If you bought a Lenovo laptop in the last few years, your computer likely contains a very bad security vulnerability. It's explained in this Lenovo support document. The TL;DR version is that certain laptops come preinstalled with software from a company called Superfish (called VisualDiscovery) that inserts ads into websites you visit to "improve your experience." If you visit a securely encrypted site, Superfish performs a man-in-the-middle attack to decrypt the site and insert the ads. This means you're not really that securely visiting that site.

In addition, the SSL certificate SuperFish uses to perform this attack has been cracked, allowing malicious parties to intercept your web traffic without you knowing. Lenovo was originally reluctant to admit to any wrong-doing.

Removal instructions can be found on Lenovo's website, but it's probably easier to simply install and/or update Windows Defender. This anti-malware application from Microsoft is now able to remove Superfish for you along with resetting your compromised certificates. Windows Defender comes preinstalled with Windows 8, otherwise you can download the Windows 7 version. In addition to fixing the Superfish bug, it will also protect you from a slew of other malware.

Here is the full list of Lenovo laptops (from the previously linked support document) that come with the Superfish software pre-installed:

  • E-Series:  
    • E10-30
  • Flex-Series:
    • Flex2 14, Flex2 15
    • Flex2 14D, Flex2 15D
    • Flex2 14 (BTM), Flex2 15 (BTM)
    • Flex 10
  • G-Series:  
    • G410
    • G510
    • G40-70, G40-30, G40-45
    • G50-70, G50-30, G50-45
  • M-Series: 
    • Miix2 – 8
    • Miix2 – 10
    • Miix2 – 11
  • S-Series:
    • S310
    • S410
    • S415; S415 Touch
    • S20-30, S20-30 Touch
    • S40-70
  • U-Series:  
    • U330P
    • U430P
    • U330Touch
    • U430Touch
    • U540Touch
  • Y-Series:  
    • Y430P
    • Y40-70
    • Y50-70
  • Yoga-Series:
    • Yoga2-11BTM
    • Yoga2-11HSW
    • Yoga2-13
    • Yoga2Pro-13
  • Z-Series:
    • Z40-70
    • Z40-75
    • Z50-70
    • Z50-75

UPDATE: If you use Mozilla products, you may have to follow additional steps. See here for more information.

Comment