Microsoft reports the progress of its Superfish hunt
The hubbub surrounding Superfish has died down in the news now, but that doesn't mean the problem has been eradicated. Not only has the fiasco hurt consumers it has eroded the reputation of computer maker Lenovo. To its credit the company acted quickly, working with Microsoft and Superfish to alleviate the problem and attempt to regain consumer trust.
Microsoft aided on the Superfishing trip by adding the Win32/CompromisedCert to its Malicious Software Removal Tool, which is included in all modern versions of Windows. Many customers likely don't even know this tool is there, as there is no icon for it. It will run on its own in the background, but a manual launch can be accomplished by accessing "Run" and typing "MRT".
The definition was added on February 19th and since then the instances of Superfish have fallen off. At the start, more than 60,000 computers were determined to be "infected". By March 4th that number had dropped to well under 10,000.
"Our cleanup targets Lenovo machines as this is the only place the vulnerable version of Superfish is encountered", states Microsoft's Geoff McDonald.
While the software wasn't intended to be malicious, it did display ads to people and, more importantly, left them vulnerable to man-in-the-middle attacks, even on "secure" connections.
According to the company, the problem stemmed from the framework being used -- Komodia. "Komodia was found to leave users vulnerable to attack and has since released a patch to vendors addressing the issue, however the delivery of the updates to end users relies upon the specific vendors who use the framework. Usually, HTTPS browser sessions are protected against man-in-the-middle attacks, however Superfish is able to intercept and modify secure browser sessions", McDonald explains.
This doesn't help those using Firefox or Thunderbird, as Mozilla runs its own root store trust. If you fall into that category then follow Lenovo's guidelines. For now, the problem seems to have come under control on the affected Lenovo PCs.