Superfish

[LunarMist]

What do the learned SF members think about this? https://www.us-cert.gov/ncas/alerts/TA15-051A
The only Lenovo we have a is a few years old, so it should be OK.

 

[CougTek]

We've purchased a few tens of Thinkpad T series in the past 6 months or so. I should have already verified that they weren't infected, but I haven't found the time yet. I hope they're not. On the positive side, the adware is apparently fairly easy to remove.

 

[ddrueding]

Windows Defender should remove it automatically now, and Lenovo released a dedicated removal tool, including source code and license.

 

[Chewy509]

Out of interest, how many of you are just using the OEMs installation on mass deployments and not your own OS image? If you were using your own, then crap like this should never be an issue...

 

[ddrueding]

OEM install here. Machines are ordered in small enough volume and short enough notice that I can't sufficiently standardize hardware.

 

[Mercutio]

I work from system images. Since my normal practice is to buy the cheapest hard disk on any laptop I buy, I don't think I've even used the original hard disk on anything I've deployed I the last three years.

 

[Striker]

The T series don't seem to be affected.
http://support.lenovo.com/us/en/product_security/superfish

You can apparently test for the vulnerability here:
https://filippo.io/Badfish/

 

[ddrueding]

Looks like all their higher-end units were omitted.

 

[Tannin]

Massive egg on face for Lenovo. I had one infected machine, but Bullguard picked it up before it left my workshop. I assumed it was a false positive at the time - you wouldn't ever get spyware pre-installed on a Thinkpad, the sky would fall first, yes? - but I let Bullguard remove it 'coz it seemed like a useless add-in anyway. Lucky I did!

 

[Mercutio]

So, how 'bout that Comodo-affiliated tool that completely breaks SSL?