The IT Blog for SMEs

Anyone who has purchased a Lenovo computer since September 2014 may have got more than they bargained for...

... in the shape of a potentially serious malware program called Superfish.



What is Superfish?

Superfish is a software program that Lenovo has supplied pre-installed on its computers for a number of years now. Its purpose is to display popup adverts on webpages, showing information that is relevant to the content being viewed. So if you were on the Apple Computers' home page, for example, Superfish might popup adverts showing suppliers of iPads. Annoying and intrusive, but not necessarily dangerous.

However, in September 2014, a new version of that program was bundled onto Lenovo computers that included a dodgy security certificate. This allows Superfish to intercept encrypted traffic, such as communications with online banking sites or payments using debit/credit cards. While there is no suggestion that Lenovo or the company that publishes the Superfish software have been involved in any kind of identity theft, the fact remains that hackers could use that security certificate to spoof websites in order to steal passwords and other personal information.


Why does Lenovo bundle such software?

The simple fact is that software publishers are willing to pay computer manufacturers to pre-install their software on their computers. And, because there is little profit in producing or selling hardware, computer manufacturers are happy to oblige. There's generally two categories of software that come pre-bundled with a new computer:

  • trial versions (such as Microsoft Office), which are pre-installed in the hope of enticing the purchaser of the computer to buy the full version, or
  • adware (such as Superfish), which are pre-installed in order to give the software publisher ongoing advertising revenue.

Most computers sold today include such software programs (commonly called "bloatware"). It may be Lenovo and Superfish in the headlines today, but they will likely soon be replaced by another scandal.


How do I remove Superfish?

The best way to remove Superfish is by using the official Superfish Removal Tool; this will not only uninstall the program, but will also remove the dodgy security certificate and any lingering registry entries.

The Superfish Removal Tool may be found here.

Microsoft has also updated its Windows Defender virus scanner to remove Superfish (Defender is bundled with all modern versions of Windows, from Windows 7 onwards). While it is good practice to update your anti-virus and to scan your computer regularly, it is not clear if Windows Defender will remove the security certificate as well as the program. Because of that, we strongly recommend that anyone who suspects they may have an affected laptop use the Superfish Removal Tool.


Prevention is better than cure

How can you make sure this never happens to you? We strongly recommend that anyone purchasing a new computer takes a little time during the setup process to review the pre-installed software and remove anything they are unlikely to use. If it's not obvious what a program does, the internet is a great source of information and advice.

Think of it this way: free software is usually worth what you paid for it!