SSL traffic could be compromised by hackers, other malware, malicious sites, etc.," commented Brett Fernicola, CISO for security firm Stealthbits Technologies. "Thus making it just that much easier to steal sensitive information from that PC such as passwords, online banking information, etc."

Today's Defender update will now reset any of these SSL certificates that were used by Superfish.  Prior to the release, the removal of the preinstalled software was a tricky endeavor, causing sites like CNET to release a how-to removal guides.

Responding to the allegation that it had knowingly included adware in its devices, Lenovo said it thought Superfish would "enhance the shopping experience," according to a released statement on its Web site. Lenovo said that due to customer complaints, it halted the preload of Superfish on systems in January and cut server connections associated with the software. It also said that the software was not preinstalled in the majority of its hardware.

"To be clear: Lenovo never installed this software on any ThinkPad notebooks, nor any Lenovo desktops or smartphones," said Lenovo. "This software has never been installed on any enterprise product -- servers or storage -- and these products are in no way impacted"

While the number of systems with the Superfish software installed was not given, it was included in 11 types of Lenovo laptops sold over the past two years, including the company's Flex and Yoga tablet/laptop hybrids.

The company also said it is planning to release a tool that will completely remove the software from affected systems sometime today. However, with Microsoft's Defender update, the tool may not be necessary.

To find out if your system is at risk, LastPass has created a Web checker that will tell you if Superfish is present. If it is, update Windows Defender and allow it to walk you through removing the software permanently.

About the Author

Chris Paoli is the site producer for and


  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.