The holiday season has passed and of course many African-Americans got cool new techno-gadgets for Christmas, If you purchased a Lenovo computer it’s time to pay attention.
Lenovo, the world’s largest computer maker, has been selling computers with an adware/malware known as Superfish. Superfish is the name of a marketing company that produces software called Visual Discovery along with other products.This adware allows ads to be placed in front of the user based on the images they are looking at.
This function involves analyzing images that appear on your computer screen. It matches these pictures against a giant database of images in the cloud. It then places similar images on your computer screen.
For example, if you’re looking at an ad for a new digital camera, Superfish, going by the example in its database, presents matching cameras.
The Superfish software on your new Lenovo laptop monitors which websites you visit, what you are looking at and searches for related sites. All this based on images instead of the old-fashioned keyword search we are used to.
Sounds good so far right? You probably have no objection to greater choice in shopping or cheaper prices. But that is if you are aware that Visual Discovery was installed on your computer in the first place. And of course assuming that the software works in a way that doesn’t put your online privacy and security at risk. Sadly many people who purchased these Lenovo computers had no idea this was happening. That is why Lenovo is catching hell and you could be vulnerable.
We like to keep it simple at the AACR so lets tell it like it is. This software opens you up for what hackers call a classic man-in-the-middle attack. See Visual Discovery doesn’t just work inside your browser to see what you are looking at. This adware/malware contains a proxy. This component intercepts network traffic outside your browser so it can keep track of what you are doing, like online banking, user names and passwords. Starting to get the picture? Its an open door to hackers! I don’t think I need to go any further than that.
According to Lenovo the company only installed Superfish on consumer laptops between September and December last year. During the holiday shopping season! Do think that was an accident? Really?
Chrome and Internet Explorer browsers are affected because they use Microsoft’s Windows store of trusted certificates. If you use the Firefox browser the Electronic Frontier Foundation found as many as 44,000 Superfish certificates were run by users of Mozilla’s browser.
How do you know if your computer is infected? Check Windows’ list of trusted certificates. Go to Control Panel and search for “certificates”. A list of Administrative Tools will come up. Select the “manage computer certificates” option. Click on the “Trusted Root Certification Authorities” option and then “Certificates”. If you see one with Superfish Inc. attached to it then consider yourself officially infected.
This is the nasty part. Even if you do find it, uninstalling the program does not solve the problem since it does not remove the certificate. So if you believe that Superfish is floating around inside your computer back up your data and update it to a new operating system; a new more secure OS. This is probably going to cost you some money but you can get that back and then some by joining the class action lawsuit.
Lenovo will no longer be using Superfish adware in its devices and will help customers remove the malware from their computers as quickly as possible. Lenovo also issued the following statement via Twitter: “We’re sorry. We messed up. We’re owning it. And we’re making sure it never happens again.” Lenovo also issued detailed instructions for removing the adware/malware as well as how to determine if the troublesome Superfish digital certificate is installed, and how to remove it. You can also find a published list of all machines on which Superfish was installed. You may want to check your machine.