Two weeks ago, lots of Lenovo users began discovering that their every move online was being tracked by an adware included by the manufacturer. It was a “man in the middle” deception. Lenovo has since taken steps to mitigate the damage. Read more at…
http://support.lenovo.com/en/product_security/superfish
But if you have a Lenovo, you could also stop at…
To see if the vulnerability still exists on your machine. It’s a simple step – and you don’t even have to click anything. Just browse to the site, then wait to see what happens next. If you’re vulnerable, the site will tell you so.
The real problem with Superfish is not just the installed program, but that it interferes with the process SSL certificates, called a “man in the middle attack”.
Uninstalling Superfish itself (whether you do it manually, or you use a tool such as Windows Defender, or something provided by an anti-virus vendor) won’t remove tampering with browser security stores. The instructions provided by Lenovo will detail how to fix the certificate issue, but to do so you, have to check the list of Certificate Authorities in each browser you have installed. Even if you don’t normally use IE, you have to delete the Superfish certificate in Windows configuration. Then you have to do it again in Firefox, Chrome, etc.
Additionally, Superfish isn’t the only using this particular software development kit (called Komodia), others are using it as well, and there are also others that are using the same methodology.
Two notable ones:
– LavaSoft has an add-in (a browser extension) that uses Komodia.
– PrivDog (an add-in tool that’s bundled with both the Comodo firewall and the Comodo Dragon browser, and possibly other Comodo-branded tools) uses a similar methodology, but not Komodia. PrivDog advertises itself to be an ad blocker, but replaces ads delivered by other sites with its own ads. The advertised intention is to protect the user from third-party ads that may have malicious content injected into them. Yahoo had that problem with its ads, a few months back.
It’s also noteworthy that if you uninstall Comodo products, PrivDog must be uninstalled separately, and an unistall of PrivDog leaves thousands of orphaned registry entries.
It should be noted that there are legitimate reasons for locally-created certificates, as those are necessary for anti-virus scanning of encrypted email connections, as well as parental filtering tools.
However, the technique of local certificates is easily abused (as Komodia and Superfish have shown).
It’s somewhat geeky, but this is a good description of what’s going on: http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-style-https-breaking-adware
In conclusion: make sure you’re getting security software from known reputable sources. Not just anti-virus, but security suites, that include parental filtering software. Stick to known names. Be suspicious of free offerings. There’s several good free AV tools (AVG, Avast, AntiVir, BitDefender Free), but beware of any kind of tools that claim to solve all your security (and performance) problems with a single mouse click.