Microsoft’s stayed mum during Thursday’s uproar about Lenovo installing dangerous, invasive “Superfish” adware on new PCs —adware that hijacks all secure HTTPS connections on affected PCs. But early Friday morning, Redmond quietly issued a sly condemnation of Lenovo’s folly, updating its Windows Defender antivirus solution to eradicate both the adware itself and the rogue self-signed certificate that allows Superfish to compromise encrypted web traffic.
The update was first noticed by Cloudflare security engineer Filippo Valsorda, who also created the first website that checks to see if your computer is infected with Superfish. A Microsoft spokesperson confirmed that “Microsoft security software detects and removes the Superfish software from Lenovo devices.”
Further reading: In a post Superfish world, it’s time to hold PC vendors more accountable for adware. PCWorld is changing its review policies.
Windows Defender is Microsoft’s homegrown antivirus solution, which is enabled by default in Windows 8. (Unless your PC vendor disabled it to activate a bundled AV solution by Norton, McAfee and their ilk, that is—as Lenovo often does. If so, here’s how to reactivate Windows Defender.) As the default security solution for Windows 8 users, Microsoft’s bold move should go a long way toward killing off the Superfish threat.
The Microsoft representative’s statement also indicates that Microsoft’s separate Security Essentials tool for past versions of Windows should wipe out Superfish. Microsoft’s free antivirus solutions are the most-used antivirus tools, protecting more than a quarter of all PC users, according to a late 2014 report by Opswat.
Other security programs may well eliminate the Superfish adware itself, but not the rogue certificates it creates in the Windows and Firefox certificate managers. And one more warning: If you use Firefox, Windows Defender doesn't appear to wipe Superfish from the browser's independent certificate manager.
Check out PCWorld’s guide to completely eradicating Superfish to make sure you truly wipe this rotten, stinking fish off your PC. I’d suggesting walking through the steps even if you use Windows Defender, just to make sure the site-hijacking certificates are truly gone.
Update: Lenovo also said that it was working with McAfee to issue its own updates.
"We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies," Lenovo said in a statement issued Friday afternoon. "This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem."
Additional reporting by Mark Hachman This story was updated at 5:06 PM to add McAfee's participation.