What with Lenovo’s widely-misunderstood effort to give consumers more choice by overriding their security settings, your newsfeed is likely chock-a-block with references to “root certificates” and suggestions to remove or disable the one which Superfish uses to do its groovy thing. SSL.com wants you to have the knowledge you need to remove or disable any unwanted certificate. Below you will find instructions for removing a root certificate in Firefox, Internet Explorer or via Microsoft Management Console (or MMC).
Superfish and Root Certificates
Many Lenovo customers are getting a first-hand education (very unwillingly) in what happens when you have an untrusted party hijack a root certificate. For a fuller account of Superfish, please read our article by K. Paul Mallasch on the subject. For our purposes, here are the major points:
- Although removing the Superfish program is a phenomenally good idea, the serious security issue caused by Superfish is NOT resolved by simply uninstalling the software – you MUST disable the root certificate installed by Superfish or your system will still be vulnerable.
- The Superfish certificate will contain the phrase “Superfish Inc. VisualDiscovery” or just “VisualDiscovery” – SSL.com suggests you disable any and all entries in your root certificate store with these phrases included.
Removing or Deleting a Root Certificate
Click here for instructions on deleting a root certificate in Firefox.
Click here for instructions on deleting a root certificate in Internet Explorer.
Click here for instructions on disabling a root certificate in Microsoft Management Console.