Lenovo computers preinstalled with Superfish “adware/malware”


Bad news for users of Lenovo’s computers. Many Lenovo computers with Windows have been preinstalled with software from a company called Superfish.

This software injects ads as you browse web pages, including secure web pages.  Secure web pages are the websites that you would use “https” instead of “http” and include websites that offer cloud services (such as email, social networks, banking, and e-commerce) that require users to login.

Here’s what Ars Technica says:

The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there’s something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.

Even worse, the private encryption key accompanying the Superfish-signed Transport Layer Security certificate appears to be the same for every Lenovo machine. Attackers may be able to use the key to certify imposter HTTPS websites that masquerade as Bank of America, Google, or any other secure destination on the Internet. Under such a scenario, PCs that have the Superfish root certificate installed will fail to flag the sites as forgeries—a failure that completely undermines the reason HTTPS protections exist in the first place.

Lenovo’s statement on Superfish mentions which Lenovo models had Superfish installed.

So, Lenovo Windows users, how to test if you’re vulnerable to Superfish?

Two sites that test if you have Superfish installed are https://filippo.io/Badfish/ . Visit those sites with the browsers installed (Internet Explorer, Google Chrome, Opera, Mozilla Firefox).

If you see a “YES”, you have Superfish installed, see https://filippo.io/Badfish/removing.html which has detailed instructions on removing Superfish from your computer. After you’ve done so, visit https://filippo.io/Badfish/ again to check.

Its not clear if the Lenovo laptops issued by the Government of Trinidad and Tobago to first year secondary students since 2011 are vulnerable since most of the models that Lenovo preinstalled the Superfish adware/malware were consumer models and not business ones.

But it never hurts to check to be absolutely sure.