Lenovo is in a fix as its SuperFish was caught in the net. Superfish installs itself as a certificate in the trusted certificates section so that more of advertisements can be shown while running searches etc. Though Lenovo maintains that it included the adware to improve the shopping experience of Lenovo users, it also acknowledged that it was a bad move. Superfish leaves the computer vulnerable to hackers as they can steal sensitive data from connections made using the weak certificate that does not provide enough encryption.
You must have already heard of Lenovo superfish controversy. In damage control mode, Lenovo had issued a statement that it installed superfish to improve the shopping experience of its users. However, an adware is an adware and Lenovo stands guilty of exposing its users to different vulnerabilities whereby third parties can gain access to the users’ data.
As soon as it was caught, Lenovo started working on a fix and came out with an automatic SuperFish Removal Tool, that would remove Superfish malware and the certificate from the computers affected. The computer manufacturer even made public, the source code of the “SuperFish fix” so that it is open for scrutiny. The support page also lists some manual methods to remove the certificate.
Meanwhile, Microsoft also took charge and came up with an update to its Windows Defender. The latest version of Windows Defender kills SuperFish certificate. It roots out the Superfish adware and removes the certificate to restore the security of Windows operating system.
Lenovo is now working closely with both Microsoft and McAfee to provide automated tools for removal of the adware so that users are not exposed to any kind of vulnerability. McAfee too has updated its software to include a module that removes SuperFish adware.
These type of tricks are used by most PC makers. Some PC makers go to an extent of preloading malware into the computers-for-sale so that they can better control the users’ experience. This was one of the reasons why Microsoft set up a cybercrime center in Singapore though it already had one center in China and one in Japan. That makes it three cybercrime centers in Asia alone. The remaining two are in the US.
While it will take some time for Lenovo to clear its name that has been blotted for now, the major gainer seems to be Microsoft that is now promoting its Signature Edition computers that, it claims, are free of malware of any form.