Bitdefender has updated its Adware Removal Tool to remove the Superfish root certificate shipped with Lenovo computers. The self-signed root certificate behaves in much the same way as a man-in-the-middle attack, as it could allow the E-commerce Service (Superfish) to collect any type of data sent over secure channels.
By injecting ads into webpages and search engine results, Superfish behaves like a potentially unwanted program (PUP) or malware. The Bitdefender removal tool is designed to remove the root certificate and prevent further ads or man-in-the-middle operations. It also disinfects drivers or executables that have been affected by the malware.
It’s unacceptable to install root certificates that allow an ad company to collect sensitive data over secure web connections. It is also morally questionable to have hidden pre-installed adware on computers, so both vendors and third parties can secretly profit from customers.
From a security standpoint, the implications of this type of root certificate combing even through secure web traffic is not only worrying, but it also raises the question: How long has the certificate been there and what type of data has been collected?
Adware and aggressive adware have been irking users for years with annoying popups and unexpected redirects to shady search engines. The fact that it now comes pre-installed with other bloatware on freshly purchased computers is probably not the best way to increase customer loyalty.
Anyone who has purchased a Lenovo computer over the past two years is strongly encouraged to download the updated Bitdefender Adware Removal Tool utility to sanitize their computers from the Superfish root certificate.