English Community

Software and Operating SystemPre-Installed Lenovo Software and Applications
All Forum Topics
Options

4 Posts

02-19-2015

USA

5 Signins

26 Page Views

  • Posts: 4
  • Registered: ‎02-19-2015
  • Location: USA
  • Views: 26
  • Message 1 of 5

Lenovo statements regarding Superfish Adware/Malware/MITM

2015-02-19, 19:14 PM

I was frankly appalled to learn about Superfish, which I suspect is installed on my Yoga 3 Pro purchased in November.  If including this kind of software without explicit and informed consent of users isn't criminal, it should be.

 

I read Lenovo's statement, and saw this:

"Users are given a choice whether or not to use the product."

 

Can someone please explain to me what this choice looked like when presented to users?  I can't imagine in my wildest dreams consenting to any kind of adware, and I don't remember being presented with the "choice" of wheter to use this software.

 

Also, given that the pre-installed Superfish root certificate has been cracked, and is easily useable by any hacker for a man-in-the-middle attack, what steps are being taken to revoke the certificate, and completely purge it (and the Superfish software) from all infected machines?

Solved! See the solution
Reply
Options

613 Posts

07-03-2009

AD

530 Signins

5532 Page Views

  • Posts: 613
  • Registered: ‎07-03-2009
  • Location: AD
  • Views: 5532
  • Message 2 of 5

Re: Lenovo statements regarding Superfish Adware/Malware/MITM

2015-02-19, 20:50 PM

How can anyone trust any software from Lenovo? Here's how to remove the most dangerous part of Superfish... the Monkey-in-the-Middle Trusted Root Certificate.

 

If Lenovo can add, at their whim, a Trusted Root Certificate, how trustworthy are any Trusted Root Certificates??

 

To remove a real danger (shame on Lenovo!!)

 

Run certmgr.msc to start your Certificate Manager

 

Once that opens, click on “Trusted root certificate authorities” in the left-hand navigation pane, then double-click “Certificates” in the main pane.

 

A list of all trusted root certificates will appear.

 

Find the Superfish entry, then right-click on it and select “Delete.”

 

Reply
Options

4 Posts

02-19-2015

USA

5 Signins

26 Page Views

  • Posts: 4
  • Registered: ‎02-19-2015
  • Location: USA
  • Views: 26
  • Message 3 of 5

Re: Lenovo statements regarding Superfish Adware/Malware/MITM

2015-02-19, 21:06 PM
While this information is useful, it doesn't actually answer any of the questions that I actually asked in my post:

Specifically how was this supposedly made optional?
For those users who don't read tech news and are blissfully unaware, how will this dangerous cert and software be removed?
Reply
Options

8687 Posts

01-13-2008

US

77510 Signins

2209205 Page Views

  • Posts: 8687
  • Registered: ‎01-13-2008
  • Location: US
  • Views: 2209205
  • Message 4 of 5

Re: Lenovo statements regarding Superfish Adware/Malware/MITM

2015-02-20, 5:09 AM

burndive,

 

The Yoga 3 Pro is not on the list of affected systems.

 

Official List  of affected systems here:

http://support.lenovo.com/us/en/product_security/superfish

 

Uninstall instructions:

http://support.lenovo.com/us/en/product_security/superfish_uninstall

 

Z.


The large print: please read the Community Participation Rules before posting. Include as much information as possible: model, machine type, operating system, and a descriptive subject line. Do not include personal information: serial number, telephone number, email address, etc.


The fine print: I do not work for, nor do I speak for Lenovo. Unsolicited private messages will be ignored - questions and answers belong in the forum so that others may contribute and benefit. ... GeezBlog

 

Communities: English Deutsch Español Português Русскоязычное Česká Slovenská Українська Polski Türkçe Moto English

0 person found this solution to be helpful.

This helped me too

Reply
Options

4 Posts

02-19-2015

USA

5 Signins

26 Page Views

  • Posts: 4
  • Registered: ‎02-19-2015
  • Location: USA
  • Views: 26
  • Message 5 of 5

Re: Lenovo statements regarding Superfish Adware/Malware/MITM

2015-02-20, 20:55 PM

I understand that Windows Defender (and presumably other anti-malware companies) are acting to detect and remove Superfish from users who would be otherwise unaware of the vulnerability.

 

So now the only remaining question is, how did the users who had this installed make their "choice of whether or not to use the product"?

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms