Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Superfish Still On Lenovo PCs
#1
http://www.extremetech.com/computing/200...th-removal
Quote:One of the most daunting challenges of any security problem in consumer software is the difficulty of distributing a patch to everyone affected. Unless the software is tightly locked down and updates are mandatory, there are inevitably users who slip through the cracks, fail to apply an update when told to do so, or rarely connect online. It was inevitable that Lenovo would run into some of these problems with Superfish, but the company appears to have done only the minimum required to actually pull the software off the shelves.

For example, while Lenovo may have stopped shipping Superfish in January, it didn’t actually do any recalls to prevent previously built systems from including the malware — which means, yes, it’s still perfectly possible to buy a laptop with Superfish, assuming it shipped out before Lenovo’s change of heart. The Lenovo removal toolkit also doesn’t quite work as advertised — while it does remove the Superfish certificate and close the man-in-the-middle attack, it leaves behind the Superfish executable, SuperfishCert.dll, and at least one registry setting related to VisualDiscovery.

Lenovo isn’t the first company to have a less-than-perfect uninstaller and it won’t be the last. But in situations like this, nailing every last corner case is particularly important. The company’s failure to recall the systems already in flight ensures that the impact of Superfish will last for months, as infected systems continue to propagate through the supply channel. Superfish, therefore, won’t just fade away without considerable action from consumers to monitor their own systems — and since infected users are likely less technical to start with, it could take years before the bug is completely cleaned out of the industry.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)