Security Advisor

Microsoft Kills Lenovo Superfish Adware

Windows Defender will now block and prompt users how to easily remove the adware found preinstalled on some Lenovo systems.

Microsoft has updated its Windows Defender to remove the certificate for the adware software called Superfish, which was discovered to come preloaded on Lenovo devices.

The update to Microsoft's free malware protection software will now block Superfish from running and will prompt users to remove the adware. What makes Superfish so dangerous is that besides altering online searches with unwanted ads, the preinstalled software also monitors SSL traffic, leading to increased security threats.

"The security concern is that the adware responsible for monitoring your SSL traffic could be compromised by hackers, other malware, malicious sites, etc.," commented Brett Fernicola, CISO for security firm Stealthbits Technologies. "Thus making it just that much easier to steal sensitive information from that PC such as passwords, online banking information, etc."

Today's Defender update will now reset any of these SSL certificates that were used by Superfish.  Prior to the release, the removal of the preinstalled software was a tricky endeavor, causing sites like CNET to release a how-to removal guides.

Responding to the allegation that it had knowingly included adware in its devices, Lenovo said it thought Superfish would "enhance the shopping experience," according to a released statement on its Web site. Lenovo said that due to customer complaints, it halted the preload of Superfish on systems in January and cut server connections associated with the software. It also said that the software was not preinstalled in the majority of its hardware.

"To be clear: Lenovo never installed this software on any ThinkPad notebooks, nor any Lenovo desktops or smartphones," said Lenovo. "This software has never been installed on any enterprise product -- servers or storage -- and these products are in no way impacted"

While the number of systems with the Superfish software installed was not given, it was included in 11 types of Lenovo laptops sold over the past two years, including the company's Flex and Yoga tablet/laptop hybrids.

The company also said it is planning to release a tool that will completely remove the software from affected systems sometime today. However, with Microsoft's Defender update, the tool may not be necessary.

To find out if your system is at risk, LastPass has created a Web checker that will tell you if Superfish is present. If it is, update Windows Defender and allow it to walk you through removing the software permanently.

About the Author

Chris Paoli is the site producer for and


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.