One would assume that software preinstalled on a new PC is secure and has been properly vetted by the manufacturer. This is the case 99 percent of the time, but an exception has recently been discovered with the Superfish app, which came installed on new Lenovo computers sold between September and December of 2014. How can you protect your PC from this fishy security threat?
First off, if you have Superfish on any of your devices, whether it be a new Lenovo computer or other, you should cease using the app. The shopping-search app has been deemed to be a security threat by Errata Security, reporting that it’s capable of providing hackers with a user’s encrypted Web data, the likes of which include online passwords.
This risk applies to you whether you actually use the Superfish app or not. Just the app’s presence on your device is enough to warrant action for its removal. As soon as Lenovo learned of the threat, they disabled the app on systems that already had it installed. Although, you will still need to take action in the aiding of the removal process.
One way to remove Superfish from your PC is to go to Windows Control Panel > Programs > Uninstall a Program. Now, locate Superfish on the list of programs > select it > and click Uninstall.
However, going through the Windows Control Panel like this isn’t enough to remove all traces of Superfish from your computer. If you’ve ever tried before to remove preinstalled software on your PC (known as bloatware), you know from experience that it can be extra difficult to remove–we’re looking at you AOL.
To fully remove all traces of the Superfish app, Lenovo offers users a removal tool and instructions on their support page:http://support.lenovo.com/us/en/product_security/superfish_uninstall
This removal tool is thorough enough to fully rid your device of the threat posed by Superfish, but don’t think that you’re totally in the clear just because you’ve removed the app. You will now want to go into damage control mode and clean up from this super smelly fish. As is the case when learning about any known threat on your computer, it’s a good idea to immediately perform a virus scan, making sure that your anti-virus software has its definitions up to date–better safe than sorry.
An additional security measure that we recommend is to change the passwords for any online account you’ve accessed on the device from before Superfish was installed. This may feel like a bit of an inconvenience, but it’s the best way to protect your sensitive information in the event that a hacker has stolen your password. It should be noted that regularly changing your online passwords is a security best practice, so it’s good to get in the habit of doing this every few months, especially in light of the growing number of unforeseen threats like Superfish which seem to be extra prevalent these days.
One benefit from doing business with a managed services provider like PACE Technical Services is that we will remove all the bloatware and other unnecessary applications prior to installing the machine onto your company’s network.
For assistance removing Superfish from your company’s computers, and to take advantage of a free IT assessment to make sure that your network is safe from hidden threats such as this, contact the IT security professionals at PACE Technical Services.