What is the superfish SSL certificate and where did it originate

I recently bought a new laptop, every https:// connection I do to any site regardless of browser chain back to a root certificate issued by "superfish, inc". I have had a dig around but I can't seem to find the origin of the certificate and at no point did I authorise adding the "superfish" root certificate to my local certificate store.

My thoughts are that it could potentially be one of the pre-packaged security applications that came with the machine generating the certificates so that it can scan https:// traffic which I am not 100% comfortable with and at no point did I authorise it. I can't seem to find an affiliation with the superfish SSL certificate and any of the scanning software so I am a bit confused.

Has anyone else come across this, know where it came from and how I can remove this so that all my https:// traffic chain to their respective correct root certificates ? - apart from plucking it straight out of MMC.


Solution 1:

FYI, this Superfish software is now a major news headline.

It is preloaded by Lenovo (there may be other vendors). You have to uninstall it, but that will not remove the certificate(s). To remove the certificate(s), you must do the following:

  1. Run mmc.exe
  2. Go to File -> Add/Remove Snap-in
  3. Pick Certificates, click Add
  4. Pick Computer Account, click Next
  5. Pick Local Computer, click Finish
  6. Click OK
  7. Look under Trusted Root Certification Authorities -> Certificates
  8. Find any certificates issued to Superfish or Visual Discovery and delete them.
  9. Also check under Intermediate Certification Authorities -> Certificate

Note that if you have Firefox installed, you will have to clean up its certificate store as well (the above links are for IE/Chrome). See here: http://support.lenovo.com/us/en/product_security/superfish_uninstall

If you are really paranoid, the best solution would be to reformat your laptop and install Windows with Microsoft media, not the factory recovery tools.

Note that people are already attacking the Superfish certificate, so don't be surprised if you start to see malware that uses their certificate to cause havoc. If you have a Lenovo PC with this software, you should remove it ASAP.

Edit: Here are some more detailed instructions with pictures.

Solution 2:

Superfish is malware that performs a Man in the Middle attack on all your SSL traffic so it can inject ads, track traffic, insert affiliate tracking links .... and so on.

Because the Superfish crypto certificate is a root certificate it cannot be removed. Because Superfish shares their private key, expect to see signed malware by the end of the week.

This is a complete and total compromise of security of your Windows installation by Lenovo.