Afraid your computer is infected by Superfish? Here's what to do
"Your new laptop came pre-installed with an especially virulent strain of malware."
That isn't what any owner of a new computer wants to hear, but that was effectively the message Lenovo customers received late last week. And while there was initial confusion about the magnitude of the risk, the danger is now becoming clear, and what you can do about it.
First, a quick recap. It was revealed that Lenovo has been shipping consumer laptops -- millions of them -- with adware from a company called Superfish that poses a critical threat to Internet security. The software is designed to inject ads into Web pages, and while many users consider that fairly objectionable on its own, the way that Superfish accomplishes this is simply reckless. Superfish installs web certificates on the affected computers that replace the secure certificates of every website the user visits, both for ordinary sites and secure sites like banks and shopping sites.
The result? It's technically possible for any malicious party to take advantage of these faked certificates to stage a "Man in the Middle" attack, redirecting your web searches to different sites without your knowledge or consent.
But there's worse. Because of the poor security Superfish applied to these certificates, if you have an affected Lenovo computer, there's nothing to prevent a criminal from hijacking your attempt to visit, say, a bank's web site and send you to a look-alike phishing site instead.
So what can you do?
The first step is determining if you are affected. If you own a Lenovo computer, you should test your PC by visiting a site that tests to see if you have the Superfish malware. One such site is the Superfish CA + Komodia vulnerability test. It only takes a few seconds to find out if your computer is carrying the malware.
Unfortunately, Superfish testing can generate false positives. If you get a message that you're affected, you might want to check out Lenovo's Superfish Vulnerability page, which lists affected models.
If you are infected, first and foremost, do not use that computer to visit any secure websites or conduct any online business. After that you have a few options.
There are many sites that have responded to the crisis by thoroughly explaining how to root out Superfish, like this one at eHow. If you prefer, Lenovo has published its own removal instructions on the support site. Note that the process is not as simple as uninstalling the Superfish application, because that process leaves the compromised certificates behind. You need to also follow the instructions to remove the certificates, or your computer remains at great risk.
Going forward, you can expect anti-malware products to actively look for Superfish as well. Microsoft (MSFT) has already announced that its Windows Defender product, built into Windows 8, has been updated to guard against Superfish. It both removes the application and fixes compromised certificates.
There's one other solution at your disposal. If you're nervous that these solutions won't completely eliminate the risk posed by Superfish, you can format your hard disk and re-install Windows from scratch. That's an extreme measure, of course, but one that's guaranteed to undo the damage caused by Superfish. If you do that, though, you should not reinstall your system from the recovery partition of a Lenovo computer, as that will reset your computer to factory conditions -- Superfish included.
