Superfish Malware Can Now Be Removed By Windows Defender — UPDATE

Updated on

Lenovo suffered a PR bloodbath on Thursday when news swept the web that the PC giant had pre-installed dangerous adware called Superfish on hundreds of thousands of consumer PCs. The Chinese electronics giant played damage control the best it could yesterday, and as reported by ValueWalk, the company announced that it was no longer installing Superfish on its devices nor would it again in the future.

According to Ed Bott of ZDNet, Microsoft released the latest definitions for its Windows Defender software on Friday, February 20th, and the new malware definitions detect and remove Superfish and the root certificate. Bott decided to install Superfish on a test system to confirm Microsoft’s claim. He let the system automatically update the next day, and Defender did detect Superfish. Following the cleanup and restarting, Bott says he confirmed that the offending Superfish root certificate was gone.

Bott notes that Microsoft has recently come under fire for its slow responses to numerous security flaws in Windows, but says that “this case is qualitatively different in that the offending code isn’t a part of Windows and doesn’t require extensive testing.”

Windows Defender might not remove Superfish on Firefox or Chrome

Keep in mind that Windows Defender won’t scan Mozilla Firefox, which has its own certificate store. Bott noted that after the Defender cleanup, the potentially dangerous Superfish root certificate was still installed in that browser and would have to be removed manually. He also points out that his test system didn’t have Google Chrome installed, so he could not confirm whether it also requires manual removal of the root certificate.

Bott says he has checked in with Mozilla and Google tech support regarding their plans to assist impacted users in removing the potentially dangerous Superfish certificates, but he has not had a response from either firm as of early Friday afternoon.

Update from Lenovo

Lenovo released a new statement on Friday about Superfish: “1)      In addition to the manual removal instructions currently available online, we have released an automated tool to help users remove the software and certificate.  That tool is here:

2)      We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies.  This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem.”

Leave a Comment