Superfish is basically your run-of-the-mill adware software, but with some big security holes. Lenovo pre-installed it on some computers sold between October 2014 and December 2014, but any Windows computer can be infected. At its core, Superfish is meant to place advertisements in your web browser. The problem is that the software also intercepts encrypted traffic, which opens up your computer to man-in-the-middle attacks (which work similar to the Heartbleed security bug from last year).
Not only that, but Superfish also intercepts HTTPS connections. A post over at Errata Security shows that that the HTTPS certificate is incredibly easy to crack, which makes you even more vulnerable. For example, security research Chris Palmer found that when he visited Bank of America's web site on a computer with Superfish installed, the bank's certificate was signed by Superfish rather than VeriSign. This means attackers could use the certificate to create fake HTTPS web sites that grab your passwords, or even create viruses that are "signed" to look legitimate. Lenovo's released a list of affected machines here, but it's still worth following the instructions below just to double-check.
Uninstalling and removing Superfish:
1. Head to this link (LastPass has a tool as well, if you'd like a second look) in Internet Explorer or Chrome to test if your computer has Superfish installed (it won't work on Firefox). If you get a No, you're good, if you get a Yes, continue onto step 2.1
2. Open the Windows Start menu or Start screen and search for "Uninstall a program". Launch it.
3. Right-click on "Superfish Inc VisualDiscovery" and select "Uninstall," then enter your administrator password.
4. Next, you need to uninstall the certificates. Head back to the Start menu and search for certmgr.msc. Launch it.
5. Click on "Trusted Root Certification Authorities" and open Certificates.
6. Look for any certificates that include Superfish Inc, and right-click to delete them
7. Restart your browser then head back to the link in step 1 to test your computer.
Besides, Comodo is also apparently bundling an HTTPS-breaking program called PrivDog with its Comodo Browser, and Lavasoft is including similar malware with its Ad-Aware program, according to Ars Technica.
If you see any of these installed on your computer or in your Trusted Root Certification Authorities folder, delete them, and uninstall their corresponding programs. You should also clear the certificate caches in your browser after doing so. You can see the full instructions for doing so, along with an explainer on how these programs work, at the link below.
No comments:
Post a Comment