Windows Defender removes Superfish Malware from Lenovo PCs but not completely

The world renowned Lenovo Computer manufacturing company has been shipping laptops prepackaged with malware that makes you more vulnerable to hackers — all for the sake of serving you advertisements.  

To get rid of this malware Microsoft has released a signature update for Windows Defender to detect and remove Superfish malware installed on some Lenovo PCs. The malware, classified as a spyware by the US Department of Homeland Security, was installed by the company as a shopping aid.

Defender uninstalls and removes the Superfish certificate effectively; however, it does not clean any contaminated installs of Firefox or Thunderbird. That has to be done manually. Additionally, it will be inactive if the system has a third-party malware—a behavior that Microsoft engages in to keep the OEMs happy.

windows-defender-removes-superfish-but-not-completely

Superfish is a preinstalled adware of Lenovo that installs its own root certificate to bypass secure connections (https sites), meaning that it could easily break the device’s encryption certificates. Thus, when a user visits an HTTPS site, the authentication certificate is issued by Superfish and not the official website.

Also, the private encryption key for the generated certificate is the same for all machines, which is a serious vulnerability.

While this was done primarily to enrich the shopping experiences of a customer, the adware leaves a security loophole while trespassing the secure servers which could be easily abused by a malicious hacker to steal sensitive information. The attackers could use the certificates to create fake https websites and plan man-in-the-middle attacks.

Lenovo released a statement last week identifying the models which might have the adware installed and also confirmed that the preloads were stopped since January beginnings.

The company apologized for the adware and said, “The goal was to improve the shopping experience using their visual discovery techniques… We apologize for causing any concern to any users for any reason – and we are always trying to learn from experience and improve what we do and how we do it.”

It further stated, “By the end of this month, we will announce a plan to help lead Lenovo and our industry forward with deeper knowledge, more understanding and even greater focus on issues surrounding adware, pre-installs and security.  We are confident in our products, committed to this effort and determined to keep improving the experience for our users around the world.


Pushpa Mishra

Pushpa is a Dubai based scientific academic editor who worked for Reuters' Zawya business magazine and at the same time a passionate writer for HackRead. From the very first day she has been a blessing for team Hackread. Thanks to her dedication and enthusiasm.