Lenovo and Superfish

Office for Mere Mortals helps people around the world get more from Word, Excel, PowerPoint and Outlook. Delivered once a week. free.


We’ve used Lenovo laptops for a long time, back when they were IBM computers. They are usually good machines with excellent keyboards, pricey but generally reliable.

So it’s with great dismay they we’ve been reading about Lenovo and the ‘Superfish’ software that was installed on some of their computers in 2014.

Superfish wasn’t ordinary loadware that comes, unwanted, on a new computer.  It intercepted secure certificates used for sending encrypted data over the internet (like secure web pages with the lock symbol).   Lenovo itself now admits “Superfish intercept HTTP(S) traffic using a self-signed root certificate.”  If similar software was installed, unbidden, on a computer it would be called a dangerous hack.

It took time and a public shaming but companies have acted.  McAfee and Microsoft’s own Windows Defender now detects Superfish and offer to remove it.

Microsoft and others are getting praise for doing this.  We’re not sure they deserve it, after all Superfish has been on computers for up to 6 months.  It was only when the problem become public knowledge that action was taken.

According to a Reddit post “I’m a software engineer on the Windows Defender team. A friend of mine sent me an email early yesterday morning that a friend of his from UC Berkeley had cracked the passphrase for Superfish cert. I forwarded this information to the researchers on my team as soon as I got in to work.

What to do

Only Lenovo customers between September 2014 and February 2015 need be concerned, though there might be stock still on sale.  Lenovo have a list of computers which might have Superfish.

If you have a Lenovo computer, you might not be satisfied with the company’s assurances (understandable).  You can check for yourself in several ways:

  • Use Windows Defender that comes with Windows. Make sure the virus and spyware definitions are up to date.  At least version 1.193.444.0 (we now have 1.193.493.0)Run at least a Quick Scan (a good excuse to run a full scan from the Home tab). If Superfish is detected, Windows Defender should remove it, root and branch.
    • As ArsTechnica reminds us, Windows Defender doesn’t always work right away. It’s kept inactive on new computers to keep computer and anti-virus companies happy.
  • There are several web pages that will detect Superfish and display a warning. They won’t remove the junk, but it’s a useful double-check.

They’ve released a partial uninstall tool here.  However that still leaves files and registry entries behind which Lenovo says are ‘benign’- as if customers are likely to believe them.

Firefox and Thunderbird users need to take additional manual steps to clear out Superfish.  Lenovo has the instructions for that.

Why did Lenovo do it?

The big unanswered question is why Lenovo chose to install Superfish on computers at all?

They now say the money involved wasn’t important, which is hard to believe.

Lenovo management must have known how Superfish worked and can’t be surprised that the “user feedback was not positive”.


Want More?

Office Watch has the latest news and tips about Microsoft Office. Independent since 1996. Delivered once a week.