Table of Contents Categories
  • Malware
    •   Encyclosphere.org ENCYCLOREADER
      supported by EncyclosphereKSF

    Superfish

    From Conservapedia - Reading time: 2 min

    Superfish was an advertising company which operated from 2006-2015. Their name has become better recognized by the software they used to accomplish their goal. They released a piece of computer adware, "Superfish" (also called "Windows Shopper") which would reside on local client computers and insert advertisements on web pages they viewed.[1] They reported that it offered "visual search" service.[2]

    Concerns[edit]

    Advertisements[edit]

    An obvious concern of many people have about Superfish is that it inserts unwanted advertisements on web pages. Browsing space is wasted, pages take longer to load, more internet data is transferred, and the user gets no compensation. It is a pest in this way, and does not benefit users.

    Privacy[edit]

    Set up as a "man-in-the-middle," Superfish is able to collect a great amount of private information. Almost all Internet traffic was routed through it, and this traffic was analyzed to facilitate targeted marketing. It was not always clear who was getting this information, how much information they were getting, and how else this information was being used.[3]

    Security[edit]

    A greater concern about Superfish is that it inserts a root certificate into the Windows certificate store, and has all SSL (secure browser traffic) communication signed using that certificate. This is by definition a "man-in-the-middle" attack. This enables Superfish to insert advertisements on secure pages, regardless of which browser is being used. However, this also potentially puts the users' information at risk. Since SSL-transferred data is not being encrypted as intended, malicious parties may have less difficulty interpreting data exchanges which were intended to be secure. In other words, secure activity such as online banking is made easier to compromise.[2][4][5]

    Superfish and Lenovo[edit]

    The computer manufacturer Lenovo, formerly owned by IBM, gained unwanted attention in 2014. They were intentional installing the Superfish adware on their new laptops, without the buyers' consent. As the public became more aware of the problem, third-party software which removed superfish from Lenovo laptops became more popular. However, damage was done to Lenovo's public image and user data was (and in some cases, still is) put at risk. Every Lenovo device seemed to use the same weak RSA key, which means that if attackers could compromise one person's data, they could use the same exact method to compromise the data of any (and all) other Lenovo users.[2][4][5]

    References[edit]

    1. https://www.symantec.com/security_response/writeup.jsp?docid=2015-022009-1243-99
    2. 2.0 2.1 2.2 http://www.pcworld.com/article/2886278/how-to-remove-the-dangerous-superfish-adware-presintalled-on-lenovo-pcs.html
    3. http://www.2-spyware.com/remove-superfish.html
    4. 4.0 4.1 http://www.pcworld.com/article/2886357/lenovo-preinstalls-man-in-the-middle-adware-that-hijacks-https-traffic-on-new-pcs.html
    5. 5.0 5.1 https://www.cnet.com/news/superfish-torments-lenovo-owners-with-more-than-adware
    This article is licensed under CC BY-SA 3.0.
    Original source: https://www.conservapedia.com/Superfish
    Status: article is cached
    Encyclosphere.org EncycloReader is supported by the EncyclosphereKSF