(Update: Amid much criticism for allowing the Superfish Bug to get as out of control as it did, Lenovo has recently released the means to remove it. For it to completely work, users need to uninstall Superfish and scrap the certificate from their browsers.)
Microsoft has updated its Windows Defender anti-virus software for Lenovo users to combat the Superfish bug. The bug leaves users on those branded devices open to man-in-the-middle attacks via Superfish’s WindowShopper adware which was installed on laptops.
Man-in-the-middle attacks allows for attackers to gain access to access to a computer and monitor/intercept communications. From there, the attacker can inject their own messages to either of the victims involved in communications. What the latest update to Windows Defender does is root out the bug, reset SSL certificates altered by Superfish, and allow for the OS to be in a functional state.
As expected there has been a good amount of backlash toward Lenovo for installing Superfish’s adware and failing to combat it on its own. By being unable to put the genie back in the bottle the company has been made to look incompetent and a guilty party in the process since Microsoft had to step in and handle things.
With the Superfish Bug hitting many Lenovo users, it’s likely companies will look more closely at including pre-installed software as there is a risk there that no one wishes to take the wait and see approach to. Also most of this pre-installed software would be uninstalled by the user anyway.