As you may have heard by this point, Lenovo loaded an adware package called Superfish Visual Discovery onto many of its devices. Annoying? Absolutely: Nobody likes an add-on that inserts sponsored links into your search results. But Superfish became downright dangerous when security researchers realized it could easily double as a handy tool for a man-in-the-middle attack, thanks to its ability to always appear as a “Trusted Party” to websites.
The revelations have left Lenovo scrambling to repair the damage. “We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience,” Lenovo wrote in a Feb. 20 statement. “However, we did not know about this potential security vulnerability until yesterday. Now we are focused on fixing it.”
The company also insisted that Superfish was never preloaded onto its ThinkPads, tablets, and enterprise hardware; but that means any other devices released between September 2014 and February 2015, including laptops in the company’s popular Yoga line, are apparently vulnerable.
Those who want to trust Lenovo’s automated tool for deleting Superfish can find it on the company’s website. Otherwise you can take the following steps to manually uninstall it:
1. In Windows, open “Search.”
2. Search for “Remove Programs” and select “Add or Remove Programs”
3. In the subsequent list, find “Superfish Inc. Visual Discovery”
4. Click “Uninstall”
After that, users should make sure the SuperFish Certificate is removed from their PCs, as well. Lenovo offers a step-by-step walkthrough for systems running Internet Explorer, Google Chrome, Opera, Safari, Maxthon, and other browsers that rely on the Windows Certificate store.
For Lenovo users, a handy Web page from LastPass will also verify whether SuperFish impacted your system. Better safe than sorry.
- 10 Reasons Why You Need a Cybersecurity Plan
- How I Made the Leap to IT Security
- IT Security Pros: Are You Worth a Million Dollars a Month?