Microsoft and friends get Lenovo's Superfish scourge under control

Microsoft, Lenovo, and others in the PC industry have cleaned up Lenovo PCs with the Superfish adware pre-installed.
  • Ian Paul (PC World (US online))
  • 17 March, 2015 01:21

Microsoft says the Superfish adware that potentially exposed thousands of Lenovo PCs to man-in-the-middle attacks is well under control.

To battle the Superfish scourge, Microsoft added automated detection of the adware to its real-time protection products, such as Windows Defender and Microsoft Security Essentials. The company said in a blog post that it also shared Superfish detection data with its partners to further expand the Superfish cleanup, as Computerworld first reported.

Microsoft didn't release a specific count for the number of PCs rid of Superfish. But based on a graph the company published, it appears around 250,000 PCs had Superfish removed via the Microsoft-led effort.

At its peak around February 21--two days after the Superfish news broke--Superfish removals per day stood at 60,000. As of March 4, the number of daily removals was in the hundreds.

Microsoft's security tools were one of several methods that removed Superfish. Lenovo released its own Superfish removal tool, McAfee added Superfish removal to its security products, and we also reported on a manual method for removing the adware.

Why this matters: Superfish was a nasty little piece of software that Lenovo pre-installed on machines to serve ads to users in their browsers. The method it used to display ads, however, unwittingly exposed users to a vulnerability that made it easy for hackers to steal login credentials or observe web surfing activities. Fixing this gaping security hole was an urgent matter for users and it was excellent that Microsoft jumped on the issue as quickly as it did.

In the aftermath of Superfish, Lenovo vowed to eliminate all third-party bloatware from its PCs by the time Windows 10 rolls around.

Only Lenovo

Superfish was not a Windows-wide problem and only affected consumer-grade Lenovo PCs sold between September 2014 and February 2015. Lenovo halted Superfish installation on new Lenovo PCs in January. There is still a chance, however, that some Lenovo PCs sitting on store shelves are loaded with the adware.

If you recently bought a new Lenovo PC make sure your Windows installation is up to date. You'll also want to download Lenovo's Superfish removal tool and run it just to be safe.