With the news that Lenovo had been pre-installing an adware program named Superfish, thoughts were given into it. Once the news came out, many heads started working into Superfish to find out the probable issues with it. The results show that Superfish was doing more bad for the users compared to the good, which it was meant to do. The adware has been using pretty interesting hacking methods to fool around with the encryption certificates of Windows. The program is not just guilty of eluding the security certificates with its hacks, but also leaves the system completely vulnerable whenever it connects to any public network.
The United States Department of Homeland Security has already urged the users of Lenovo Laptops with Superfish to remove the tool for their own security. According to the statement from Lenovo, Superfish program has been switched off since the month of January.
It is undoubted that turning off the program was a good step on Lenovo’s part, but it still has left behind quite a few security holes into innumerable systems all across. The main function of the Superfish was to track searching history and then modify the advertisements coupled with the search for better reach.
With the things about Superfish changing rapidly, it is interesting to see for the vulnerabilities will be taken care of. Lenovo has already released a set of automated tools, which promise the complete removal of Superfish components. The tools will also modify the changes made to the security certificates for all the major web browsers.
Some skeptic individuals on the other hand, are even worried about the security of the recently released tools. In case, the flaws remain, many systems will be in danger of leaking out private stuffs and documents. Lenovo probably needs to come up with a more solid rectification.
Update: Lenovo has released an automatic Superfish removal tool.
As we said yesterday, Lenovo is exploring every action we can help our users address the concerns around Superfish. So today we are taking two additional actions:
In addition to the manual removal instructions currently available online, we have released an automated tool to help users remove the software and certificate. That tool is here: http://support.lenovo.com/us/en/product_security/superfish_uninstall
We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. These actions have already started and will automatically fix the vulnerability even for users who are not currently aware of the problem.