What is the superfish SSL certificate and where did it originate

certificate ssl superfish

I recently bought a new laptop, every https:// connection I do to any site regardless of browser chain back to a root certificate issued by "superfish, inc". I have had a dig around but I can't seem to find the origin of the certificate and at no point did I authorise adding the "superfish" root certificate to my local certificate store.

My thoughts are that it could potentially be one of the pre-packaged security applications that came with the machine generating the certificates so that it can scan https:// traffic which I am not 100% comfortable with and at no point did I authorise it. I can't seem to find an affiliation with the superfish SSL certificate and any of the scanning software so I am a bit confused.

Has anyone else come across this, know where it came from and how I can remove this so that all my https:// traffic chain to their respective correct root certificates ? - apart from plucking it straight out of MMC.


Solution 1:

FYI, this Superfish software is now a major news headline.

It is preloaded by Lenovo (there may be other vendors). You have to uninstall it, but that will not remove the certificate(s). To remove the certificate(s), you must do the following:

  1. Run mmc.exe
  2. Go to File -> Add/Remove Snap-in
  3. Pick Certificates, click Add
  4. Pick Computer Account, click Next
  5. Pick Local Computer, click Finish
  6. Click OK
  7. Look under Trusted Root Certification Authorities -> Certificates
  8. Find any certificates issued to Superfish or Visual Discovery and delete them.
  9. Also check under Intermediate Certification Authorities -> Certificate

Note that if you have Firefox installed, you will have to clean up its certificate store as well (the above links are for IE/Chrome). See here: http://support.lenovo.com/us/en/product_security/superfish_uninstall

If you are really paranoid, the best solution would be to reformat your laptop and install Windows with Microsoft media, not the factory recovery tools.

Note that people are already attacking the Superfish certificate, so don't be surprised if you start to see malware that uses their certificate to cause havoc. If you have a Lenovo PC with this software, you should remove it ASAP.

Edit: Here are some more detailed instructions with pictures.

Solution 2:

Superfish is malware that performs a Man in the Middle attack on all your SSL traffic so it can inject ads, track traffic, insert affiliate tracking links .... and so on.

Because the Superfish crypto certificate is a root certificate it cannot be removed. Because Superfish shares their private key, expect to see signed malware by the end of the week.

This is a complete and total compromise of security of your Windows installation by Lenovo.

Related

Items in explorer not changing color when selected in Windows 10
Configure ssh-key path to use for a specific host
Many excludedportranges how to delete - hyper-v is disabled
Which lightweight HTTP or FTP Server is good for simple file transfer? [closed]
How can I run a program remotely via SSH but display locally
Use runas with a domain account on a non-domain machine in Windows 2k/XP/Vista/7
Apply styling and formating to XML in MS Word?
Escape non-printing characters in a function for a Bash prompt
Is it safe to use a regular marker (Sharpie, etc.) to write on a CD-R disc?
Emacs keybindings in zsh not working (Ctrl-A, Ctrl-E)
In Outlook 2013, is there a way to run AutoArchive immediately?
What is a word to describe a person who wears several masks?