Judy Mottl, Tech Times

The world's biggest PC maker is issuing a global mea culpa for plugging in an adware program into its consumer notebooks and now is going full force in helping those notebook owners disable the software called SuperFish.

"I have a bunch of very embarrassed engineers on my staff right now," said Peter Hortensius, Lenovo's CTO. "They missed this."

Lenovo is promising to issue an automated clean-up tool by the weekend and in the meantime is offering step-by-step instructions on its website for those wanting to uninstall the software and a related certificate immediately. Both the software and certificate need to be removed to stop the software from running.

In a note posted on its website Lenovo claims it put SuperFish on various notebook versions shipped between last September and January as a way to help consumers "potentially discover interesting products while shopping."

"However, user feedback was not positive," states Lenovo claiming it's responding "quickly" and "decisively" to that feedback by providing easy step-by-step illustrated instructions on how to disable SuperFish.

Not only was user feedback not positive, cybersecurity experts quickly claimed SuperFish posed a severe vulnerability and was tracking user activity and behavior as it broke encryption between browsers and sites that could be handling users' confidential information.

"The SuperFish software undermines Internet security for the rather ridiculous purpose of serving advertisements," said Rainey Reitman, director of activism at the Electronic Frontier Foundation.

"It's a severe security issue, and frankly a betrayal by Lenovo of all of its affected customers."

For its part Lenovo claims the server side aspect to SuperFish was disabled in January on all products,  is no longer active and that it stopped preloading the adware in January. It also promises to not preload it any time in the future.

"We know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software," states Lenovo, adding it will continue to assess what it does in the future with pre-loaded software to ensure that it puts users priorities, needs and experience first.

In its note Lenovo says SuperFish was not intended as a way to track or profile user activity and that it did not record user data. The goal, it claims, was purely enhancing the computing experience.

In addition to providing the six-step process for disabling SuperFish Lenovo offers up a link for users who "still wish to take further action." It also lists out the potential models that SuperFish may reside which includes dozens of models from the G, U, Y, Z, S, Flex, MIIX, YOGA and E series computers.

For those wishing to determine if their Lenovo device has SuperFish installed and those wishing to uninstall can click follow these instructions.

Step 1. On Windows 8.1, Open Search

Step 2: Search for "remove programs" and select "Add or remove programs"

Step 3. In the list of installed items, locate "SuperFish Inc. Visual Discovery".

If you do not find an item with the name "SuperFish Inc. VisualDiscovery,", you do not have the application installed.  You should still follow the next guide for "How to remove the SuperFish certificate."

Step 4:  Select "Uninstall." The uninstall will take several seconds.  When the uninstall completes, it will automatically be removed from the list of installed programs.

Step 5: After confirming the removal of the application, follow the following steps for "How to remove the SuperFish certificate."

Lenovo said it is very important to delete the certificate even though the application itself has been removed.

Step 1: On Windows 8.1, Open Search

Step 2: Search for "Certificate".  Select "Manage computer certificates".

Step 3: When prompted by Windows, "Do you want to allow this program to make changes to this computer?", select 'Yes'

Step 4: The certificate manager window should appear.  On the left hand panel, select "Trusted Root Certificate Authorities" followed by the sub-folder "Certificates".  On the right panel, find the item with the name "Superfish, Inc.".

Note: If you do not find an item with the name "SuperFish Inc." the certificate is not installed.

Step 5. Right click on the item labeled "Superfish, Inc." and select 'Delete'.  On touch systems, you may select the red 'X' in top toolbar.

Step 6. When prompted by Windows to confirm the deletion, select 'Yes'.  The certificate should now be removed.

Step 6. Restart device.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Lenovo Laptops Adware Advware Removal Superfish
Join the Discussion

Related Article