You may have heard in the news recently that Lenovo was caught pre-installing software on their notebook computers that was supposed to be helping users with “discovering products similar to what they are viewing”, according to Lenovo’s web site. What that actually means is that they were installing software from a company called Superfish that would display its preferred products in your searches for items on Google, Amazon and other web sites. In other words, the software is basically Adware, which is trying to sell you products based on their own profits, as opposed to offering you unbiased results for your online shopping adventures.
Now, the software can be easily uninstalled by opening your Control Panel and uninstalling it by using the Programs and Features applet:
However, this DOES NOT remove the security certificate that comes pre-installed on your Lenovo computer, which is the real security risk. It has become known that the Superfish SSL certificate can be easily compromised, leaving a computer vulnerable to other people who may be using the same network that you are connected to, like at a coffee shop or the waiting room of a doctor’s office.
When you connect to a secure web site (starting with HTTPS instead of HTTP), all communication between you and that web site is encrypted, meaning that anybody intercepting your data cannot read it. Because the Superfish encryption is easy to hack (it uses an easy-to-crack password), it becomes much easier for someone to see the data flowing between you and a web site using Superfish’s encryption certificate, and therefore they could gain access to your user name, password and credit card numbers that you type in.
You can follow this link to see if your computer has Superfish installed on it: https://filippo.io/Badfish/
Supposedly, the Superfish software was only preinstalled on notebook computers sold by Lenovo between September 2014 and February 2015 (this month!). Lenovo’s web site sort of apologizes for the problem, but doesn’t really acknowledge what a big mistake it was: http://support.lenovo.com/us/en/product_security/superfish. This security risk may seem small, but it can be a REALLY BIG deal if you are compromised while connecting to your banking web site!
Here are the instruction for completely removing the Superfish software and the compromised SSL certificate: http://support.lenovo.com/us/en/product_security/superfish_uninstall
If you’d like to read more about Lenovo and the Superfish scandal, this article goes into more detail: http://www.slate.com/articles/technology/bitwise/2015/02/lenovo_superfish.
Shame on you, Lenovo! You have risked years of a good reputation just to make a few bucks from a company that creates and distributes malware. What a shame.
If you have a fairly new Lenovo notebook, it would be worth your while to verify whether or not you’re affected by Superfish.
You have been warned. Now, let’s be careful out there!
-Your PJ Networks Team
