Superfish and Root Certificates
Many Lenovo customers are getting a first-hand education (very unwillingly) in what happens when you have an untrusted party hijack a root certificate. For a fuller account of Superfish, please read our article by K. Paul Mallasch on the subject. For our purposes, here are the major points:
- Although removing the Superfish program is a phenomenally good idea, the serious security issue caused by Superfish is NOT resolved by simply uninstalling the software – you MUST disable the root certificate installed by Superfish or your system will still be vulnerable.
- The Superfish certificate will contain the phrase “Superfish Inc. VisualDiscovery” or just “VisualDiscovery” – SSL.com suggests you disable any and all entries in your root certificate store with these phrases included.
Removing or Deleting a Root Certificate
Click here for instructions on deleting a root certificate in Firefox.
Click here for instructions on deleting a root certificate in Internet Explorer.
Click here for instructions on disabling a root certificate in Microsoft Management Console.