Microsoft reports the progress of its Superfish hunt

2 Comments

sf2

The hubbub surrounding Superfish has died down in the news now, but that doesn't mean the problem has been eradicated. Not only has the fiasco hurt consumers it has eroded the reputation of computer maker Lenovo. To its credit the company acted quickly, working with Microsoft and Superfish to alleviate the problem and attempt to regain consumer trust.

Microsoft aided on the Superfishing trip by adding the Win32/CompromisedCert to its Malicious Software Removal Tool, which is included in all modern versions of Windows. Many customers likely don't even know this tool is there, as there is no icon for it. It will run on its own in the background, but a manual launch can be accomplished by accessing "Run" and typing "MRT".

The definition was added on February 19th and since then the instances of Superfish have fallen off. At the start, more than 60,000 computers were determined to be "infected". By March 4th that number had dropped to well under 10,000.

"Our cleanup targets Lenovo machines as this is the only place the vulnerable version of Superfish is encountered", states Microsoft's Geoff McDonald.

sf1

While the software wasn't intended to be malicious, it did display ads to people and, more importantly, left them vulnerable to man-in-the-middle attacks, even on "secure" connections.

According to the company, the problem stemmed from the framework being used -- Komodia. "Komodia was found to leave users vulnerable to attack and has since released a patch to vendors addressing the issue, however the delivery of the updates to end users relies upon the specific vendors who use the framework. Usually, HTTPS browser sessions are protected against man-in-the-middle attacks, however Superfish is able to intercept and modify secure browser sessions", McDonald explains.

This doesn't help those using Firefox or Thunderbird, as Mozilla runs its own root store trust. If you fall into that category then follow Lenovo's guidelines. For now, the problem seems to have come under control on the affected Lenovo PCs.

2 Comments

2 Responses to Microsoft reports the progress of its Superfish hunt

Got News? Contact Us

Recent Headlines

We're not going to deal with today's IT admin issues with yesterday's technology

AI-powered data management: Navigating data complexity in clinical trials

Workforces need the skills to defend against AI-enabled threats

Overcoming real-time data integration challenges to optimize for surgical capacity and better care

From Windows XP to Windows 10 -- How Microsoft's end-of-life nag screens have changed

Pour one out for the Linux homies: Fedora 40 released

Phishing attacks up 60 percent driven by AI

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

20 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

17 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.