Image result for lenovo logoComputer maker Lenovo has put its users at risk by preinstalling Superfish adware on many of its laptops.

This application is a “visual search tool” that also populates the websites you visit with ads. In addition, it opens a door to hackers by faking the encryption certificates for every HTTPS-protected site you visit.

Superfish has been shipping on consumer-class Lenovo PCs since at least mid-2014.

Lenovo stated in a press release that it “removed Superfish from the preloads of new consumer systems in January 2015.” But millions of computers went out the door with potentially unsafe malware embedded.

Why, Lenovo?  Why?

Why would the Chinese computer maker that ships the greatest number of PCs in the world put its customers at risk like this?  Very simply, it’s all about the money. By deploying Superfish Lenovo could guarantee to advertisers that their customers would  see what the advertisers wanted them to see. But the consequence of this strategy meant compromising basic computer security protocals – and leaving consumers wide-open to

Lenovo is not alone.  For example, In September, it was found that Comcast was pushing ads into users’ browsers at Xfinity public Wi-Fi hotspots.  And Verizon created a “smart” cookie that alters web traffic on its mobile network.

What’s the Superfish Fix?

Most up-to-date antivirus, antimalware, and/or antispyware applications can remove Superfish from an infected computer.  We highly recommend using Malwarebytes  or Superantispyware to get the job done.  However, they won’t remove the bad encryption certificates.  For that, you could go to https://lastpass.com/superfish/.  This website immediately diagnoses your computer and nearly instantly lets you know if Superfish is installed.  Detailed instructions on the manual removal of Superfish and uninstalling the Superfish encryption certificates are clearly spelled out.

Or you trust Lenovo with its recently released Superfish removal tool.  Just go to http://support.lenovo.com/us/en/product_security/superfish_uninstall, which not only removes Superfish but also eliminates the bad certificates that could give hackers access to your computer.

No matter what method you use to remove Superfish, we highly recommend you follow the instructions on the lastpass.com/superfish page to rub out the Superfish encryption certificates.  Keeping them in place makes your computer vulnerable to hackers. Even the U.S. Department of Homeland Security has issued an alert urging Lenovo users to remove the Superfish adware from their computers.

Lenovo computer models that may be impacted:

Lenovo G50 laptop

E10-30

Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 14 (BTM), Flex2 15 (BTM), Flex 10

G410, G510, G40-70, G40-30, G40-45, G50-70, G50-30, G50-45

Miix2 – 8, Miix2 – 10, Miix2 – 11

S310, S410, S415; S415 Touch, S20-30, S20-30 Touch, S40-70

U330P, U430P, U330Touch, U430Touch, U540Touch

Y430P, Y40-70, Y50-70

Yoga2-11BTM, Yoga2-11HSW, Yoga2-13, Yoga2Pro-13

Z40-70, Z40-75, Z50-70, Z50-75

Confused?

If you’re not sure what to do, just give Bergen IT a call and we’ll be happy to check out your computer for you.

But one way or another, if you’re a Lenovo user, check the security of your computer right away.

 

Contact Bergen IT:

Solutions@BergenIT.net

201-689-1823

www.bergenit.net

 

Bergen IT is a client-centered, comprehensive tech support and strategy company for businesses, professionals, and homeowners. The company services customers in the NJ and New York City metropolitan area, including northern New Jersey (Bergen, Essex, Hudson, Morris, and Passaic, NJ), Manhattan and the Bronx, Rockland and Westchester, and can remotely assist clients across the USA.

Bergen IT provides computer, mobile device, audio, TV, and home theater services.  Our focus is on providing personal attention, reasonable rates and top-notch expertise. For more information, go to: www.bergenit.net.