TORONTO – Lenovo has released a tool to help customers remove potentially malicious pre-installed software called “Superfish” from laptops after security concerns were raised by experts last week.
The company also acknowledged security concerns surrounding the adware; initially the company said it had not found any evidence to substantiate concerns that Superfish left Lenovo users vulnerable to hackers.
“We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday,” read a statement posted to Lenovo’s website.
“Since that time we have moved as swiftly and decisively as we can based on what we now know.”
According to a statement from Lenovo issued last week, Superfish was pre-installed on some consumer laptops shipped in a “short window” between October and December 2014.
However, according to a security alert issued by the U.S. computer emergency readiness team (US-CERT), the software was reportedly bundled with computers dating back to 2010.
READ MORE: Lenovo under fire for pre-installing ‘malicious’ adware on laptops
- Canadian man dies during Texas Ironman event. His widow wants answers as to why
- Several baby products have been recalled by Health Canada. Here’s the list
- ‘Sciatica was gone’: hospital performs robot-assisted spinal surgery in Canadian first
- Do Canadians have an appetite for electric vehicles? Experts are divided
Superfish is designed to provide users with a “visual search” experience by showing users third-party ads in Google search results. This type of software is often called adware thanks to its ability to automatically display ads.
But many say Superfish leaves Lenovo customers extremely vulnerable. According to security experts, Superfish intercepts encrypted connections leaving them open – theoretically allowing hackers to hijack the connection in a man-in-the-middle style attack.
The removal tool – available on Lenovo’s website – includes detailed manual removal instructions for those who want to uninstall the adware themselves.
Lenovo also confirmed it’s working with security software company McAfee and Microsoft to protect users from potential security vulnerabilities from Superfish.
Microsoft’s Windows Defender and McAfee’s antivirus software have both been updated to remove Superfish’s adware from affected computers.
The update will uninstall Superfish and reset the affected security certificates, in addition to removing any malicious ones that may have been installed by Superfish.
Lenovo customers continue to express outrage over the adware online.
“This is absolutely disgusting behaviour from a computer manufacturer! You guys have NO business messing about putting adware preinstalled on your machines,” wrote one user on a Lenovo forum.
“We apologize for causing these concerns among our users – we are learning from this experience and will use it to improve what we do and how we do it in the future,” read the apology from Lenovo, posted Friday.
“We will continue to take steps to make removal of the software and underlying vulnerable certificates in question easy for customers so they can continue to use our products with the confidence that they expect and deserve.”
Comments