Got a Lenovo Laptop? You Need to Read This.

toggle-button

Computer maker Lenovo has come in for some major criticism in the last few days, after it was discovered that many of their laptops were bundled with a nasty piece of adware called Superfish.  Superfish injects additional adverts into the "Ads By Google" panel on many of the web pages you visit, which presumably earns Lenovo some additional cash.

What's particularly worrying about this adware, however, is that it also generates fake SSL certificates on your computer to allow it to intercept encrypted web traffic.  This means, for example, that if you're logged into your bank's web site to view highly confidential information, Superfish is decrypting the web page in the background in order to be able to inject adverts into it.  Which is probably against just about every bit of computer crime legislation in the world.

Lenovo eventually apologised and has stopped including Superfish in its products.  It has also issued a free software tool which will check for the presence of Superfish on your computer and disable it.  If you run a Lenovo laptop (the company says it was never installed on desktops), it's important that you download and run the removal tool as it can pose a significant security risk.

You'll find more information from Lenovo, plus a link to the tool, at http://news.lenovo.com/article_display.cfm?article_id=1931 and the tool itself is around 6 MB to download.  The program is malware-free according to VirusTotal and Web of Trust.  If you'd rather remove Superfish manuallly, the page also includes details on how to do so.

 

 

Please rate this article: 

Your rating: None
4.6
Average: 4.6 (15 votes)
toggle-button

Comments

PRIVDOG Not sure where to post this.

Here goes - Malewarebytes Free found over 100 incidents of malware because of Privdog!

Both Chrome and Firefox were not working right. Removed privdog extensions and separate install and all seems fine.

Beware - Privdog does not really help but causes other potentially serious problems.

My Avast anti-virus did NOT identify this threat!

Sincerely, Robert

With reference to the same, it's been found that Privdog extension bundled with Comodo products is worse or as bad as Superfish. PrivDog is Superfish all over again - gHacks Worse than Superfish? Comodo-affiliated PrivDog compromises web security too

Just a concern. It seems too obvious... "how did they think they could get away with it".
Could this be a Trojan hiding something deeper? I'm getting used to corporate dishonesty, but I wouldn't have thought the attempt would be so amateurish.
Sorry for the cynicism, but I hope talented pros are looking at the restored version.

Isn't Superfish detected and removed by antimalwares like Malwarebytes?

Thank you for this. I just purchased a refurbished Lenovo laptop and I will check it for this crapware item ASAP. Again, my sincere thanks.
Regards,
BearPup

LastPass has released a Superfish check tool that shows results inmediately just using your browser. There is a useful step-by-step guide about removing superfish, too.

https://lastpass.com/superfish/

I have a Lenovo laptop but thankfully it's not infected with Superfish. However, what I hate about Lenovo is their lying and deceitfulness. At first they say...

"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns."

Then they turn around and quietly edit it out and issue a "Severity: High" security advisory.

Don't just believe me but see for yourself on the Internet Archive Wayback Machine: http://wayback.archive.org/web/20150219151726/http://forums.lenovo.com/t...

One last bit of news - The Department of Homeland Security has release an alert about it: https://www.us-cert.gov/ncas/alerts/TA15-051A