Showing results for 
Search instead for 
Do you mean 
Reply
Ctrl-Alt-Del
Posts: 17
Registered: ‎02-11-2015
Location: france
Message 51 of 159 (6,821 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

Thanks for your advice on certificats !!

 

Easy to remove on firefox, but on chrome I don't have the right to do it Smiley Sad

 

I'm going to get crazy Smiley Sad

 

unbelievable that they did'nt react at this subjet!!

 

In all country... I'm in France, and no one answer here ^^'

 

thanks to everyone who help !! Smiley Wink

Paper Tape
Posts: 8
Registered: ‎02-19-2015
Location: US
Message 52 of 159 (6,353 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

[ Edited ]

FlepiChrome uses the same certs as Internet Explorer, so removing the Superfish cert from the IE Internet Options box should stop Chrome from using it.

What's DOS?
Posts: 1
Registered: ‎02-19-2015
Location: Europe
Message 53 of 159 (6,350 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

The biggest issue here is that the software completely trashes the trust and security provided by SSL and TLS by spoofing browsers into thinking they have a secure connection when in fact they DO NOT.

 

How on earth can Lenovo justify the installation of software that can generate spoof web certificates on the fly for any site visited? This effectively means that the software can spy on ALL browser traffic - to my bank, my doctor, my employer, my email and dozens of otherthings. To do this without explicitly telling the user what this means is nothing short of criminal malware.

"PUP" - Potentially Unwanted Program?

No. This is a "DUMP" - Definitely Unwanted Malware Program.

 

Now, please do the decent thing and make it clear which laptops & PCs are affected, contact the owners and offer free help and advice on removing this software, pointing out that its use is potentially disastrous.

And please post the afffected models and dates here to help those who have got this far.

Paper Tape
Posts: 8
Registered: ‎02-19-2015
Location: US
Message 54 of 159 (6,334 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

[ Edited ]

BigJobsThis is absolutely what they need to be doing.

Paper Tape
Posts: 8
Registered: ‎02-19-2015
Location: US
Message 55 of 159 (6,297 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

[ Edited ]

In fact, guys, Chromium's policy is that while they try to use system root certificates (the ones found in IE), that they will ignore any that is considered untrustworthy to their knowledge; so it might be worth someone who knows the right people to talk to at the Goog to get Superfish blacklisted.

 

http://www.chromium.org/Home/chromium-security/root-ca-policy

Punch Card
Posts: 53
Registered: ‎07-21-2011
Location: GB
Message 56 of 159 (6,185 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

[ Edited ]

The private key was passworded - it has been broken though.

 

 

Moderator comment: A link was removed to help this post conform with the Community Rules.

"No posts shall include instructions or directions intended to subvert security measures, including passwords, locking mechanisms, fingerprint scans, etc, or to subvert safety measures. Nor shall any posts provide descriptions to the location of, nor direct links to content related to these topics."

Paper Tape
Posts: 8
Registered: ‎02-19-2015
Location: US
Message 57 of 159 (6,047 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

[ Edited ]

The only thing I hate about the way this is all becoming public is that now people with malicious intent KNOW there's a security hole in hundreds (thousands?) of Lenovo computers, and they KNOW how to exploit it (especially now that the password is public).  This story is all across technology news sites.  But the average guy using a Lenovo laptop isn't going to notice, or know how to fix it, or think they need to.  A lot of people are about to get screwed.

Former Administrator
Posts: 8,592
Registered: ‎11-19-2007
Location: US
Message 58 of 159 (5,778 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

[ Edited ]

 

All,

 

Thanks for the continued feedback on this topic.  Lenovo has already taken action and has additional information in this article outlining what has already been done and steps customers can take to remove the application.

 

We will update this as additional information becomes available.

 

Best regards,

 

Mark

 

 

Paper Tape
Posts: 11
Registered: ‎02-19-2015
Location: CHILE
Message 59 of 159 (5,726 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

[ Edited ]

Lenova, I own two laptops from you. the last two.

 

The password for the fake root ssl certificates for anyone to conduct a man in the middle attack on a lenova laptop is already in the wild.

 

Did that get your attention?

 

This not just some bloatware helpful software. This is an outright zero day high level, backdoor,  security vulnerability (well not zero, because you knew about it and refuse to fix it).

 

Lenova, you owe me at the least two CLEAN stock, window os's. No bloat ware. No spy ware. No viruses or fake SSL certificates. Two clean stock copies of microsoft windows to reinstall on my computers. The other damages, are yet to be determined.

 

I want clean stock bioses also. no hardware blacklisted bioses that block me from upgrading my hardware.

 

the key logger issues I am watch closely.

 

Until I recieve those, I will be googling (using linux) for the class action law suit to join in the united states. I am also looking in to filing a criminal compaint in another country. Because this is a criminal act in the country I purchased at least one of the laptops. Your license agreement does not protect you in that country. 

 

 

Moderator comment: A link was removed to help this post conform with the Community Rules.

"No posts shall include instructions or directions intended to subvert security measures, including passwords, locking mechanisms, fingerprint scans, etc, or to subvert safety measures. Nor shall any posts provide descriptions to the location of, nor direct links to content related to these topics."

Blue Screen Again
Posts: 19
Registered: ‎05-16-2010
Location: NYC
Message 60 of 159 (5,677 Views)

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

[ Edited ]

It's like the management at Lenovo thought about the quickest possible way to completely and utterly destroy consumer trust and loyalty in their brand and decided to go ahead and do that in exchange for a little bit of $

 

Par for the course for the company that ruined the Thinkpad brand

 

I will enjoy watching the heads roll and the inevitable

 

What  were you guys thinking

 

 

Moderator note: Comment removed which did not comply with the Forum Rules

 

Top kudoed Authors