Is your computer Lenovo? We all know that computer manufacturers earn enough money not only from device sales but also from software and services they promote.
The built-in programs that come with the system work with machines search or make a specific search engine the device's default. We've also seen too many companies put a bunch of other shortcuts from third-party websites and services on the desktop.
The technology community calls them crapware and it seems the name matches perfectly, as no one needs these offers on its devices.
Η Lenovo confirmed recently that it launches consumer devices containing Superfish, a well-known adware. This particular version of Superfish analyzes the images displayed on the Internet, looking for matching bids from a database to display offers to the user.
According to the Lenovo official forum, the system does not collect information about the company's customer profile and does not record information.
Technology Superfish technology collects exclusively contextual images rather than behaviors. It does not monitor the profile or behavior of users. It does not record user information. He does not even know who the user is. Each session is independent. When using Superfish for the first time, the Terms of Use and the Privacy Policy are presented to the user, and there is a choice of not accepting these terms that results in the disabling of Superfish.
It doesn't sound bad, but installation του Superfish στις συσκευές Lenovo εγκαθιστά επίσης και ένα certificate root certificate in the Windows certificate store that does all HTTPS connections vulnerable. The certificate shares a private key between all installs and uninstalls of Superfish and is not removed.
Delete the Superfish Certificate
If you have a Lenovo device, check if the certificate is installed on your device. If you see it you can remove it by following these steps:
- Press the Windows key and R (Win + R) together.
- Type certmgr.msc in the RUN window that will open and press enter. A Certificate Management window opens.
- Use the folder structure from the left and go to Trusted Central Certification Authorities / Certificates.
- Look for a certificate from Superfish Inc.
- If it exists, right-click on the certificate and choose Delete to remove it.
The addition of crapware from PC makers to earn money slows down the computer and we have seen examples of many of them running immediately with the boot up of the system.
It takes time and effort to remove them. But Lenovo went one step further. Not only does it install Superfish on its ad promotion systems but it also adds a root certificate to the system, sharing it makes your system much more vulnerable to man in the middle attacks.