With a name like Superfish, you know it’s good… uh, well, pre-installed malware. Here’s PCWorld’s Brad Chacos:
Lenovo’s been caught going a bit too far in its quest for bloatware money, and the results have put its users at risk. The company has been preloading Superfish, a “visual search” tool that includes adware that fakes the encryption certificates for every HTTPS-protected site you visit, on its PCs since at least the middle of 2014. Essentially, the software conducts a man-in-the-middle attack to fill the websites you visit with ads, and leaves you vulnerable to hackers in its wake.
You may be asking right now, “Say, John, did you just buy your son a Lenovo?” Why, yes, Christine! I did! Thanks for asking! And that explains what I’ve been doing this morning.
As it turns out, I had already uninstalled the program Superfish masquerades as because I went through the Windows uninstall control panel and was like “VisualDiscovery? Never heard of you. BOOM, YOU’RE GONE. HIT THE BRICKS. YOUR SERVICES ARE NO LONGER REQUIRED AT THIS COMPANY.” That, however, does not remove the root certificate the program uses to ply its mal wares, the certificate which is easy prey to man-in-the-middle attacks. Chacos explains how to get rid of that.
If you’re using a Lenovo computer, you can browse to this site to see if Lenovo has pre-screwed your pooch. Enjoy your user experience!