Thursday, February 26, 2015

Superfish Bites

I LOVE Sushi.  Fish is one of my favorite foods.  However Superfish is totally evil, and should be outlawed.  It's even WORSE than the Snakehead, an invasive fish (the world record was caught a few miles from my house in Aquia Creek).

For those of you who don't know what Superfish is, it is a Windows program that INTERCEPTS YOUR HTTPS TRAFFIC.  It is installed on new Lenovo laptops, including my wife's, to give a better advertising experience.  The end result however is INSECURITY, and an even slower browsing experience (making it next to useless at times).

Those of you who know me know that I typically use Linux.  I try to avoid Windows whenever I can, having been bitten repeatedly over the years.  At Christmas, I bought a  Lenovo laptop for my wife so she could work with "official" Microsoft Windows and "official" Microsoft Office.  It was fairly inexpensive and came with the latest Windows 8.1  However, it seemed a bit slow and Win8 is a challenge (I'm being nice).

Last week, this new laptop needed to be rebooted to install updates.  After reboot, browsing was DEAD.  It could not load ANYTHING.  Powershell could ping sites by name so 1) TCP/IP worked, and 2) DNS worked.  I found some obscure powershell commands to reset the network stack and things seemed to be OK. However this week I saw the CERT article about Superfish on Lenovo.  Oops, that's what we have.

I called Best Buy and spoke with Geek Squad who wanted $199 for spyware removal ON A BRAND NEW LAPTOP.  As a result, I've spent about 3 hours of my time (billable at over $100/hour) fixing this problem.  This is like buying a new, computer-controlled stove only to find that the front-left burner won't work, and having the store REFUSE to fix it because its a software problem from the vendor.

Today (snow day), I finally got Superfish removed.  Total time reading about it and removing it: approx. 3 hours (or equivalent to what we paid for the laptop in the first place).

For more info see this post:  CERT.GOV

Apparently, today was hacked because of anger over Superfish, see this page.

Also somehow this new laptop has Taplica, a browser-hijacker that took over the home pages on both Chrome and MSIE.  Yet more crap to remove!

Did I mention that I really don't like Windows......

Please use Linux or Mac.  Some versions I recommend:

  Fedora - Free Linux distribution sponsored by Red Hat
  CentOS - Free Linux for enterprises also sponsored by Red Hat (or use RHEL)
  Ubuntu - Free Linux, very good for desktops and general browsing

BTW, this was posted from our Lenovo T60 (formerly IBM T60) which is 5+ years old, runs Fedora 20, and has a solid state drive. It survived a 3 foot fall from the table to a hard floor during the 2011 VA earthquake (pre-SSD).  Its browser worked, so I was able to look up all the obscure commands and removal instructions necessary to fix the BRAND NEW Windows 8.1 laptop from Best Buy.

Why Lenovo? They made the IBM stinkpads for years before buying the line from IBM.  I've had two IBM stinkpads at work (first was a 486).  They were great and lasted forever (well beyond when corporate wanted us to turn them back in).  Will's college laptop was a Lenovo, and I purchased the refurbished T60 from (RIP) and it still works very well....  Good products, but made in China.

No comments:

Post a Comment