Friday, February 20, 2015

Lenovo's Superfish Super Mistake


So, many of you have probably stumbled upon (perhaps not by choice) the news about Lenovo laptops being shipped with "adware" preinstalled. Let’s put aside for the moment that even Microsoft’s crappy Windows Defender has already been updated to root out the Superfish bug (http://www.theverge.com/2015/2/20/8077033/superfish-fix-microsoft-windows-defender).
Granted that this is a huge mistake on Lenovo’s part, and definitely a security vulnerability, but most of these articles I'm seeing being spammed around the internet pretty much just keep verbosely stating “LENOVO BAD” over and over. Further, it puts Superfish in the spotlight as something that can easily be taken advantage of by hackers when any number of apps have the same shortcoming.
This would probably be a good time to mention that my PC Setup includes the removal of bloatware and full Windows updates. If you have any questions or concerns, you should always contact your technician to make sure you are up to date on all fronts.

Let’s cut out the drama and get to the important part, and probably what everyone wants to know.
How to discover if your PC came with Superfish preloaded:

The adware intrinsic to Superfish is designed to inject visual price-comparison ads into the web pages you visit, in a “Visual Search results” section “powered by VisualDiscovery.” If you see that, you’re affected (though maybe “infected” is the better word to use).
Another easier way to find out is to simply go here:  https://filippo.io/Badfish/

How to get rid of it:
  • Option B.    First, press the Windows key and R on your keyboard to bring up the Run tool, then search for certmgr.msc to open your PC’s certificate manager. Once that opens, click on Trusted root certificate authorities in the left-hand navigation pane, then double-click Certificates in the main pane. A list of all trusted root certificates will appear. Find the Superfish entry, then right-click on it and select Delete.
There, now that wasn’t so bad now was it?

Now let’s clear things up about Lenovo and their horrible, horrible mistake:
 

Forbes ranked Superfish #64 of “America's Most Promising Companies”. Some clown bigwig up at Lenovo probably looked at this information briefly and said “THIS IS A GREAT IDEA TO HELP US LINE OUR GREEDY POCKETS!”
Lenovo’s response to all this can be found here: https://forums.lenovo.com/t5/Lenovo-P-Y-and-Z-series/Lenovo-Pre-instaling-adware-spam-Superfish-powerd-by/m-p/1863174#M79882
Lenovo has taken Superfish offline for now as it plans to issue some “fixes”. Lenovo removed Superfish from the preloads of new consumer systems in January of 2015.  At the same time, Superfish disabled existing Lenovo machines in market from activating the Superfish program. It was between September and December of last year that Lenovo shipped a total of ~16 million PCs, not all of which were consumer laptops.