Security Advisor
Microsoft Kills Lenovo Superfish Adware
Windows Defender will now block and prompt users how to easily remove the adware found preinstalled on some Lenovo systems.
Microsoft has updated its Windows Defender to remove the certificate for the adware software called Superfish, which was discovered to come preloaded on Lenovo devices.
The update to Microsoft's free malware protection software will now block Superfish from running and will prompt users to remove the adware. What makes Superfish so dangerous is that besides altering online searches with unwanted ads, the preinstalled software also monitors SSL traffic, leading to increased security threats.
"The security concern is that the adware responsible for monitoring your SSL traffic could be compromised by hackers, other malware, malicious sites, etc.," commented Brett Fernicola, CISO for security firm Stealthbits Technologies. "Thus making it just that much easier to steal sensitive information from that PC such as passwords, online banking information, etc."
Today's Defender update will now reset any of these SSL certificates that were used by Superfish. Prior to the release, the removal of the preinstalled software was a tricky endeavor, causing sites like CNET to release a how-to removal guides.
Responding to the allegation that it had knowingly included adware in its devices, Lenovo said it thought Superfish would "enhance the shopping experience," according to a released statement on its Web site. Lenovo said that due to customer complaints, it halted the preload of Superfish on systems in January and cut server connections associated with the software. It also said that the software was not preinstalled in the majority of its hardware.
"To be clear: Lenovo never installed this software on any ThinkPad notebooks, nor any Lenovo desktops or smartphones," said Lenovo. "This software has never been installed on any enterprise product -- servers or storage -- and these products are in no way impacted"
While the number of systems with the Superfish software installed was not given, it was included in 11 types of Lenovo laptops sold over the past two years, including the company's Flex and Yoga tablet/laptop hybrids.
The company also said it is planning to release a tool that will completely remove the software from affected systems sometime today. However, with Microsoft's Defender update, the tool may not be necessary.
To find out if your system is at risk, LastPass has created a Web checker that will tell you if Superfish is present. If it is, update Windows Defender and allow it to walk you through removing the software permanently.