Government Urges Lenovo Computer Owners to Remove Superfish Software

 / Updated 

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

The U.S. Department of Homeland Security on Friday advised owners of Lenovo computers to remove a software program known as "Superfish," which it said the world's No. 1 PC maker started installing on some machines as early as 2010. Homeland Security said in an alert released through its National Cyber Awareness System that the software made users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks. "Systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken," the agency said. Lenovo on Friday released a tool for removing Superfish from its computers. Microsoft has also updated its free Windows Defender and Security Essentials antivirus programs to sniff out and remove Superfish.

Superfish wasn't intended as malware. Lenovo has said it was designed to show targeted ads by analyzing images of products that a user might see on the web. "We thought the product would enhance the shopping experience, as intended by Superfish. It did not meet our expectations or those of our customers," Lenovo said in a statement Thursday. Lenovo did not disclose how many machines were affected, but said that only machines shipped from September to December of last year had been pre-loaded with the vulnerable software. Affected Lenovo products include laptops in its Yoga, Flex and MiiX lines as well as its E, G, U, Y and Z series, according to the company's support website.

IN-DEPTH

SOCIAL

— Reuters, The Associated Press and NBC News staff

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
MORE FROM news