What a mess.
I guess there is something to be said about “clean” OS installs…even for brand-spanking-new hardware.
What I find interesting in this particular event (now that the initial dust seems to have settled) are both the analysis of the threat created and the removal techniques; especially the manual removal process.
- Superfish Uninstall Instructions - Lenovo Support (US) – Automated tool and manual removal instructions from the folks who kindly made the mess to begin with.
- Lenovo redeems itself with open source Superfish removal tool – Betanews
- Lenovo and the Superfish fiasco - Malwarebytes Unpacked
- Removal instructions for Superfish - Malware Removal Guides and Self Help Guides - Malwarebytes Forum
- How to remove the Superfish malware: What Lenovo doesn’t tell you - Ars Technica
- Windows Defender now removes Superfish malware… if you’re lucky - Ars Technica
- Superfish: PC makers say crapware is for your own good [Updated x2] - TechBlog
- Superfish doubles down, says HTTPS-busting adware poses no security risk - Ars Technica
- Lenovo honestly thought you’d enjoy that Superfish HTTPS spyware - Ars Technica
- Man-in-the-Middle Attacks on Lenovo Computers – Schneier on Security
- Lenovo pre-installing Superfish adware on its notebooks, rendering them insecure [Updated x5] – TechBlog
- LEN-2015-010: Superfish Vulnerability - Lenovo Support (US)
Better bring an extra mop…