Following the backlash against the Superfish the adware program that was pre-installed on a range of Lenovo PC systems created for consumer market, and made the systems vulnerable to malicious attacks from third parties.
Lenovo has today released a new easy to use automatic Superfish removal tool that will help owners of the infected systems remove the adware and restore the system security.
Since the discovery of the Superfish adware program is was also discovered over the weekend that a password was discovered by researchers that could unlock the certificate authority and bypass the computer’s web encryption. Lenovo explains more :
“As we said yesterday, Lenovo is exploring every action we can to help our users address the concerns around Superfish. So today we are taking two additional actions:
1 In addition to the manual removal instructions currently available online, we have released an automated tool to help users remove the software and certificate. That tool is here
2 We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. These actions have already started and will automatically fix the vulnerability even for users who are not currently aware of the problem.
We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday. Now we are focused on fixing it.
Since that time we have moved as swiftly and decisively as we can based on what we now know. While this issue in no way impacts our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device, we recognize that all Lenovo customers need to be informed. We apologize for causing these concerns among our users – we are learning from this experience and will use it to improve what we do and how we do it in the future. We will continue to take steps to make removal of the software and underlying vulnerable certificates in question easy for customers so they can continue to use our products with the confidence that they expect and deserve.
About Superfish: Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. Users are given a choice whether or not to use the product. We recognize that the software did not meet expectations and have acted quickly and decisively to remove it from our products.”
For more information on the new Superfish adware, jump over to the Lenovo website for details via the link below.
Source: Lenovo
Filed Under: Technology News