Author: Peter Bright

First the good news. Microsoft today released a signature update for Windows Defender, the anti-malware software that’s built in to Windows, to enable it to both detect and remove the Superfish malware that Lenovo installed on some systems.

Defender’s removal process seems to be quite robust, both uninstalling the software and removing the dangerous certificate that Superfish installs. However, it doesn’t appear to clean any contaminated installs of Firefox or Thunderbird; for that, you’ll want to check out our manual removal instructions.

Uh oh…

2 more images in gallery

Now the bad news. While Windows Defender is supplied as part of Windows and works well enough, Microsoft gave it some rather strange behavior as a concession to third-party anti-malware vendors. If a third-party anti-malware product is installed, Windows Defender will automatically disable itself. Many Lenovo systems include trial versions of anti-malware software; during the duration of these trials, Windows Defender will be inactive.

If you have a Lenovo system that includes the Superfish malware, you’ll want to remove it. Blowing away your system and reinstalling Windows is one way to do this, but while it’s a relatively straightforward process, it’s a time-consuming one. Using Lenovo’s own restore image won’t work, because that will probably reinstate Superfish anyway. Performing a clean install from Windows media will work, but you’ll have to reinstall all your software and restore all your data from backup to do the job fully.

An alternative is to remove the malware itself. Lenovo has published instructions, but at the time of writing, they’re woefully inadequate. Lenovo’s instructions describe how to remove the advertising software, but unfortunately, it doesn’t address the important bit: the gaping security vulnerability. Update: Lenovo’s instructions are now much better, including all the steps we listed here, describing clean-up of both the Superfish software and the security flaw it creates. The company is going to be releasing an automated clean-up tool, too, for those uncomfortable with making the changes manually.

The Superfish root certificate can be used to create certificates for any domain, and those certificates will be implicitly trusted by the browser on any Superfish-infected system, leaving victims vulnerable to man-in-the-middle attacks. To fix this, the certificate itself needs to be removed.

A little over five years ago, Google unveiled SPDY, a new protocol that it positioned as a more secure, better-performing replacement for hypertext transfer protocol (HTTP), the communication protocol on which the Web is built.

Today the company announced that it would soon be removing SPDY support from Chrome. That’s because the Internet Engineering Task Force (IETF) has been working to update HTTP to produce HTTP/2, an updated revision of a protocol that has not seen any major changes since its introduction in the early 1990s.

SPDY’s major goals were to reduce latency and improve security. To reduce latency, it included support for multiplexing—making multiple requests and responses over a single connection, with prioritization for different requests—and for security, it makes the use of TLS compulsory.