In response to the news that Lenovo was shipping laptops pre-loaded with dangerous adware, Microsoft has updated Windows Defender to remove the Superfish adware. This is comes as a shock to some, who see Microsoft as a laggard in dealing with security issues. Getting this update up about 24 hours after the news broke is surprisingly quick. However, targeting a widely publicized security threat could help Microsoft improve their reputation regarding security issues.
Ed Bott of ZDNet confirmed the Windows Defender update by installing Superfish on his own computer. After updating Windows Defender to the latest definitions, it identified Superfish and the certificate it had created as security threats to be removed. It should be noted that Windows Defender only runs if there is no other antivirus software active on the computer. This is a problem because the Lenovo laptops that are infected with Superfish may have trial antivirus software setup that does not recognize Superfish as a threat.
Microsoft isn’t the only one to recognize the serious threat posed by Superfish. The United States Computer Emergency Readiness Team issued a statment on Superfish. In it they explain the nature of the threat posed by Superfish and how to detect if you are affected by it. US-CERT recommends removing Superfish. They also caution that simply uninstalling Superfish does not remove the certificate it created, and offer additional information on how to delete it.
As more and more tech sites, and now major security organizations like US-CERT, recognize this massive security threat caused by the Superfish software, Superfish’s insistence that it has done nothing wrong seems baffling. At this point most companies would admit to a mistake and try to move forward, like Lenovo has done, but Superfish’s CEO still claims that the software is not responsible for any security threat.
Are you impressed by Microsoft’s quick response to this issue? Leave your comments below.