Lenovo is trying hard to fix its tarnished image by releasing an open source Superfish software and certificate removal tool.
According to security researchers, an adware program called Superfish, which opens computers to cyber attack, was pre-installed on some Lenovo laptops. However, according to PCWorld, Superfish is using a flawed mechanism that is also being used in other software programs.
What's even worse, according to PCWorld, is that the Superfish Visual Discovery software installs a self-generated root certificate into the Windows certificate store and then resigns all SSL certificate presented by HTTPS sites with its own certificate - this can be defined as a classic man-in-the middle attack. Hackers can potentially use this weakness to steal sensitive data such as banking details or simply observe users web surfing activities.
It is said that this matter damaged Lenovo's image beyond imagination. The Chinese tech-giant is now trying to amend its reputation by releasing an official open source Superfish removal tool under the Mozilla Public License today, Feb. 21, BetaNews reported.
Lenovo says, "We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday. Now we are focused on fixing it."
Besides the manual removal instruction available online, Lenovo released an automated tool in order to help users remove the software as well as certificate. You can download the tool here.
According to a statement issued by Lenovo, their team is currently working with McAfee and Microsoft to curtail the Superfish software issue and quarantine the set-up. A lot of work in this direction has already started and is expected to address the vulnerability concerns even for users who are not so familiar with the issue until now. Ever since the problem surfaced, Lenovo was quick to have it removed using their industry-leading tools and technologies. The Chinese tech giant claims it was unaware of this probable security defect and assures consumers that they are focused on fixing it.
Lenovo said in the statement that this issue in no way affects its ThinkPads, tablets, desktops or smartphones or any other enterprise server or storage device for that matter.
Lenovo deserves credit for not only acting fast but also offering an open source tool for removing the adware. Let us know what you think in the comments below!