Microsoft releases Defender update to remove SuperFish
Microsoft released an update to its Windows Defender anti-malware program on Friday to allow it to remove SuperFish. Lenovo supplied that malware as standard on its laptops and was in the news this week because of vulnerabilities.
Security researcher Filippo Valsorda discovered that Microsoft provided Windows Defender with definitions to recognize and remove SuperFish. This means that all Lenovo users who have enabled Defender in Windows are now protected from the malware.
Windows Defender version 1.193.444.0 will detect and remove Superfish AND the system cert http://t.co/3Jxz4HMqzQ pic.twitter.com/TqLMtiljuI
— Filippo Valsorda (@FiloSottile) February 20, 2015
As far as we know, Microsoft is the first anti-malware manufacturer to offer a solution against SuperFish. Incidentally, Valsorda notes that the update is not completely perfect. The certificate for Firefox remains intact, so tweets he. Mozilla has yet to come up with a fix for that. However, the certificate can be removed manually; Lenovo has put instructions online for this.
Last month it became clear that Lenovo was putting the SuperFish adware on its laptops. The software runs in the background and injects advertisements into websites with product image pop-ups. The manufacturer claimed that the adware “helps users find and discover products without knowing a product’s name or how to describe it in a text-based search engine.”
The malware turned out to be a serious security problem, it was announced on Thursday. To inject ads into https sites, SuperFish used a forged root certificate. Attackers can abuse that to inject a false certificate into an SSL connection to eavesdrop on the connection. To do this, they must first control an affected Lenovo customer’s Internet connection.
Users have never been put at risk by the SuperFish malware, which came bundled with multiple Lenovo laptops. The company behind the malware said in a statement Friday. Yet that claim is at odds with the findings of security experts. Lenovo promises to release a tool in a few days to erase all traces of the malware. The manufacturer already stopped supplying the malware in January.