In the wake of Superfish, there seems to be a BP oil spill-like taint on the Lenovo brand in the eyes of many consumers. Trust was lost, images were tarnished and the MacBook-toting crowd began their chants of superiority. Unfortunately, Lenovo didn’t just ruin their name alone, as with most things that go wrong with PCs (usually driver related), Microsoft was run through the ringer for this as well. Questions of whether or not Microsoft’s licensing policies lead to this sort of OEM greed or should Microsoft have built a better system to avoid this type of tampering, etc.
While Microsoft hasn’t publicly positioned itself in this debate, they are quickly and quietly helping to clean up the mess Lenovo made. In March, Microsoft security added two more families to their Malicious Software Removal Tool: Win32/CompromisedCert and Win32/Alinaos.
Win32/Alinaos is a family of Trojans whom target point-of-sales (POS) terminals in order to capture credit card information. By adding Win32/CompromisedCert Microsoft was able to detect these occurrences and also the famed Superfish. Today, Microsoft security is reporting on how the clean up is going and giving us few more details about Superfish.
Since the discovery of Superfish Microsoft and Lenovo have been working together to add detection and apply a root repair solution for all Superfish incidents on their products since February 19. In order to speed the clean up process along in the industry, Microsoft also shared their guidance reports through their MAPP and VIA partner programs. Since Lenovo laptops were the only ones targeted, the clean up effort has been focused on them and Superfish vulnerability. Below is a graph of how effective the partnership and reporting has been in combating the man-in-the-middle (MiTM) exposing and ad-injecting application.
For the record, that’s some 60,000 computers infected with Superfish in February down to a negligible couple hundred in March thanks in part to Microsoft. Just as a refresher:
Through Komodia, Superfish installs the same public root certificate for each install and embeds a private key to re-sign content on-the-fly. This also means the corresponding private key that is used to sign the content is publicly known for all affected users. This has several important security implications and is being tracked under the vulnerability identifier CVE-2015-2077.
Superfish-affected users could have their HTTPS traffic decrypted, modified, or sessions hijacked through man-in-the-middle attacks. Even if the server connection appears secure and verified, personal data and passwords could be decrypted and stolen from a number of otherwise secure web services, such as banking, social media, and email websites.
Microsoft is suggesting that users run an up-to-date real time security product. Fortunately for those who run Windows 8 or 8.1 (even in the Technical Preview) there is built in Windows Defender which will act as that real time security product, free of charge. For those still clutching to their Windows 7 and Vista machines (just harmless ribbing) users can install Microsoft Security Essentials in order to help better protect themselves from Superfish as well as other attacks. Microsoft also addresses those who use Mozilla products such as Firefox or Thunderbird, “Since Mozilla manages its own root store trust, our update does not address the issue in Mozilla Firefox or Thunderbird. Users running Mozilla Firefox or Thunderbird are recommended to follow Lenovo’s recommendations to repair the Mozilla trust cache once Superfish has been removed from your machine. Mozilla Firefox also released a hotfix, so users are recommended to update Firefox.”
In any advent, it looks like Superfish is being combated and removed as quickly as it was applied, and that’s a good sign for Microsoft’s image and the industry as a whole.Further reading: Advertising, Lenovo, Malicious, Microsoft, MiTM, Security Essentials, Software, Superfish, Tool