What is Superfish?
Superfish is a MITM software that Lenovo has admitted and apologize on his offical website ( check below ) to pre-installing on many of its laptops to “enhance the shopping experience” of its users. However, the U.S. Computer Emergency Readiness Team calls Superfish a “Man-in-the-Middle” Attack MITMA Software because of how it Intercepts users web traffic to provide targeted advertisements.
What is “Man-in-the-Middle” Attack MITMA?
The man-in-the-middle attack ( also known as MITM, MitM, MIM, MiM or MITMA ) requires an attacker to have the ability to both monitor and alter or inject messages into a communication channel. One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle.
As an attack that aims at circumventing mutual authentication, or lack thereof, a man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to their satisfaction as expected from the legitimate other end. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, TLS can authenticate one or both parties using a mutually trusted certification authority.
Is Superfish a virus or malware? is it so dangerous?
Superfish snoops in on your web browsing and secretly slips ads into webpages. But the really dangerous part is that it’s pre-installed with root certificate authority, which allows it to impersonate any server’s security certificate.
If this certificate is compromised by hackers, you could be tricked into logging in to a fake website and giving hackers your password. Because of Superfish, any of your accounts—including encrypted bank accounts—could be easily compromised.
Which computers are affected?
According to Lenovo, Superfish may have been pre-installed
on the following models:
G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80
S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch
U330P, U430P, U330Touch, U430Touch, U530Touch
Y430P, Y40-70, Y50-70, Y40-80, Y70-70
Z40-75, Z50-75, Z40-70, Z50-70, Z70-80
Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10
MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030
YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro
Lenovo apologize for this pre-installed Software –
Will restoring from a backup help?
Superfish has been pre-installed by Lenovo. Therefore, restoring your computer to factory condition from either a backup partition or a backup DVD will not solve the problem if Superfish is also part of your backup. Superfish would only be reinstalled, too.
So if you ever use a backup to restore your system, you may need to again remove Superfish and its root security certificate from your system.
How to remove Superfish now ?
How to remove Superfish and certificate from Lenovo Machines or any browser ?
To remove the Superfish program and its certificate from your computer,
please use this free tool from Lenovo:
This tool will also remove any Superfish certificates
from browsers like Mozilla Firefox and Thunderbird.
How to remove Superfish Manually from your System ?
Step 1. Step 1: On Windows 8.1, Open Search
Step 2: Search for “remove programs” and select “Add or remove programs”
Step 3. In the list of installed items, locate “Superfish Inc. Visual Discovery”.
Note: If you do not find an item with the name “Superfish Inc. VisualDiscovery”, you do not have the application installed. However, you should still continue on to B) Instructions to determine if you have the SuperFish Certificate installed and how to remove it:
Step 4: Select “Uninstall”. The uninstall will take several seconds. When the uninstall completes, it will automatically be removed from the list of installed programs.
Step 5: After confirming the removal of the application, please follow the steps for “How to remove the SuperFish certificate”.
After uninstalling the SuperFish application, the certificate may still remain. It is very important to delete the certificate even though the application itself has been removed.
Note: These instructions will remove the certificate from the following browsers:
– Internet Explorer
– Google Chrome
– Any other browser that utilizes the Windows Certificate store.
Step 1: On Windows 8.1, Open Search
Step 2: Search for “Certificate”. Select “Manage computer certificates”.
Step 3: When prompted by Windows, “Do you want to allow this program to make changes to this computer?”, select ‘Yes’
Step 4: The certificate manager window should appear. On the left hand panel, select “Trusted Root Certificate Authorities” followed by the sub-folder “Certificates”. On the right panel, find the item with the name “Superfish, Inc.”.
Note: If you do not find an item with the name “SuperFish Inc.”, the certificate is not in the Windows store. You may still need to remove it from Mozilla Firefox and Mozilla Thunderbird if you have them installed. Proceed to If you have Firefox browser or Thunderbird Email Client installed you must also perform the following for each individually.
Step 5. Right click on the item labeled “Superfish, Inc.” and select ‘Delete’. On touch systems, you may select the red ‘X’ in top toolbar.
Step 6. When prompted by Windows to confirm the deletion, select ‘Yes’. The certificate should now be removed.
Step 7. Restart your device.
Step 1. Open Firefox browser and press either the orange Firefox button
or the Settings button
Step 2. Select Options from the menu
Step 3. Select Advanced from the Options window
Step 4. Next, select the Certificates tab, then press the View Certificates button
Step 5. On the Certificate Manager window, select the Authorities tab, then scroll through the list to find and select the SuperFish, Inc. certificate. Then press the Delete or Distrust … button.
Step 6. In the Delete or Distrust CA Certificates window, select the Superfish, Inc. entry. Then click on OK on all open windows to accept the changes.
Step 7. Restart your device.
Reminder: If you have Thunderbird and Firefox you may have to repeat these steps for each application.