Lenovo installing dangerous, invasive “Superfish” adware on new PCs that hijacks all secure HTTPS connections on affected PCs.
The biggest problem with Superfish isn’t the adware itself but the way it hijacks legitimate SSL traffic. It does so by installing a self-generated root certificate in the Windows certificate store and then resigns all SSL certificates presented by HTTPS sites with its own certificate.
In other words, Superfish conducts a man-in-the-middle attack and breaks the sanctity of HTTPS encryption. And simply removing the adware itself doesn’t remove the rogue root certificate.
Microsoft’s Windows Defender update (20 Feb) removes the adware and the rogue certificate from the Windows certificate manager, but not Firefox’s certificate manager.
Note: ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted.