Superfish, was preinstalled (starting Sept 2014) by Lenovo on a number of their consumer laptops, is detected as being Adware, Trojan, and Riskware by at least 23 AntiVirus & AntiMalware scanners
Superfish visual discovery software was preloaded onto Lenovo consumer level notebooks beginning in September 2014. Per the Lenovo News Release: “The goal was to improve the shopping experience using their visual discovery techniques.”
The preinstall of Superfish on consumer level laptops, was terminated by Lenovo in January 2015.
Superfish was apparently never installed “on any ThinkPad notebooks, nor any desktops, tablets, smartphones or servers; and it is no longer being installed on any Lenovo device.”. Enterprise level hardware (like Servers and Workstations) was also “not” affected. Only “consumer level” laptops were apparently affected.
Again per Lenovo’s news release:
“Superfish may have appeared on these models:
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70, Y40-80, Y70-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70, Z70-80
S Series: S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro
E Series: E10-30
Edge Series: Lenovo Edge 15″
The Electronic Frontier Foundation (EFF) recently had a post about Superfish, where they stated: “which tampers with Windows’ cryptographic security to perform man-in-the-middle attacks against the user’s browsing.”.
Bloomberg Business has a typically informative post about Lenovo apologizing to their customers over the Superfish preinstall.
If you are concerned that you might have Superfish installed on your computer, then plse click on this line to visit a page which specific checks for Superfish.
GData, a Security Software provider, also has a web page setup to check if your computer has the Superfish SSL Root Certificate installed – just click on this line to visit that page.
If you find that your system has Superfish installed, then click on this line to visit the official Lenovo webpage where they give instructions and provide a downloadable tool to remove Superfish from your affected laptop.
The following AntiVirus, AntiMalware software will detect Superfish as either Adware, Trojan, Application Unwanted, Riskware, Loadshop or WS Repuation 1:
DrWeb – they also claim on their website that they can decrypt about 90% of Cryptolocker encryption infections
Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.
Posted by: Vincent Banial
Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.
Feel free to share the above under the Creative Commons License and attribution to Vincent Banial. A link to this blog would also be a nice gesture – Thanks in advance.