Lenovo has released a tool on Friday to remove Superfish, an Israeli-based software after being advised by the U.S on the vulnerability of cyber attacks. The software is seen as a major security threat to Lenovo laptops after it deletes the self-signed certificate.
Microsoft and McAfee, Lenovo’s two antivirus partners are working towards removing, or preventing the working of the ‘crapware’. The Department of Homeland Security stated that the deleted SSL certificate can make users vulnerable to SSL spoofing where hackers can read encrypted websites, redirect websites and other attacks. The agency added that systems will be vulnerable as long as the software exists.
“We are working with Microsoft and McAfee to have the Superfish software quarantined or removed,” said Lenovo.
Microsoft on Friday decided to release a definition for its free Windows Defender and Security Essentials program and will release it for Windows PC affected by the software. McAfee internet security which is also pre-installed on Lenovo PC’s are called as a bloatware by many users as it offers a 30-day trial. Lenovo gets paid when a user upgrades to a paid subscription.
Security analysts have urged Lenovo to stop installing bloatware that could result in serious security and privacy thefts. Ken Westin, security analyst at Tripwire stated that bloatware needs to stop. Superfish posed a critical threat as it even injected ads into Google and injects a certificate into Mozilla browser and Microsoft certificate store.
However, Lenovo claimed that it was not aware of the vulnerability until the U.S agency alerted the company. Antivirus programs like McAfee and Microsoft did not mention the method of removing it. The crapware is likely to be isolated by quarantining it, a basic practice for preventing malware. Microsoft is also removing the Superfish certificate from the Windows certificate store.