The application known as Superfish Visual Discovery became widely discussed because of the associated security concerns rather than due to its features. Incidentally, the functionality built into said product is quite innovative as it is intended to provide users with a fairly unique capability of online searching by image instead of the conventional text queries. This idea, unfortunately, is being implemented in a way that has made security suites across the board detect Superfish as adware.
The newsmaking security issue called forth by the above-mentioned app has to do with Lenovo consumer PCs. Thousands of Lenovo laptops manufactured in the time span between September 2014 and January 2015 were shipped with Superfish pre-installed on them. This bloatware has since been causing users web browsing problems, displaying redundant advertising and product purchase suggestions on arbitrary sites visited from the infected machines. That’s merely the tip of the iceberg, though. The fact of the matter is the program interferes with the Trusted Root Certification Authorities on the target system. In particular, it installs a rogue certificate of its own, which then modifies the way SSL protected websites are presented to users.
What the app essentially does is it deploys so-called man-in-the-middle (MITM) attacks whenever HTTPS sites are accessed. This is being done in order to prevent the web browsers from raising red flags on the intercepted traffic. Whereas that scheme is allegedly used for malvertising purposes only, the trusted CA game played by Superfish poses additional risks as it opens up a gaping security hole and makes the computer potentially vulnerable to attacks by remote criminals.
Since this issue has attracted wide publicity in the press, urgent countermeasures were adopted by the industry. A number of security software vendors, including Microsoft and McAfee, have added Superfish to the virus signatures of their real-time detection products, such as Windows Defender and Security Essentials. This effort has shown remarkable results – the number of detected instances of Superfish has drastically dropped since late February. One of the hurdles to system remediation here, though, is the necessity to remove the unsafe digital certificate in addition to cleaning up the bug proper, which is not the case with the commonplace adware out there. At the end of the day, the Lenovo and Superfish case study is quite a food for thought regarding the possible security shortcomings of bundled software as a phenomenon.
via Examiner National Edition Gadgets & Tech Channel Articles http://ift.tt/1xAPSMC