cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Wendel
802.11n
Posts: 492
Registered: ‎07-03-2009
Location: AD
Views: 9,703
Message 21 of 74

Re: Potentially Unwanted Program

Can we trust ANY software from Lenovo? How can they, at their whim, add a Trusted Root Certificate? So much for Trusted Root Certificates!!

 

To remove a real danger (shame on Lenovo!!)

 

Run certmgr.msc to start your Certificate Manager

 

Once that opens, click on “Trusted root certificate authorities” in the left-hand navigation pane, then double-click “Certificates” in the main pane.

 

A list of all trusted root certificates will appear.

 

Find the Superfish entry, then right-click on it and select “Delete.”

m0nst3r44
Ctrl-Alt-Del
Posts: 15
Registered: ‎02-19-2015
Location: hamilton on
Views: 8,071
Message 22 of 74

Re: Potentially Unwanted Program

removing the trusted cert dont end the process if the infection is already done, its a self cloning malware, hence it can infect the browsers stores. we're talking a full low level wipe, and lenovo dont provide the end users with copies of windows anymore. so now its pay someoen to do it for you. thanks lenovo.

Puppy
Bit Torrent
Posts: 1,822
Registered: ‎11-28-2007
Location: CZ
Views: 7,956
Message 23 of 74

Re: Potentially Unwanted Program

I hope Lenovo learns from this case and reconsider amount of preinstalled bloatware in general.

 

Also it seems as nobody have checked what the software actually does. This technique with local certificate is known and used in software development for debugging purposes only. It has no place in consumer machine because it makes it more vulnerable.

 

It is even more serious if uninstalling the software does not remove the certificate as well. Lenovo should create uninstaller (that removes the certificate as well) and deploy it via System Update immediately.

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
m0nst3r44
Ctrl-Alt-Del
Posts: 15
Registered: ‎02-19-2015
Location: hamilton on
Views: 7,545
Message 24 of 74

Re: Potentially Unwanted Program

Lenovo's dishonest response is compounding the impact of this already-severe problem by obfuscating its impact in a lame attempt to downplay what they've done. They're not only injecting ads in their customers' browsing sessions, but their clownish hijacking broke SSL and handed a powerful hijacking tool to any cracker out there who's not a moron.

This is a bad decision that will go down in history, even with the stiff competition we've seen lately from the Sony hack and heartbleed. The prudent consumer would be wise to treat them extremely warily.

Wendel
802.11n
Posts: 492
Registered: ‎07-03-2009
Location: AD
Views: 7,467
Message 25 of 74

Re: Potentially Unwanted Program

Possibly Lenovo is a Chinese government shill whose real purpose is to plant malware/spyware to help the government spy efforts. I can't trust Lenovo anymore.
Community SeniorMod
Community SeniorMod
Posts: 3,329
Registered: ‎12-01-2007
Location: US
Views: 7,084
Message 26 of 74

Re: Potentially Unwanted Program

Hello,

 

Some anti-malware programs use a similar technique, I believe, in order to decrypt and scan encrypted communications for malware.

 

Regards,

 

Aryeh Goretsky

 


@Puppy wrote:

I hope Lenovo learns from this case and reconsider amount of preinstalled bloatware in general.

 

Also it seems as nobody have checked what the software actually does. This technique with local certificate is known and used in software development for debugging purposes only. It has no place in consumer machine because it makes it more vulnerable.

 

It is even more serious if uninstalling the software does not remove the certificate as well. Lenovo should create uninstaller (that removes the certificate as well) and deploy it via System Update immediately.


 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP72 (20MB-*)P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

  Communities:   English    Deutsche    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Język Polski    Moto English

Highlighted
Jezzper
Paper Tape
Posts: 2
Registered: ‎02-20-2015
Location: Denmark
Views: 7,019
Message 27 of 74

Re: Potentially Unwanted Program

A HTTPS encrypted conncetion should always be a secure end-to-end connection

 

Superfish is not the only one with this security hack.

 

Antivirus software AVAST does it too with the same proxy trick and has acces to all the secure data.

 

Take a look here : http://nevermind.dk/nevermind/blog.nsf/subject/lenovo-superfish-malware-opens-big-hole-for-hackers-b...

Puppy
Bit Torrent
Posts: 1,822
Registered: ‎11-28-2007
Location: CZ
Views: 6,983
Message 28 of 74

Re: Potentially Unwanted Program


@goretsky wrote:

Some anti-malware programs use a similar technique, I believe, in order to decrypt and scan encrypted communications for malware.


That's why I don't use them.
__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
Jezzper
Paper Tape
Posts: 2
Registered: ‎02-20-2015
Location: Denmark
Views: 6,764
Message 29 of 74

Re: Potentially Unwanted Program

 

 

So I will clearify what I wrote: Leneovo screwed up big time and AVAST are screwing up as well.

 

Capice?

Community SeniorMod
Community SeniorMod
Posts: 1,990
Registered: ‎05-01-2010
Location: US
Views: 6,673
Message 30 of 74

Re: Potentially Unwanted Program

 

Moderator Note:

I have had to remove posts from this discussion because they did not comply with forum rules.

It is fair to state disagreement with facts or conclusions that another member has posted, but dissent must be expressed in an objective, and reasoned manner. Treat others with the respect you wish to receive. Remember that the community is here to share collective experiences and wisdom, with the goal of all members enjoying greater success with their Lenovo products. Consider whether your comments serve to advance the discussion in a positive direction...

http://forums.lenovo.com/t5/Welcome-FAQs/Lenovo-Community-Participation-Rules/m-p/1












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Check out current deals!


Shop current deals

Top Kudoed Authors