First came Sony with their DRM fiasco. Then came Microsoft with their XBox debacle. Samsung entered the ring with their spying “smart tv’s” and the ink on that news hardly dries before Lenovo joins the band doing their best to ensure their products are held suspect as well!
Thursday, February 19, 2015, Lenovo admitted to installing an adware program known as SuperFish on laptops built and delivered to consumers since roughly April 2014. PC World wrote an extensive piece on it here: http://www.pcworld.com/article/2886278/how-to-remove-the-dangerous-superfish-adware-presintalled-on-lenovo-pcs.html
Today, just hardly 24 hours later, it has been discovered that not only is this software on Lenovo’s units, but the certificates, keys and related code used to manage them are also installed via a number of other programs, most of which are based off code provided by a third-party company known as Komodia.
If you use Windows Defender as your primary antivirus program, Microsoft today released an update removing Superfish and its troublesome certificate. If you don’t use Windows Defender, two sites have now been set up that will tell you quickly, whether you are infected or not:
https://filippo.io/Badfish/
This site checks your browser, so you need to check this site with ALL browsers currently installed on your computer. For myself, this meant testing it with Firefox, Internet Explorer, Chrome, Safari, and Opera 12 and Opera 20. While I had no evidence of superfish on my system according to this test, according to my programs list in control panel, and according to my trusted certificates list in the certificate manager, Opera 12 was classified as being vulnerable. Because this is an outdated and now unsupported browser, I simply uninstalled it from my computer.
https://lastpass.com/superfish/
This site will check your browser, and again, you are wise to check it against ALL browsers installed on your computer. This particular test belongs to LastPass, which is a password protection program, so naturally, by the time you get to the bottom of the page, they are urging you to download their product and begin using it. If you don’t want the upsell, use the first link mentioned above.
Regardless of which site you use to test your system, if you are told your browser is vulnerable, its time to follow their directions for removal of the threat. Fortunately, this is relatively easy to do if you are well-versed in following computer-based instructions. Both sites offer the same set of instructions, lastpass directly on the test page, and badfish as a link to a separate page with illustrated steps to help you along the way.
Due to past experiences dealing with such instances as botched DRM code hiding trojan malware on computers several years ago when Sony got themselves in hot water, FCS urges every fan and every past and current client, to run one of these two tests on every browser installed on their laptop and/or computer. If superfish is found, and the directions for removal seem daunting, by all means give FCS a call, send an email, or send a request for remote service via https://www.fa-ct.com/
This is a very real threat now that it is known that the certificate key and its passcode are the same across ALL installations over the past year. (http://www.pcworld.com/article/2887253/superfish-vulnerability-traced-to-other-apps-too.html) This means that failure to remove this threat could open up your computer to cyber-criminals wanting access to your data and by extension, your ID. As a result, the sooner you can verify you are in the clear, the better! FCS would rather assist you in removing this particular threat, than have to not only remove this threat in the future, but a number of unwanted malware buddies as well. Malware removal is $45/hr CAD plus GST if you live in Canada. Don’t wait for strange behaviour to hit your laptop and/or computer. Stay safe!
