Bravo! Windows Defender update fully removes Lenovo's dangerous Superfish malware

20.02.2015
Microsoft's stayed mum during Thursday's uproar about Lenovo installing dangerous, invasive "Superfish" adware on new PCs --adware that hijacks all secure HTTPS connections on affected PCs. But early Friday morning, Redmond quietly issued a sly condemnation of Lenovo's folly, updating its Windows Defender antivirus solution to eradicate both the adware itself and the rogue self-signed certificate that allows Superfish to compromise encrypted web traffic.

The update was first noticed by Cloudflare security engineer Filippo Valsorda, who also created the first website that checks to see if your computer is infected with Superfish. A Microsoft spokesperson confirmed that "Microsoft security software detects and removes the Superfish software from Lenovo devices."

Further reading: In a post Superfish world, it's time to hold PC vendors more accountable for adware. PCWorld is changing its review policies.

Windows Defender is Microsoft's homegrown antivirus solution, which is enabled by default in Windows 8. (Unless your PC vendor disabled it to activate a bundled AV solution by Norton, McAfee and their ilk, that is. If so, here's how to reactivate Windows Defender.) As the default security solution for Windows 8 users, Microsoft's bold move should go a long way toward killing off the Superfish threat.

The Microsoft representative's statement also indicates that Microsoft's separate Security Essentials tool for past versions of Windows should wipe out Superfish. Microsoft's free antivirus solutions are the most-used antivirus tools, protecting more than a quarter of all PC users, according to a late 2014 report by Opswat.

Other security programs may well eliminate the Superfish adware itself, but not the rogue certificates it creates in the Windows and Firefox certificate managers. Check out PCWorld's guide to completely eradicating Superfish to make sure you truly wipe this rotten, stinking fish off your PC. I'd suggesting walking through the steps even if you use Windows Defender, just to make sure the site-hijacking certificates are truly gone.

(www.pcworld.com)

Brad Chacos