Microsoft Addresses Lenovo's Superfish Adware with Security Updates, Successfully Cleans 250,000 PC's in a Couple Weeks
At the end of February, Microsoft released security updates to address the adware Superfish that came pre-installed on many Lenovo PCs. According to recently published statistics, the problem seems to have been brought under control, mostly by Microsoft's efforts.
The much-needed security update armed Windows Defender and Security Essentials antivirus with a new signature called Trojan:Win32/Superfish.A, which is essentially an automated script designed to sniff out and get rid of the rogue certificate associated with Superfish Visual Discovery. This means that, as longer your Windows Defender or Security Essentials database is up-to-date, Superfish and all of it's components should be automatically removed from your machine.
A screenshot of Windows Defender scanning Lenovo's Visual Discovery folder for the rogue certificate:
What Machines are At Risk?
About 50 different models of Lenovo consumer notebooks sold between the months of September 2014 and February 2015 came pre-loaded with Superfish, an ad-placing software that was eventually classified as adware and a security threat.There's been a huge backlash of controversy surrounding Lenovo's initial decision to include the software on their machines in the first place.
Screenshot of the list of Lenovo devices that shipped with Superfish pre-installed:
Superfish was supposed to make online shopping more convenient for users by serving more relevant ads. Ultimately, the software amounts to adware, and CERT has even warned consumers about the risks of leaving Superfish installed. If you'd like to learn more about Superfish vulnerability, check out Lenovo's Superfish summary/instructional advisory page.
Microsoft Spearheading the Cleanup Effort
While Lenovo had already posted a removal tool and guide on how to remove Superfish, Microsoft's decision to include a removal tool in their antivirus helped out hundreds of thousands computers running Windows. To be exact, according to a graph published by Microsoft in a recent blog post, since late February about 250,000 Windows PCs have had Superfish automatically removed from their operating system using Microsoft's tool.
As you can see, in the first few days of the cleanup Microsoft's new security signature facilitated the removal of Superfish on about 40,000-60,000 unique machines per day. In just 5 days, the update managed to restore security to the majority of the Lenovo machines still running Superfish. The removal effort began on February 20th, and by the 25th the number of automatic detections/removals had declined to only a few hundred per day.