Jump to content
Sign in to follow this  

Microsoft and McAfee move to gut Superfish from Lenovo laptops

Recommended Posts


Lenovo has teamed up with Microsoft and McAfee to remove the Superfish adware from its machines, following concerns about security.

Lenovo announced the partnerships in a public statement, promising that the tools will let users automatically block and remove the insecure, self-signing certificates used by Superfish.

"We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies," the firm said.

"These actions have already started and will automatically fix the vulnerability even for users who are not currently aware of the problem."

The Microsoft removal tool will be integrated into Windows Defender version 1.193.444.0.

The tools are the latest step in Lenovo's bid to allay customer concerns that the firm put personal data at risk.

The problem erupted on the Lenovo forum earlier in February when several customers reported finding Superfish installed on their machines.

Superfish is adware that collects data such as web traffic information using fake, self-signed root certificates and then uses it to push advertisements to the user.

Lenovo claims that the adware is installed on only a limited number of machines and does not affect its business-focused Thinkpad line.

"We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience," read the statement.

"While this issue in no way impacts our ThinkPads, any tablets, desktops or smartphones, or any enterprise server or storage device, we recognise that all Lenovo customers need to be informed."

Lenovo apologised for causing concern, but argued that the company never knowingly compromised its customers' privacy.

"We apologise for causing these concerns among our users. We are learning from this experience and will use it to improve what we do and how we do it in the future," read the statement.

"Superfish technology is purely based on contextual/image and not behavioural. It does not profile or monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted."

Lenovo is one of many firms dealing with privacy and security concerns. Researchers at FireEye reported on 20 February that Apple had ignored a dangerous flaw in the iOS operating system, codenamed Masque Attack II.


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...