Computer manufacturer Lenovo rightly caught heat far and wide from every corner of the internet this week after security researchers discovered a massive security flaw that shipped pre-installed as advertising software. Lenovo should never have put the intrusive software on their computers in the first place, but there is some good news today, as the company is now sharing a list of what computers were affected, and how owners of their machines can remove this junk crap from their systems.
How can I find out if my computer has Superfish on it?
Lenovo has published a full list of the affected machines. It includes notebook computers in the E, Flex, G, M, Miix, S, U, Y, Yoga, and Z series shipped during the six-month span between September, 2014 and February, 2015:
- G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
- U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
- Y Series: Y430P, Y40-70, Y50-70
- Z Series: Z40-75, Z50-75, Z40-70, Z50-70
- S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
- Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
- MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
- YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
- E Series: E10-30
ThinkPads, desktop computers, and smartphones were not affected, a Lenovo statement says.
Anyone — not just Lenovo owners — can also go to this third-party site that tells you if your system has the Superfish certificate vulnerability.
Oh no! I do! How can I get rid of it?
There are two parts to getting rid of Superfish. The first is uninstalling the software; the second is removing the false security certificate it leaves behind from the virtual bowels of your machine. Step one is easier than step two.
The guide has instructions as well as screenshots, to guide the less tech-savvy through the process. The EFF also has a visual guide, although it assumes a slightly higher level of familiarity/comfort with computers than Lenovo’s does.
Is Lenovo sorry? Lenovo should be so sorry.
Lenovo is certainly sorry the entire world noticed, at any rate.
In their first statement about the matter, Lenovo said, “We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns,” despite the plenty of sites and experts pointing out said substantial security concerns. “But we know that users reacted to this issue with concern,” they deigned to add, “and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first,” and concluded, “Our goal was to enhance the experience for users.”
That didn’t go over as well as they might have hoped (the proverbial lead balloon springs to mind). Lenovo has since released an updated statement, saying, “Superfish is no longer being installed on any Lenovo device. In addition, we are going to spend the next few weeks digging in on this issue, learning what we can do better. We will talk with partners, industry experts and our users. We will get their feedback. By the end of this month, we will announce a plan to help lead Lenovo and our industry forward with deeper knowledge, more understanding and even greater focus on issues surrounding adware, pre-installs and security. We are eager to be held accountable for our products, your experience and the results of this new effort.”
In the meantime, Microsoft has also taken matters into their own hands: the most recent update to Windows Defender also nukes Superfish as a “known vulnerability.”