Keeping clients' computers safe and profitable for over 30 years
Home Forms About Current Newsletter subscribe
Search All Articles
Browse by Category
Lenovo installs dangerous Malware on new Laptops
Shocking news hit February 19th regarding Lenovo installing serious malware on their new laptops from September 2014 into February 2015. At first they denied, then said it wasn't a problem, then apologized and even put up instructions for removing it. Was this just stupid, or a Chinese government mandate, or both?
The Malware and new security issue
Lenovo has installed the SuperFish browser add-on software to watch you and present advertising when you browse the Internet for many years. This was just bad, not a critical security problem until Superfish changed their methodology.
What is different since September is that they decided they needed to look inside of secure Internet connections as well as regular ones. This means they wanted to break into your secure connections, like to your bank, or Amazon account, and track that as well. To do this they had to install a phony Certificate Authority that browsers would trust. Then the malware could act as a man in the middle to spy on your communications. The private certificate is now loose on the Internet for anyone to use.
How to check if you are infected
You can check here to see if you are infected:https://filippo.io/Badfish/
How to remove it
Removal requires 2 steps:- Uninstall the Superfish Malware
- Delete their phony certificate authority from all your browsers and even email clients.
These instructions from the Electronic Frontier Foundation are excellent for removing the infection completely.
Related articles
- This may be much more prevalent than just Lenovo. 14 other software companies seem to be using this. From ArsTechnica
- And 2 more big companies from Arstechnica:
- Department of Homeland security recommends removing Superfish.
- EFF: Lenovo is breaking HTTPS Security:
- Microsoft updates Windows Defender to remove Superfish (The Verge)
Date: February 2015
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.