Earlier this week, various news outlets reported that some Lenovo laptops had been shipped with factory-installed adware — called Superfish — that was surreptiously inserting custom, third-party advertisements into Google search results by those users. Our own Paul Thurrott reported that Lenovo claimed that Superfish was simply a “visual search enhancement,” but security experts debunked Lenovo’s claim by explaining that Superfish does far worse that simply inject advertising into search results.
Superfish and the Man in the Middle
Security expert Marc Rogers (@marcwrogers) — a Principal Security Researcher at CloudFlare — wrote a blog post detailing what Superfish does, and mentioned that Superfish also compromises all SSL connections on the impacted PC. In essence, Superfish uses a “man in the middle” approach, where Superfish is able to monitor and alter data going to and from websites without the knowledge of either the user using the system or the sites being visited.
What is Lenovo Superfish?
Technically referred to as Superfish – Powered by Visual Search is adware that is developed by Superfish, a tech company with offices in Israel and Palo Alto, CA. In essence, Superfish allows Lenovo to insert their own custom advertising whenever a user of that PC does a Google search or visits other websites, which generates additional ad revenue for Lenovo.
What has Lenovo said about SuperFish?
According to a recent public statement by Lenovo, the company said that they “…thought the [Superfish adware] product would enhance the shopping experience, as intended by Superfish. It did not meet our expectations or those of our customers.” Lenovo also said that is stopped preloading the Superfish software on Lenovo products in January 2015, shut down the server-side connections that make the software function, and provided resources for customers who want to remove the Superfish software.
Lenovo said that Superfish may have been pre-installed on the following consumer computer models:
- G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
- U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
- Y Series: Y430P, Y40-70, Y50-70
- Z Series: Z40-75, Z50-75, Z40-70, Z50-70
- S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
- Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
- MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
- YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
- E Series: E10-30
In the same statement, Lenovo also stressed that Superfish was never installed on any enterprise products:
“Lenovo never installed this software on any ThinkPad notebooks, nor any Lenovo desktops or smartphones. This software has never been installed on any enterprise product — servers or storage — and these products are in no way impacted.”
How to find Superfish
As of this writing, there are three easy ways to find out if your Lenovo PC has the Superfish software: Use the web-based Superfish detectors by LastPass and CloudFlare Security Engineer Filippo Valsorda, and/or use Microsoft’s free Windows Defender product, which has just been updated (version 1.193.444.0) to detect and remove SuperFish. All three are linked below.
How to remove Superfish
Lenovo has provided a detailed step-by-step tutorial on how to uninstall Superfish, and the removal really involves two main steps: Removing the Superfish Inc. Visual Discovery program and then removing the SuperFish certificates. Make sure that you’re performing both of these actions while logged in as a local administrator.
Removing the Superfish Inc. Visual Discovery program
- Using Add or Remove Programs, select uninstall or change a program
- In the Uninstall or Change a Program window, search for the Superfish Inc. Visual Discovery program in the list, highlight it, and then click Uninstall.
Removing the SuperFish certificates
- In Windows 8+, search for ‘certificate’ then select ‘Manage computer certificates.’
- In the Certificate manager window, look for any entries by “Superfish, Inc.”
- Right-click on the Superfish entry and then select ‘delete’ in the menu that appears.
- Windows may present a warning dialog about certificate deletion. Ignore this and click ‘Yes.’
- Restart your Lenovo PC.
So have any of your Lenovo PCs been affected by Superfish? I’d love to hear your story, so please add a comment to this blog post, or contact me on Twitter or Google+. You can also catch up on my posts in the Petri IT Knowledgebase forums.