If you bought a new computer or laptop recently, you might have noticed how the Original Equipments Manufacturers (OEMs) love to install their own software on your system along with the Operating System. This is commonly known as bloatware and is singularly the most irritating thing to encounter when you start-up your brand new laptop for the first time.

One of the OEMs, Lenovo, has taken the installation of bloatware to the next level. It has installed an adware named Superfish on consumer laptops which got activated the first time they booted their computer. It was first reported on the Lenovo forums and since then a number of people have complained about the same issue.

This issue has primarily affected laptops that were purchased after July last year. We look at what exactly this adware does and how to remove it from your system.

Details about the Superfish Adware and What it Does

Superfish is known to inject third-party adverts when a user is surfing the web and it does so without the users permission. It is the kind of add-on that the computer manufacturers are paid to bundle with their hardware.

Users have become accustomed to bloatware on their new devices whether its computers or smartphones. Adware, however, is considered potentially more devious as its scans the user activity and displays ads based on their surfing habits.

External Ads on Google Search Results Page – by Visual Discovery (Superfish)

Robert Graham, CEO of internet security firm called Errata Security has described how exactly the adware works and its security ramifications. He says Superfish monitors your web traffic while you’re shopping or searching the web and then shows you images of similar products in your browser. Even if you are securely connected to a website which has an address beginning with HTTPS, it intercepts the data from the website you are visiting and makes it searchable by tinkering with the Windows OS and gives itself the ability to disguise itself as any website.

The very bad part about this is that the adware is so poorly designed that a tech-savvy person can take advantage of the changes Superfish makes to your PC and replicate this disguise. This can enable them to show you any website they want, and to you it would seem like a genuine one. This process is called man-in-the-middle attack, and if you connect your computer to WiFi networks in coffee shops or hotels – you can fall victim to this type of attack.

Such networks are considered safe if you have basic anti-virus and firewall protection. Superfish however, makes it possible for the bad guys to snoop in your system by seizing legitimate SSL certificates in Windows.

The biggest issue with this adware isn’t that it shows you adverts. It’s that it hijacks legitimate SSL certificates from the companies you trust (like Verisign, Google, Microsoft etc) and replaces all SSL certificates presented by these sites with its own.

Lenovo’s Reaction to the Superfish Adware Concern

Lenovo seems to be in deniability mode. The company issued a statement since this issue was brought forth by security researchers. The company said it stopped shipping the adware last month and customers need not worry about it compromising their security. “We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns,” Lenovo said.

They also stated that Superfish was only pre-installed on Lenovo PCs, not other devices. “This was a small-scale test to see if consumers would like the feature.”

Superfish issue had bubbled in the web forums for a while now but caught everyone’s attention when security experts started analyzing it.

It is not just your browsing that is affected. The adware is known to break other programs too. The popular team communication tool Slack starts misbehaving if there is man-in-the-middle attack going on.The Slack customer support reported that they have had issues with Lenovo PCs since last October. The issue is caused as Slack is designed to fend off man-in-the-middle attacks.

How to Remove Superfish from your PC

Since the news about the adware affecting laptops has come out, a few security experts have jumped in to help the affected users in removing it from their system. First you need to check if you do have the adware on your system.

There are two ways to do this:

Open the Task Manager on your PC and under the “Services” tab look for a service called “Visual Discovery.” If it’s there, it will confirm the presence of Superfish on your system.

Another simple way is to visit this website: Superfish CA Test. It would test and tell you if your PC is affected. Another option to check for this adware is at the LastPass Security checks page.

The website correctly indicated that our PC was Adware free.

If you see that your system is indeed infected, here a brief guide to removing this threat:

Step 1) Go to Control Panel > Programs > Uninstall a Program and look for VisualDiscovery. If you see the program, uninstall it!

Step 2) Scan your computer with an anti-virus program with the latest updates. Most antivirus programs flag Superfish as adware, and the scan will help you know if it’s really gone.

Step 3) Remove the Superfish Root Certificate. To do this press the Win+R key to open the Run dialog. Type in certmgr.msc and press Enter.

The Windows Certificate Manager window will open. “Go to Trusted Root Certificate Authorities” and double-click on “Certificates” folder.

You will see a long list of trusted certificates here. Look for Superfish Inc. certificate. When you find it, right-click on it and click delete.


Final Thoughts

Lenovo has gained a lot of traction in the market by creating excellent laptops in the last few years. Installing bloatware, and, in this case, adware on their systems seems like an unnecessary step and for what? Making some extra profit at the cost of the customers security, even after they just bought a brand new device from the company?

What are your experiences with Lenovo? Was your computer affected by Superfish? Share your experience in the comments below.

Update: Lenovo has released a pdf guide with instructions to remove Superfish from your system. You can access it here.