cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
user9823769234
Fanfold Paper
Posts: 6
Registered: ‎02-20-2015
Location: USA
Views: 10,581
Message 151 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

@carlton_r - I would agree that Lenovo is not the source of it as it was found on another 8.1 computer we have just a few minutes ago. So I think we can dismiss the immediate concerns regarding this cert. Thanks for your help!
carlton_r
Fanfold Paper
Posts: 15
Registered: ‎02-15-2014
Location: UK
Views: 10,564
Message 152 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

Mark_Lenovo,

 

As I think that this may well still be an unresolved issue, and as such I wonder whether you would you be willing to make enquires, initially within Lenovo regards this particular certificate, and failing this ask Microsoft direct, as I suspect that Lenovo’s contact is perhaps slightly better and more direct than us mere mortals.

 

To put your customers minds at rest, and considering the ongoing situation with Superfish it might well be prudent.

carlton_r
Fanfold Paper
Posts: 15
Registered: ‎02-15-2014
Location: UK
Views: 10,550
Message 153 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

user9823769234 - Thank you for your reply and I appreciate your candor, but even if its Microsoft's it still doesn’t quite sit right, particularly considering the current issues, and whilst minds are focused it is an ideal time for all aspects of certificates and their intended purpose to be scrutinised.

user9823769234
Fanfold Paper
Posts: 6
Registered: ‎02-20-2015
Location: USA
Views: 10,541
Message 154 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

I understand your concern. I don't personally have access to a win 8 computer, but I think we've shown that this is not caused by Lenovo.

The big point is we can't push Lenovo on this.

The next big point is that the state of the certificate i nquestion is relevant. Since you have access to it elsewhere, can you please take a screenshot of the certificates "Certification Path" as shown on here (https://technet.microsoft.com/en-us/library/cc962065.aspx). I believe it will reveal that the cert is untrusted (via a red X). Not sure if you had indicated this previously.

 

UPDATE: (thanks mod) At the very least, I think this cert is not dangerous due to its cert store location.  Intermediate CA certs are for CA signing only it appears.  And I suspect that its lack of a parent/root CA breaks its functionality as a CA cert.  I cannot be sure, but I suspect it due to the fact every comptuer has it, and no one in "security" is screaming.  Security folks are pretty astute.

 

 

Moderator comment: Link fixed.

Guru
Posts: 9,598
Registered: ‎12-26-2009
Location: CA
Views: 10,281
Message 155 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

That particular Certificate is a holdover from older days of Windows (i.e. not Lenovo or Superfish related).

https://msdn.microsoft.com/en-us/library/ms733813.aspx
http://blogs.technet.com/b/askds/archive/2012/08/14/rsa-key-blocking-is-here.aspx

W520: 2960XM, Q2000M @ 1091/1380, 32GB RAM, 500GB&750GB HDD & 500GB SSD, FHD&MB168B+
X61T: L7500, 4GB RAM, 500GB HDD, XGA screen, Ultrabase
W550s: 5600U, K620M at 1164/1281, 16GB RAM, 512GB SSD, 3K touchscreen
X200s: SL9400, 6GB RAM, 64GB SD card, WXGA+ screen
TPT1: 1839-23U
Former Administrator
Posts: 8,592
Registered: ‎11-19-2007
Location: US
Views: 8,391
Message 156 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

 

All,

 

Last Friday, Lenovo announced an offer to provide a six month license to McAfee to customers who received systems that were preloaded with SuperFish.

 

To recap some of the resources available....

 

1) Please visit the security advisory to review Lenovo guidance on SuperFish and systems that were affected here.

 

2) Please use the Lenovo provided uninstall tool to remove Superfish and the certificates.  Manual instructions are also provided.

 

3) In addition, to help customers keep their systems protected, Lenovo is providing 6 months subscription to McAfee.  Those who are interested can learn more about this program here.

 

Thanks

 

Mark

tMettam
Paper Tape
Posts: 3
Registered: ‎02-19-2015
Location: UK
Views: 8,381
Message 157 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

 


Last Friday, Lenovo announced an offer to provide a six month license to McAfee to customers who received systems that were preloaded with SuperFish.


 

That's amazing. Replacing malware with software which many consider to be more damaging to your system than any virus.

 

Mod comment: inappropriate link removed.

My comment: Apparently a satirical youtube video featuring John McAffee, the original creator of the McAffee software, is inappropriate. Even the creator of McAffee thinks it's a horrific pile of feces. Google it if you are interested.

slopo
What's DOS?
Posts: 2
Registered: ‎01-28-2015
Location: US
Views: 8,357
Message 158 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch


tMettam wrote: 

That's amazing. Replacing malware with software which many consider to be more damaging to your system than any virus.


 

+1

McAfee and Norton are resource hogs and super annoying with all their system tray pop-ups.

 

This doesn't help. It tells me that Lenovo thinks their customers are idiots who would actually look at this as some sort of consolation or attempt to make amends. This just makes the situation worse, imho, and makes me more angry that I went with Lenovo.

cescvicious
Serial Port
Posts: 38
Registered: ‎12-19-2014
Location: México
Views: 7,802
Message 159 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

im not buyig Lenovo again, i added this brand to my blacklist already. I will go back to DELL when i have the chance.

Top Kudoed Authors