Lenovo to automate Superfish bloatware removal
Vulnerable adware will be removed automatically from Lenovo PCs
Lenovo has announced that it will release an automated tool to remove the Superfish Visual Discovery adware from its consumer PCs.
The Superfish adware was considered by security experts to have created a major security problem through the use of ‘fake' certificates that allowed Superfish to plant adverts in secure websites and allowing it to spy on secure traffic between browser and server.
The adware had been intended as a technology to help users find products on the web, although it mainly served up unwanted advertising, and the security vulnerability was discovered later.
Superfish was pre-installed on Lenovo laptops, a common practice among hardware vendors to generate extra revenue from loading trial versions of applications on new PCs, and then taking a cut of any full subscriptions that users might buy. The installed software is variously described as 'bloatware', 'crapware' or 'junkware', and is unpopular with PC users.
Lenovo is working with antivirus vendor McAfee and Microsoft to automate the removal or quarantine of Superfish for users that aren't aware of the problem.
"We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies," Lenovo said in a statement. "These actions have already started and will automatically fix the vulnerability even for users who are not currently aware of the problem."
Microsoft has already issued an anti-malware signature for its Windows Defender and Security Essentials programs, to remove Superfish from systems running those applications.