Subscribe

Superfish: What is this snooping adware and how to get rid of it

In an effort to increase ad revenue, Lenovo preloaded its computers with Superfish, an adware that creates its own security certificates without user's knowledge.

  • close
    An Acer Aspire laptop, left, and a Lenovo IdeaPad U310 Touch are displayed at a demo table at a Microsoft event in San Francisco, Calif. in June 2013.
    Jeff Chiu/AP/File
    View Caption
  • About video ads
    View Caption
of

Some computers come preloaded with perks such as photo or word-processing programs. However, if you're a Lenovo customer, there may be a preloaded program on your computer that isn't an added bonus: ad software that can spy on your private transactions.

Lenovo preloaded an adware program, nicknamed Superfish, onto computers that had the ability to view messages on secure platforms by creating its own security certificates, and insert third-party ads without the owner’s permission.

When the issue came to light on user forums last fall, there was significant outrage and Lenovo has since stopped preloading this software. But two questions remain – what data could the company see, and what should you do if you have a Lenovo PC with Superfish?

Recommended: 40 iPhone tips and tricks everyone should know

The adware was originally designed to advertise cheaper prices on products that users want to purchase by scanning and searching websites the user browses. However, the method in which it does this has come under intense scrutiny.

Lenovo allowed Superfish to create its own SSL certificates when a secure website requested one. Ordinarily, an SSL certificate assures the website (any site from Amazon to online banking) that the connection is secure. However, since Superfish was creating the certificate itself, it was essentially gleaning data through a technique known in the malware world as “man in the middle.” Superfish could see any information passed between the user and the secure site, without the user’s permission. Essentially, Superfish was able to read data and create ads on sites that were supposed to be secure and private.

On Thursday, a security expert posted an example of this on Twitter: a screen shot of Superfish issuing a security certificate to Bank of America. Several security researchers also pointed out that this makes Lenovo vulnerable to hackers who could co-opt the security certificates.

Lenovo has stopped preloading computers with Superfish, and maintains the software did not present any security concerns.

That being said, the adware was loaded onto select Lenovo computers over the past two years. Do you have a Lenovo computer that fits the criteria? Check if you have Superfish here.

If you are affected, you may have to do some serious scrubbing of your browsers and operating system. Security expert Troy Hunt tells Forbes that installing a “clean version” of Windows may be the only way to ensure that Superfish isn’t still following your online tracks. Researchers have found that uninstalling the software doesn’t clean up the security certificate problem.

Though Lenovo is sticking to its story that Superfish wasn’t harmful, it doesn’t bode well for the image of the Chinese tech brand. It also brings up a question that more computers and software companies grapple with: is the advertising revenue worth potentially compromising customer security? 

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK