cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Wendel
802.11n
Posts: 429
Registered: ‎07-03-2009
Location: AD
Views: 9,308
Message 21 of 74

Re: Potentially Unwanted Program

Can we trust ANY software from Lenovo? How can they, at their whim, add a Trusted Root Certificate? So much for Trusted Root Certificates!!

 

To remove a real danger (shame on Lenovo!!)

 

Run certmgr.msc to start your Certificate Manager

 

Once that opens, click on “Trusted root certificate authorities” in the left-hand navigation pane, then double-click “Certificates” in the main pane.

 

A list of all trusted root certificates will appear.

 

Find the Superfish entry, then right-click on it and select “Delete.”

m0nst3r44
Ctrl-Alt-Del
Posts: 15
Registered: ‎02-19-2015
Location: hamilton on
Views: 7,676
Message 22 of 74

Re: Potentially Unwanted Program

removing the trusted cert dont end the process if the infection is already done, its a self cloning malware, hence it can infect the browsers stores. we're talking a full low level wipe, and lenovo dont provide the end users with copies of windows anymore. so now its pay someoen to do it for you. thanks lenovo.

Puppy
Bit Torrent
Posts: 1,818
Registered: ‎11-28-2007
Location: CZ
Views: 7,561
Message 23 of 74

Re: Potentially Unwanted Program

I hope Lenovo learns from this case and reconsider amount of preinstalled bloatware in general.

 

Also it seems as nobody have checked what the software actually does. This technique with local certificate is known and used in software development for debugging purposes only. It has no place in consumer machine because it makes it more vulnerable.

 

It is even more serious if uninstalling the software does not remove the certificate as well. Lenovo should create uninstaller (that removes the certificate as well) and deploy it via System Update immediately.

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
m0nst3r44
Ctrl-Alt-Del
Posts: 15
Registered: ‎02-19-2015
Location: hamilton on
Views: 7,150
Message 24 of 74

Re: Potentially Unwanted Program

Lenovo's dishonest response is compounding the impact of this already-severe problem by obfuscating its impact in a lame attempt to downplay what they've done. They're not only injecting ads in their customers' browsing sessions, but their clownish hijacking broke SSL and handed a powerful hijacking tool to any cracker out there who's not a moron.

This is a bad decision that will go down in history, even with the stiff competition we've seen lately from the Sony hack and heartbleed. The prudent consumer would be wise to treat them extremely warily.

Wendel
802.11n
Posts: 429
Registered: ‎07-03-2009
Location: AD
Views: 7,072
Message 25 of 74

Re: Potentially Unwanted Program

Possibly Lenovo is a Chinese government shill whose real purpose is to plant malware/spyware to help the government spy efforts. I can't trust Lenovo anymore.
Community SeniorMod
Community SeniorMod
Posts: 3,218
Registered: ‎12-01-2007
Location: US
Views: 6,689
Message 26 of 74

Re: Potentially Unwanted Program

Hello,

 

Some anti-malware programs use a similar technique, I believe, in order to decrypt and scan encrypted communications for malware.

 

Regards,

 

Aryeh Goretsky

 


@Puppy wrote:

I hope Lenovo learns from this case and reconsider amount of preinstalled bloatware in general.

 

Also it seems as nobody have checked what the software actually does. This technique with local certificate is known and used in software development for debugging purposes only. It has no place in consumer machine because it makes it more vulnerable.

 

It is even more serious if uninstalling the software does not remove the certificate as well. Lenovo should create uninstaller (that removes the certificate as well) and deploy it via System Update immediately.


 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

de.gif Deutsche Community es.gif Comunidad en Español ru.gif Русскоязычное Сообщество pt.gif Communidade Portugues
Jezzper
Paper Tape
Posts: 2
Registered: ‎02-20-2015
Location: Denmark
Views: 6,624
Message 27 of 74

Re: Potentially Unwanted Program

A HTTPS encrypted conncetion should always be a secure end-to-end connection

 

Superfish is not the only one with this security hack.

 

Antivirus software AVAST does it too with the same proxy trick and has acces to all the secure data.

 

Take a look here : http://nevermind.dk/nevermind/blog.nsf/subject/lenovo-superfish-malware-opens-big-hole-for-hackers-b...

Puppy
Bit Torrent
Posts: 1,818
Registered: ‎11-28-2007
Location: CZ
Views: 6,588
Message 28 of 74

Re: Potentially Unwanted Program


@goretsky wrote:

Some anti-malware programs use a similar technique, I believe, in order to decrypt and scan encrypted communications for malware.


That's why I don't use them.
__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
Jezzper
Paper Tape
Posts: 2
Registered: ‎02-20-2015
Location: Denmark
Views: 6,369
Message 29 of 74

Re: Potentially Unwanted Program

 

 

So I will clearify what I wrote: Leneovo screwed up big time and AVAST are screwing up as well.

 

Capice?

Community SeniorMod
Community SeniorMod
Posts: 1,942
Registered: ‎05-01-2010
Location: US
Views: 6,278
Message 30 of 74

Re: Potentially Unwanted Program

 

Moderator Note:

I have had to remove posts from this discussion because they did not comply with forum rules.

It is fair to state disagreement with facts or conclusions that another member has posted, but dissent must be expressed in an objective, and reasoned manner. Treat others with the respect you wish to receive. Remember that the community is here to share collective experiences and wisdom, with the goal of all members enjoying greater success with their Lenovo products. Consider whether your comments serve to advance the discussion in a positive direction...

http://forums.lenovo.com/t5/Welcome-FAQs/Lenovo-Community-Participation-Rules/m-p/1












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Holiday Deals
HAPPENING NOW!

Get the best deals on PCs and tech now during the Holiday Sale
Shop the sale

Top Kudoed Authors