Lenovo releases fix for Superfish

Mixed messages coming from Lenvovo as follow up statement loosely acknowledges that Superfish may have security implications

Lenovo has released a tool to help users remove the adware that shipped on certain consumer laptops last year.

The preinstalled adware, known as Superfish, offered users shopping suggestions based on their browsing habits, but customers reacted angrily, forcing Lenovo to pull the plug on the programme. Security experts then stoked the fire by claiming that the adware’s ability to self-sign certificates was a potential vulnerability. Lenovo reacted quickly, insisting that, after thorough investigation, it did not ‘find any evidence to substantiate security concerns’.

But in what appears to be a small U-turn, the Chinese manufacturer updated its statement, this time saying:

“We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience.  However, we did not know about this potential security vulnerability until yesterday.  Now we are focused on fixing it.”

Lenovo has provided users with an executable removal tool that removes the quasi-malicious software and all associated certificates. The Beijing, China-based giant also said that it was working closely with Microsoft and McAfee to ensure that their anti-malware solutions caught and quarantined Superfish.

"We apologize for causing these concerns among our users – we are learning from this experience and will use it to improve what we do and how we do it in the future," the Lenovo statement said. "We will continue to take steps to make removal of the software and underlying vulnerable certificates in question easy for customers so they can continue to use our products with the confidence that they expect and deserve."

Read more on Antivirus Solutions and Services