Superfish is an adware product preinstalled on new Lenovo Windows laptops that has a security vulnerability which could allow sensitive user data to be at risk, according to CNet. Superfish can leave holes in encrypted connections that malicious software or other hacking techniques could leverage for attacks.
Windows Defender will uninstall Superfish automatically when Defender is updated. It will also take care of any malware that might have come onboard as a result of any security breaches. Microsoft has also said that its Security Essentials tool will also remove Superfish, according to PC World.
PC World warns that, except for the Microsoft products, other antivirus programs may remove Superfish but may not update the security certificates it ruins. It's better to err on the safe side, so use PC World's guide to eradicating Superfish if you have a Lenovo Windows laptop.
McAfee lists the Superfish software as a Trojan and has included Superfish's removal in its product updates. It is unclear whether the McAfee solution will repair security certificates.
In addition to working with Microsoft and McAfee, Lenovo has set up a web page with its own tools to address the Superfish vulnerability.
For its part, Superfish claims that its software "does not present a security risk," as quoted from PC World. However, their statement contradicts US-CERT, which called the product "spyware." US-CERT, which stands for United States Computer Emergency Readiness Team, is a government cybersecurity agency within the Department of Homeland Security. The US-CERT website also provides resources with detailed information about removing the Superfish software.