From the horse’s mouth
Advisory page with list of affected laptops
Removal-tool download (Run or copy to “toolbox” USB memory key)
My Comments and Instructions
If you bought a Lenovo computer through 2014 that was positioned at consumers like the G50-70 or the Yoga 2 Pro, you may have had Superfish’s Visual Discovery software installed on it. This is part of a common practice especially with consumer and small-business computers where they become loaded with software you most likely don’t really want.
Here, the variant of the Visual Discovery which is meant to be an enhanced “machine+Internet” search tool has been behaving like adware. It even has been jeopardising the security of your SSL-based secure-browsing sessions. Here, they were highlighting it as a software-driven client-side “man-in-the-middle” security threat that can intercept data that passes through your computer.
But you can remove the software form your G50-70, Yoga 2 Pro or other Lenovo laptop, and is a very similar practice to what I have done with a lot of adware that ends up on peoples’ computers.
Lenovo offers a single-purpose download to remove the Superfish software but if you have the patience to work through Windows to “root it out” or a computer-literate relative or friend can do this for you, here are the instructions which I have paraphrased from their Website.
Remove Superfish software
- In Windows 8.1, use the Search Charm in the Modern View to search “remove programs”, then select “Add Or Remove Programs”. On the other hand. right-click on the Windows icon on the Taskbar and select Programs And Features.
- Hunt for “Superfish Inc. Visual Discovery” and uninstall it by clicking the Uninstall option. This is a good time to go through all of your software that is on your computer and remove any questionable programs.
Remove Superfish certificates from the Windows Certificate Store
This is to remove the Superfish certificates from the main Certificate Store that Windows uses and is the “go to” certificate location for Internet Explorer, Google Chrome, Opera, Safari and co.
- In Windows 8.1, use the Search Charm to search “Certificates”, then select “Manage Computer Certificates”
- Accept Microsoft Management Console’s request to change your computer data
- Select “Trusted Root Certificate Authorities” in the Certificate Manager then select “Certificates”
- Hunt for items with the “Superfish Inc.” name and delete them. When the Certificate Manager asks that you want to delete them, click Yes.
Remove Superfish certificates from Firefox, Thunderbird and other Mozilla software
Mozilla operates a separate certificate store for Website certificates rather than using the Windows Certificate Store. Here, you would have to interact with each Mozilla program separately to remove the certificates.
- Open Firefox and, if the address bar and toolbar isn’t visible, click on the orange Firefox button.
- Select the Settings drawer with the three lines, then click on the Options gearwheel, then click on the Advanced gearwheel.
- Select the Certificates tab and click or touch the View Certificates button.
- In the Certificate Manager screen, select Authorities
- Hunt for “Superfish Inc” and select that certificate
- Click the Delete or Distrust button and click OK to delete the Superfish certificate from Mozilla’s certificate store.
Restart your computer
Immediately, restart your Lenovo computer as you would normally do.
This may be a tipping point for manufacturers to be part of a feedback loop when it comes to the software they supply with computers especially those that are sold to home and small-business users. It involves a requirement to test the software for vulnerabilities before packaging it for installation.
It will also become a time to question the practice of supplying third-party-supplied trial software and demoware with computers, especially notebooks, marketed to consumers.