02-19-2015 10:13 AM - last edited on 02-19-2015 10:35 AM by Bugbatter
I was looking at Lenovo for a potential gaming/heavy duty processing laptop. This just knocked them out of the park forever. I can't believe in todays age a company would do something this reckless. What happened if your data got compromised because of this? Would they help you? Pretty sure not.
I fixed it for them, by the way.
Removal Instructions for VisualDiscovery Superfish application
Visual Discovery / Superfish was previously included on
some thousands of consumer notebook products shipped in a short window between October and December to help customers potentially discover interesting products while shopping get unwanted ads on their computer and compromise their security. However, user feedback was not positive, and we responded quickly and decisively:
We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. (We don’t want too.) But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software. (So we don’t get sued.) We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first. (This is the most nothing answer ever.)
To be clear, Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It just makes it unsecure. It does not know who the user is. (Does any program?) Users are not tracked nor re-targeted. (It’s not that type of program.) Every session is independent. (ok…?) Users are given a choice whether or not to use the product. (Really? Preinstalled?) The relationship with Superfish is not financially significant; our goal was to enhance the experience for users. (And make some money because, whatever, **bleep** you.) We recognize that the software did not meet that goal and have acted quickly and decisively.
We are providing support on our forums for any user with concerns. Our goal is to find technologies that best serve users. In this case, we have responded quickly to negative feedback, and taken decisive actions to ensure that we address these concerns.
If users still wish to take further action to unistall (uninstall*) the application, please follow these steps:
Uninstalling Superfish Visual Discovery
Superfish will be removed from Program Files and Program Data directories, files in user directory will stay intact for the privacy reason. Registry entry and root certificate will remain as well. The Superfish service will stop working as soon as it is uninstalled via above process, and following reboot. We think.
Moderator note: Comment removed which did not comply with the Forum Rules
02-19-2015 10:14 AM
Hello, I see the Superfish certificiate in my certificate manager under "trusted root certification" . I tried to delete it but it's warning me that deleting it might prevent some windows components from working properly. This is so wrong.
02-19-2015 10:18 AM
silver orange :
Except it doesn't work ssl certificats are still there and laptop isn't safe...
And what about recovery !! on our laptop we have a partition for recovery WITH superfish !!
02-19-2015 10:24 AM - edited 02-19-2015 10:29 AM
Not only was this an immensely terrible idea from the very start, but the people who developed this crappy software misspelled its name. Its real name is DUPERPHISH ! This is more like MALWARE, and not just adware, as it secretly, without the user's knowledge, hijacks HTTPS SSL/TLS connections where you thought that you were connecting to a secure Web site such as a bank, financial institution, or online store.
Considering that Lenovo's officials in Beijing have strong ties to the Chinese government, and in light of the NSA's own hardware-based spying, I *NEVER* use a Lenovo computer for any kind of financial transaction. Nor do I store any really personal or sensitive information on a Lenovo computer. They are only good for gaming and some casual Web surfing, and that's it. I am not sure that I entirely trust the NSA's motives either... but I trust them more than having China or Russia siphoning data from me.
02-19-2015 10:30 AM
I believe there is a Lenovo utility to create a new recovery based on the currently installed setup. (I'm not excusing them, just trying to find the quickest way to fix the probem without reinstalling).
If you want to reinstall Windows clean, you can, legally and legitimately.
Windows 7 and 8.1 ISOs are available online. A little googling will lead you to legitimate downloads direct from Microsoft.
If you have a Windows 7 machine, the product key should be on the bottom of your machine.
If you have a Windows 8.1 machine, the product key is in your UEFI, and when you install from an ISO, Windows will automatically retrieve the key. All that's required is to click "Activate".
Drivers are on lenovo.com.
If you need to retrieve a product key for Office or Windows 7, use ProduKey.
02-19-2015 10:32 AM
Given that the NSA is putting spyware in hard drive firmware, nothing is really safe. Remove SuperFish, remove the root certificate, and use your computer like a computer.
02-19-2015 10:32 AM
FYI: I found this useful guide:
Tom's Guide has an article named "Lenovo's Security-Killing Adware: How to Get Rid of It"
02-19-2015 10:39 AM - edited 02-19-2015 02:21 PM
trainer: I agree that both hardware and the Internet are becoming more compromised with each passing month. But as I mentioned, I would still think or hope that the NSA's motives are less financially, commercially, industrially, and militarily destructive to people living in the U.S. than all of the rampant cyber-spying that Russia and China (and now increasingly from the Middle East) are actively engaging in. China has their equivalent of the NSA stationed in Shanghai, and their cyber-spy and hacking groups are part of their People's Liberation Army military forces. Lenovo's executives in their Beijing corporate headquarters have very close ties with China's government and military. You can add 2+2 together from that. Even if you consider yourself an innocent bystander in the cyber-wars, you still have to pick a side sometimes, and you hope that the side that you pick has less malicious intents.
I am not saying that we should ban all products made in China; that is not economically prudent and there are tons of excellent products manufactured in China. But I have never trusted Lenovo computers for handling financial transactions or storing various personal/sensitive information. One of China's main goals for cyber-spying is industrial espionage and stealing information/data that would be advantageous to their military, commercial, and industrial sectors. If you work for a high-tech company, for a government or military/defense-related organization, for a bank or financial instititution, or for an oil/solar/mining/energy company, you should avoid using Lenovo computers for work-related purposes, because China loves to hack, phish, Trojan, and back-door their way into these areas to steal information that may be strategically useful to them. I also try really hard to avoid any food products, pet food, vitamins, etc. that are made in China because a lot of that is compromised by quality issues.
02-19-2015 10:54 AM
I hope Superfish paid you more money than what you're going to lose on this crap you allow on your computers. Only money hungry (non-caring about thier customers) corporate monsters would allow bloated crap on thier systems for a few non-meaningful dollars. If anything, all the crap ware you put in your images do more HARM than good for you guys.