How to Cast the Net Around Superfish and Remove It

Laptop and tablet maker Lenovo have found themselves in deep water during the past few weeks with an advertising malware surprise pre-installed on systems dubbed, Superfish.

How Superfish exploded

Users of Lenovo products started complaining on the Lenovo forums at the tail end of 2014 reporting that pre-installed software was being used to pop up adverts on their Lenovo systems. Many of us have experienced annoying adware or malware that pops up adverts mid-browsing session generally related to the type of content you’re browsing.

While infection can happen to the best of us after visiting a compromised website, most of us don’t expect our device maker to pre-install similar malware. This is exactly what Lenovo has been caught doing. Lenovo claim Superfish was shipped with products between October and December 2014 with the purpose of helping users find interesting products while shopping.

With the revelations coming to light and public anger from users of Lenovo products the practise has been stopped as of January 2015. Further steps have been taken to stop products already out on the market from activating Superfish.

Users who are unfortunate enough to have a product with an already activated Superfish malware need not worry as various steps have been released to completely remove Superfish including a tool from Lenovo to do just that job.

How to remove Superfish

If you suspect your Lenovo product is experiencing interference from Superfish either download the official Lenovo removal tool or follow the step by step instructions below to remove it (Thanks EFF!) :-

Uninstall the Superfish software

  1. Open the Windows Start menu or Start screen and search for Uninstall a program. Launch it.
  2. Right-click Superfish Inc VisualDiscovery and select Uninstall. When prompted, enter your administrator password.

Remove the certificate from Windows

  1. Open the Windows Start menu or Start screen and search for certmgr.msc. Right-click it and select Launch as Administrator.
  2. Click Trusted Root Certification Authorities and open Certificates.
  3. Scroll down or use find to get to the Superfish, Inc. certificate.
  4. Right-click it and select Delete. If you don’t see the option to delete it, you may not be running as an administrator.

Remove the certificate from Firefox

  1. Go to Options/Preferences.
  2. Click Advanced, then Certificates.Click View Certificates.
  3. Look for Superfish, if it’s there, click it and then click Delete or Distrust.
  4. Close or quit your Web browser(s) completely. You can also restart your computer.

The purpose of Superfish was supposedly to aid users discover new products by analysing images discovered on the web and finding the cheapest product related. This in itself sounds very suspicious and is generally how malware works to earn money for its creators but there are also further security implications outside of the annoyance of pop up adverts.

University of Surrey security expert Prof Alan Woodward explained that although the pop up adverts are annoying the security risk imposed by Superfish centred on the issue that it intercepted everything and could be abused.

The Superfish fallout

Superfish it has been discovered is able to issue its own security certificates. In a nutshell this allowed Lenovo to collect data over secure web connections which is a very invasive practise and would be considered the premise of a man in the middle attack. This issue manifests itself when a user infected with the Superfish malware visits a secure website such as their bank and Superfish allows itself via self-issued security certificates to read what is being sent back and forth.

Security and privacy have become of great concern to all consumers these days even those who are not overly concerned about the technical aspects of the devices they use. With such invasive advertising being employed by Lenovo it is likely that the Superfish incident will have an impact on future sales of their products and the outrage expressed over social networks suck as Twitter confirms this.

Lenovo forum user, iknorr summed up the feeling of users stating “However, I now know this. I now will not buy any lenovo laptop again.”
While the sales impact from the fallout may not be felt suddenly for Lenovo, a possible class action lawsuit is being considered by US law firm, Wites & Kapetan that may be more financially worrying for Lenovo. The Flordia based law firm is asking users to contact them should they be affected by the issue and list the possible models of Lenovo products that Superfish may have appeared on.

Image courtesy of digitalart at