Lenovo Superfish fiasco

Recently it was revealed that Lenovo packed a really bad type of malware on many Laptops. This malware installs a certificate (named Superfish or Visual Discovery) which in turn gives Lenovo (and/or whatever partner Lenovo is working with) access to your “online shopping experience”.

This allows the Superfish adware/malware to inject ads that they feel you would benefit from.Dong so  Lenovo gets a cut of whatever commission they might get from your purchase. This sleazy method of business blew up in their face.
The following Lenovo laptop models are affected;

  • Z-series; Y-series; U-series; G-series; S-series; Flex-series; Yoga; Miix; E-series

Here is the link from Lenovo to remove this adware automatically;
http://support.lenovo.com/us/en/product_security/superfish_uninstall

You can also manually uninstall this ‘bad certificate’ with the following method;
Click Start, (or Winkey-R) then Run mmc.exe
Go to File –> Add/Remove Snap-in
Pick Certificates, click Add
Pick Computer Account, click Next
Pick Local Computer, click Finish
Click OK.
Look under Trusted Root Certification Authorities –> Certificates
Find any certificates issued to Superfish or Visual Discovery and delete them.
Also check under Intermediate Certification Authorities -> Certificate

Here is the letter Lenovo sent out to it’s customers regarding this fiasco;

February 20, 2015 .. As you may have heard, select Lenovo consumer notebooks shipped after September 2014 included Superfish Visual Discovery software as a shopping aid to customers. Superfish is a TrustE certified third-party software vendor, with offices in Palo Alto, CA. User feedback on the software was not positive and we received some reports of security concerns. Please note that Lenovo has NOT loaded this software on any ThinkPad notebooks, nor any desktops, tablets, workstations, servers or smartphones. The only impacted models are the following consumer notebook series: Z-series, Y-Series, U-Series, G-Series, S-Series, Flex-Series, Yoga, Miix and E-Series. If you use any of these Lenovo consumer models in your enterprise, please refer to the Customer Support information below. While this software does not impact the models typically used by businesses, we wanted to let you know that we take user feedback seriously at Lenovo. We know that millions of people rely on our devices every day, and it is our responsibility to deliver quality, reliability, innovation and security to each and every customer. We make every effort to provide a great user experience for our customers. We recognize that the Superfish software has caused concern.

Lenovo has taken steps to address that concern.
Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the software is no longer active. Lenovo has stopped preloading the software and will not preload this software again in the future.
Lenovo has provided instructions for uninstalling this software and will soon provide a software removal patch. For more information on this, or for instructions on Superfish software removal, please visit http://support.lenovo.com/us/e… [lenovo.com]. We appreciate your confidence in Lenovo. Unsubscribe | Privacy Policy Lenovo reserves the right to alter product offerings or specifications at any time without notice. Models pictured are for illustrative purposes only. Lenovo is not responsible for typographic or photographic errors. Information advertised has no contractual effect. You are subscribed as andrew.coleman@dpw.com. To ensure delivery of Lenovo email offers to your inbox, please add lenovo@update.lenovo.com to your address book. Lenovo and the Lenovo logo are trademarks of Lenovo. All other trademarks are the property of their respective owners. Lenovo 1009 Think Place Morrisville, NC 27560 © 2015 Lenovo. All rights reserved.