Lenovo Superfish security hole: What you need to know -
We are all aware of the dangers posed to our security Internet browsers and computers by hackers and scammers, but it is generally safe to trust the companies that make the products we use, right? Unfortunately for the Chinese company Lenovo, one of the world's largest PC maker, that trust has been broken for customers worldwide - thanks to what has been considered the Lenovo Superfish security hole. According to the Los Angeles Times, it was discovered last week that Lenovo had shipped computers with pre-installed adware (also known as spyware) to consumers. Lenovo in partnership with a company called Superfish provide this adware, which it was intended to serve targeted ads to users as they were surfing on the Internet.
The problem? The Superfish software hijacked trusted certificates that websites use to connect to secure web browsers to deliver these targeted ads. This diversion certificates not only allowed the company to take the computer control of a person - it also allowed pirate all do it as well, in what is known as an attack "man-in- . the-middle "Naturally, this is a very big deal a hacker advantage of taking this vulnerability could access almost everything you do online -..? from bank to email
Who is affected by Lenovo Superfish
When news of this security flaw broke out, Lenovo said it would stop immediately for pre-installation of Superfish software on new computers. It also provided instructions for users . to remove the software from their machines However, some security experts are skeptical and urged those affected wipe all of their computers and start again. - install a copy of Windows directly from Microsoft, rather than Lenovo provides
How can you tell if your computer is affected? Lenovo said its ThinkPad line of computers are not in danger. Many other models are not in danger, but if you want to be sure, you can check for Superfish to your computer through a number of sites that have sprung up to tell you. That of Filippo Valsorda security consultant checks several vulnerabilities, and you can use it with each browser you have installed. Lenovo also released a list of machines that may have been affected.
Screenshot of Superfish Filippo Valsorda vulnerability test on one of our computers
Always be careful during the installation process
Lenovo Chief Technology Officer, Peter Hortensius, told the New York Times that adware was "opt-in". However, most people say they do not remember this alleged opt-in screen when configuring their computer. It's easy when all installation process, whether a new electronic toy or a new program, to want to click as fast as possible so you can start using right away. However, in doing so, it can be easy to miss a screen that lets you choose whether to install or activate a feature you do not want on your device. Pay special attention to the formulation of each screen as you navigate through the process of new devices or software installation, and make sure to uncheck or indicate that you do not want anything that looks suspicious.
If something does end up on your computer or browser that you do not want, do a quick Google search on his name before attempting to remove it. Adware / spyware is particularly adept at burrowing is deep, so you may think that you have removed all when in reality there is something on your computer that will continue to follow you.
Internet security software can help
one of the most frightening aspects of the Lenovo-Superfish security hole is that the spyware was buried so deep in the operating system the user, antivirus programs could not detect. Those who rely on their Internet security software to keep their computer safe might feel not so great on the effectiveness of these programs now. Although there is always the possibility that something might slip through the radar - or precede the radar, in this case - having a decent security program on your computer is better than letting completely unprotected. You can learn more about Internet safety programs the best software by reading our comments.
0 comments:
Post a Comment