English Community

Lenovo NotebooksLenovo P, Y and Z series Notebooks Knowledge Base

Removal Instructions for VisualDiscovery Superfish application

<div id="articleDateTitle"> <h2>LENOVO STATEMENT ON SUPERFISH</h2> <p>&nbsp;</p> </div> <p><span>At Lenovo, we make every effort to provide a great user experience for our customers.&nbsp; We know that millions of people rely on our devices every day, and it is our responsibility to deliver quality, reliability, innovation and security to each and every customer.&nbsp; In our effort to enhance our user experience, we pre-installed a piece of third-party software, Superfish (based in Palo Alto, CA), on some of our consumer notebooks.&nbsp; The goal was to improve the shopping experience using their visual discovery techniques.&nbsp;</span><br /><span>&nbsp;</span><br /><span>In reality, we had customer complaints about the software.&nbsp;&nbsp; We acted swiftly and decisively once these concerns began to be raised.&nbsp; We apologize for causing any concern to any users for any reason &ndash; and we are always trying to learn from experience and improve what we do and how we do it.</span><br /><span>&nbsp;</span><br /><span>We stopped the preloads beginning in January.&nbsp; We shut down the server connections that enable the software (also in January), and we are providing online resources to help users remove this software.&nbsp;&nbsp; Finally, we are working directly with Superfish and with other industry partners to ensure we address any possible security issues now and in the future.&nbsp; Detailed information on these activities and tools for software removal are available here:</span><br /><span>&nbsp;</span><br /><strong><a title="http://support.lenovo.com/us/en/product_security/superfish" href="http://support.lenovo.com/us/en/product_security/superfish" target="_blank">http://support.lenovo.com/us/en/product_security/superfish</a><br /><a title="http://support.lenovo.com/us/en/product_security/superfish_uninstall" href="http://support.lenovo.com/us/en/product_security/superfish_uninstall" target="_blank">http://support.lenovo.com/us/en/product_security/superfish_uninstall</a></strong><br /><br /><span>To be clear: Lenovo never installed this software on any ThinkPad notebooks, nor any desktops, tablets, smartphones or servers; and it is no longer being installed on any Lenovo device.&nbsp; In addition, we are going to spend the next few weeks digging in on this issue, learning what we can do better.&nbsp; We will talk with partners, industry experts and our users.&nbsp; We will get their feedback.&nbsp; By the end of this month, we will announce a plan to help lead Lenovo and our industry forward with deeper knowledge, more understanding and even greater focus on issues surrounding adware, pre-installs and security.&nbsp; We are confident in our products, committed to this effort and determined to keep improving the experience for our users around the world.</span><br /><br /><span>Superfish may have appeared on these models:<br />G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80<br />U Series: U330P,&nbsp;U430P, U330Touch, U430Touch, U530Touch&nbsp;<br />Y Series: Y430P, Y40-70, Y50-70, Y40-80, Y70-70<br />Z Series: Z40-75, Z50-75, Z40-70, Z50-70, Z70-80<br />S Series: S310, S410, S40-70,&nbsp;S415, S415Touch, S435, S20-30, S20-30Touch<br />Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10<br />MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030<br />YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro<br />E Series: E10-30</span><br /><span>Lenovo Edge 15&nbsp;</span></p> <p>&nbsp;</p> <p><span>Please see related&nbsp;<strong><a href="http://news.lenovo.com/article_display.cfm?article_id=1929" target="_blank">Lenovo News Release on Superfish</a></strong></span></p> <p>&nbsp;</p> <p>&nbsp;</p> <h4>&nbsp;Please use the following link for uninstall details - these are being updated frequently</h4> <p>&nbsp;</p> <p><strong>UPDATE from 2/20 - an automated tool is now available to uninstall. &nbsp;The tool, license, source code, and alternate manual uninstall instructions available on the link below.</strong></p> <p>&nbsp;</p> <p><br /><strong><a title="http://support.lenovo.com/us/en/product_security/superfish_uninstall" href="http://support.lenovo.com/us/en/product_security/superfish_uninstall" target="_blank">http://support.lenovo.com/us/en/product_security/superfish_uninstall</a></strong></p>

Was this information helpful?

Comments

cenc On 2015-02-19, 15:17 PM

that does not remove the fake SSL root certificate that is used for a man in the middle attack to intercept all encrypted connections.

 

 

Flepi On 2015-02-19, 15:29 PM

It's not enought...

 

Didn't remove al...

 

I want a clean win8.1 and clean drivers for my computer bought last week !!

 

I'm in France so do what  you have to do to protect my connection and my laptop !!

adam_at_bt On 2015-02-19, 15:40 PM

This is totally unacceptable.

 

"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns."

 

Are you kidding me? I've heard some whoppers in my time and this almost tops it. The gall. Which "marketing manager" thought this idea would actuall fly? 

 

-- Former Lenovo Customer

techkitsune On 2015-02-19, 16:06 PM
"Superfish will be removed from Program Files and Program Data directories, files in user directory will stay intact for the privacy reason. Registry entry and root certificate will remain as well. " Awesome! That means I can compromise any computer that still has this cruft left over! Good job FAILING AT SECURITY, LENOVO. Even better job at hiring someone incompetent like Mark to highlight that. Oh, and since Lenovo deliberately and knowingly distributed this software, which illegally assumes the identities of individuals and companies (including my own) that also means Lenovo is guilty of identity theft. Since it bypasses security measures and defeats encryption before it can happen, it's also a violation of the CFAA - federal charges need to be brought against Lenovo for this.
techkitsune On 2015-02-19, 16:21 PM
"Our goal is to find technologies that best serve users."

A laptop without bloatware best serves users. A laptop with bloatware best serves other people.

You are very obviously NOT looking out for your users.
tMettam On 2015-02-19, 17:19 PM

"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns."

This statement pretty much disintegrates any bit of respect left for Lenovo. Either you didn't look very hard, or the people doing this were completely incompetent.

m0nst3r44 On 2015-02-19, 17:26 PM

The cracked certificate exposes Lenovo users to man-in-the-middle attacks, similar to those opened up by Heartbleed. Armed with this password and the right software, a coffee shop owner could potentially spy on any Lenovo user on her network, collecting any passwords that were entered during the session. The evil barista could also insert malware into the data stream at will, disguised as a software update or a trusted site.

Even worse, there's no clear fix for the issue. The software can be uninstalled (instructions are here), but that won't entirely solve the issue. Superfish sets all infected computers to run web encryption through Superfish's certificate authority, which is now easily unlocked by the published password — but simply uninstalling the software won't undo those settings. Researchers are still exploring the bug and more fixes can be expected in the days to come — but in the meantime, anyone affected by the bug should avoid public Wi-Fi networks (if possible, Wi-Fi in general) whenever possible. This test will show if your computer is affected, courtesy of researcher Filippo Valsorda.

 

 

 

but theres no cause for alarm right? 

this is mind blowing.

come on mark tell us all how its nothing to worry about again, this is shamefull

 

BE CAREFULL THEY ARE EDITING POSTS TO SUIT THE NEEDS OF THE COMPANY

techkitsune On 2015-02-19, 17:47 PM
Just checked using a customer's new Yoga and a fake bank account I have set up for security checking just like this. Superfish transmits IN THE CLEAR username and password. Taking the laptop to the bank right now - odds are Lenovo won't be welcome in any IT sector once the banks get wind of this.
DragonPurr On 2015-02-19, 17:52 PM

Not only was this an immensely terrible idea from the very start, but the people who developed this crappy software misspelled its name. Its real name is DUPERPHISH !  This is more like MALWARE, and not just adware, as it secretly, without the user's knowledge, hijacks HTTPS SSL/TLS connections where you thought that you were connecting to a secure Web site such as a bank, financial institution, or online store.

 

Considering that Lenovo's officials in Beijing have strong ties to the Chinese government, and in light of the NSA's own hardware-based spying, I *NEVER* use a Lenovo computer for any kind of financial transaction. Nor do I store any really personal or sensitive information on a Lenovo computer.  They are only good for gaming and some casual Web surfing, and that's it.   I am not sure that I entirely trust the NSA's motives either... but I trust them more than having China or Russia siphoning data from me.

ChristineB On 2015-02-19, 21:26 PM

I'm floored -- just read the ZD Net article.

 

Since early January I've been looking for a new Lenovo notebook.  Every few days I spent an hour or two reading reviews and scanning Ebay and Amazon for the right model in my price range.  Been buying a new Lenovo every couple years for at least 7 or 8 years.  I greatly appreciated the help I've received in this forum and had no intention of ever buying another brand.

 

And now I have to find another brand.   There's no way that I will EVER buy another product from a company like Lenovo that sinks so low and DELIBERATELY installs malware.

 

I could spit nails .....

 

 

 

 

 

 

Andy_Lenovo On 2015-02-19, 21:28 PM
Altoid666 On 2015-02-19, 23:10 PM

Now I have to look over my shoulder on every Lenovo Update/Download.  Shame on you.  What a way to breach our trust.  The article describes how to "remove" Superfish.  How lame.  The residual files and registry entries still reside on one's computer and can be used as a back door to "fish" passwords and account information.  

This should have NEVER happened in the first place,  Placing Malware/Spyware/Adware on one's private property is unforgivable.  This is not the American way.  Maybe in China it's OK to sneak and spy but not here in the USA.

Now I am mad!  The "Explanation" in the above artice is so weak it's a joke.  There is NO justification for sneaking Superfish on anyone's computer, EVER.

 

 

Mark_Lenovo On 2015-02-19, 23:13 PM

 

All,

 

Thanks for the onging feedback even though it has proven to be a difficult topic.

As Lenovo teams have continued work on this today, I have updated the KB , and would also point to a security advisory we just published to our support site.

 

http://support.lenovo.com/us/en/product_security/superfish

 

There are additional actions underway, and I anticipate some additional updates on this subject.

 

Best regards,

 

Mark

m0nst3r44 On 2015-02-19, 23:36 PM

you dont care to retract your statements now mark??? you sat and assured everyone there was no prob.

how do we know youre not in on this to? shamefull, disrespectfull and down right pitifull, your suppose to be a social media manager? you're a farce and an un-educated  admin that should be removed from your current possition.

techkitsune On 2015-02-19, 23:41 PM
Here's a suggestion: Fire your entire IT staff, whom has proven themselves totally incompetent at basic code auditing and review. Some random joe with a few hours ripped that malware apart and had the private key. That YOUR supposedly better 'professionals' couldn't do this speaks volumes about how competent they are. Next step: Fire yourself - caught in a lie, check it out; http://imgur.com/H8459Z3,87zOroU
m0nst3r44 On 2015-02-19, 23:44 PM

thats all it come down to damage control at all costs. lie cheat and steal they dont care its about the bottum line$$

 

my firm has 18 of these infected laptops sitting on my shop bench all recalled cause of you, so now i'll wipe them all fresh with fresh keys from MSDN and then bill lenovo for my time for the work they caused.

cenc On 2015-02-19, 23:49 PM

so lenova will not provide any practical steps for protecting users beyond PR spin.

 

Here is a few options, while lenova figures out how to run and hide from this:

 

1. completly remove windows and install linux or BSD operating sytems. Honestly, kept a copy of windows and the driver partitions that came with my Lenova computer, even though I use linux. Now I am going to completly remove even those partitions.

 

2. get a fresh copy of windows direct from microsoft. Do not use the OEM copy or backups from Lenova. We seem to not be able to trust them.

 

3. buy a diffrent computer, from a company that does not back door your.

 

4. install a firewall, that blocks all outbound traffic. We can't trust what is being sent out from the software that comes pre-installed on these computers. Only allow, known, and required traffic out.

 

Will, be having a close look at the bios and other microcode on my lenova computers for any signs of other "features" sending data for no good reason.

m0nst3r44 On 2015-02-19, 23:51 PM

firewall is null and void its a root cert that pins to browsers and also infects some browsers stores

http://i.imgur.com/wQaG3sg.jpg

thus beciuase its a root pinnable cert it can alter settings for anything to do what it wants with no interaction from the user.

techkitsune On 2015-02-19, 23:51 PM
"4. install a firewall, that blocks all outbound traffic. We can't trust what is being sent out from the software that comes pre-installed on these computers. Only allow, known, and required traffic out."

Won't work. If you open SSL for web-surfing, it's getting out.
dvonderburg On 2015-02-20, 0:01 AM

I have been fighting malware that has been invited by this POS application, and I don't mean Point Of Sale. I have spent countless hours with refresh installs from the onboard Windows 8.1. install partition and I am pissed! 3 times I refreshed Windows and 3 times some sort of malware was installed by this bloatware. I want a new refresh of the partition with a clean Windows 8.1 and 0 bloatware! I used to support and love Lenovo. Now I want a divorce!

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop