Security Advisor

Microsoft Kills Lenovo Superfish Adware

Windows Defender will now block and prompt users how to easily remove the adware found preinstalled on some Lenovo systems.

Microsoft has updated its Windows Defender to remove the certificate for the adware software called Superfish, which was discovered to come preloaded on Lenovo devices.

The update to Microsoft's free malware protection software will now block Superfish from running and will prompt users to remove the adware. What makes Superfish so dangerous is that besides altering online searches with unwanted ads, the preinstalled software also monitors SSL traffic, leading to increased security threats.

"The security concern is that the adware responsible for monitoring your SSL traffic could be compromised by hackers, other malware, malicious sites, etc.," commented Brett Fernicola, CISO for security firm Stealthbits Technologies. "Thus making it just that much easier to steal sensitive information from that PC such as passwords, online banking information, etc."

Today's Defender update will now reset any of these SSL certificates that were used by Superfish.  Prior to the release, the removal of the preinstalled software was a tricky endeavor, causing sites like CNET to release a how-to removal guides.

Responding to the allegation that it had knowingly included adware in its devices, Lenovo said it thought Superfish would "enhance the shopping experience," according to a released statement on its Web site. Lenovo said that due to customer complaints, it halted the preload of Superfish on systems in January and cut server connections associated with the software. It also said that the software was not preinstalled in the majority of its hardware.

"To be clear: Lenovo never installed this software on any ThinkPad notebooks, nor any Lenovo desktops or smartphones," said Lenovo. "This software has never been installed on any enterprise product -- servers or storage -- and these products are in no way impacted"

While the number of systems with the Superfish software installed was not given, it was included in 11 types of Lenovo laptops sold over the past two years, including the company's Flex and Yoga tablet/laptop hybrids.

The company also said it is planning to release a tool that will completely remove the software from affected systems sometime today. However, with Microsoft's Defender update, the tool may not be necessary.

To find out if your system is at risk, LastPass has created a Web checker that will tell you if Superfish is present. If it is, update Windows Defender and allow it to walk you through removing the software permanently.

About the Author

Chris Paoli is the site producer for and


  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus