How to Scan Your Computer for the New “Superfish” Security Vulnerability

Posted on by

Security researchers have discovered a vulnerability in adware called Superfish that makes your computer vulnerable to all kinds of attacks. Superfish comes pre-loaded on many Lenovo computers, but it can also be installed on any machine. Here’s what happens and how to check if you are infected.

What is Superfish

Superfish is regular adware , but with big security holes. Lenovo preinstalled it on some computers sold between October 2014 and December 2014 , but any Windows computer can be infected. At its core, Superfish is designed to serve ads in your web browser. The problem is that the software also intercepts encrypted traffic, which exposes your computer to attacker- in-the-middle attacks (which work similarly to last year’s Heartbleed security bug ).

Moreover, Superfish also intercepts HTTPS connections. The Errata Security post shows that the HTTPS certificate is incredibly easy to hack, making you even more vulnerable. For example, security research Chris Palmer found that when he visited the Bank of America website on a computer with Superfish installed, the bank’s certificate was signed by Superfish, not VeriSign. This means that attackers can use the certificate to create fake HTTPS websites that hijack your passwords, or even create viruses that are “signed” to appear legitimate. Update: Lenovo has posted a list of the affected machines here , but it’s still worth following the instructions below to double check.

How to test your computer and remove Superfish software and certificates

Luckily, it’s easy to check if Superfish is affecting your PC. We had several Lenovo computers to test and all of ours were clean, but it only takes a second to test yours, so it’s worth testing no matter what type of Windows machine you have. Removing and removing Superfish is a little trickier, however.

  1. Follow this link ( LastPass also has a tool if you want to take another look) in Internet Explorer or Chrome to check if you have Superfish installed on your computer (it won’t work in Firefox). If you get a “No” answer, everything is fine, if you get a “Yes”, go to step 2.
  2. Open the Windows Start menu or Start screen and search for “Uninstall a program.” Run this.
  3. Right click on “Superfish Inc VisualDiscovery” and select “Uninstall”, then enter the administrator password.
  4. Next, you need to remove the certificates. Go back to the start menu and find certmgr.msc. Run this.
  5. Click on Trusted Root Certification Authorities and open Certificates.
  6. Find all certificates that include Superfish Inc and right click to remove them.
  7. Restart your browser, then return to the link in step 1 to check your computer.

With this, your system should be cleared of Superfish. If you are using Firefox or Thunderbird, you can also check their certificate stores by following these instructions . Update : There are conflicting reports, some people say removing certificates is not enough. However, most people, including Microsoft itself, believe that removing certificates should be adequate. If you want to be extremely careful, you can always perform a clean installation of Windows without any extra programs .

If you need more information on the technical (and historical) side of everything, then Ars Technica , The Next Web, and Forbes dig deeper.

More…

0
Uncategorized

Leave a Reply