You are here

Superfish software on Lenovo notebooks: What you can do

Share this page

You may have seen — and been concerned by — news stories about Superfish software on Lenovo notebooks. Lenovo began pre-installing Superfish on certain notebooks in September 2014. But, the software makes it easier for hackers to access your personal information, even when you’re visiting a website, like a bank’s website, that uses HTTPS to encrypt the transmission of sensitive information.

Although Lenovo has announced that they have discontinued pre-installing Superfish on its notebooks, some Lenovo notebooks sold today may still have Superfish pre-installed. So, if you purchased a Lenovo notebook any time since September 2014, your computer may be vulnerable to security threats. Here are some steps you can take: 

Remove Superfish. It’s important to remove both the Superfish software AND the Superfish certificate — simply uninstalling the software will not protect against the security vulnerabilities. To remove both the software and certificate, follow the instructions from the U.S. Computer Emergency Readiness Team (US-CERT), download and run Lenovo’s Automatic Removal Tool, or use Lenovo’s manual instructions.

Change your passwords as soon as possible, because it's possible that a hacker could have stolen your passwords by exploiting Superfish vulnerabilities. Keep our tips in mind as you create new passwords.

Be cautious about using public Wi-Fi networks. It’s good advice anytime, but especially before you’ve run the removal tool. The vulnerabilities created by Superfish software may let attackers see your private data on unsecured networks.

Watch for unusual activity on your computer and your accounts. Do you think your email or social media account has been hacked? If so, take these steps.

Review your credit card and bank account statements regularly. Look for signs of identity theft. Do you see charges you don’t recognize? If so, contact your bank or credit card provider immediately and ask to speak to the fraud department.



The Superfish software application came pre-installed on an HP Envy notebook computer I purchased. Although I am not using a Lenova note, should I still be concerned about using the application?

Purchased lenovo G50 from future shop christmas eve, system and network completely hacked,don't know the extent of the personal data lost, can't remove silverfish its buried in windows files. interesting that both mcafee and windows defender ignored the intrusion, I want retribution, class action suit anyone, i see one in california, all are culpable, futureshop, microsoft, macafee and finally the pinheads at Lenovo, they knew what they were doing.

Cool, thanks for information

I bought a Lenovo desktop just a couple months ago and have had nothing but trouble with the computer like freeze ups, mouse becoming erratic, pop ups. and I have one of the best security systems. Still run the security but it does no good.
I use it in my home and have all my personal data on it. I did not know it was possible it was contaminated possibly with Super Fish.I know it is supposed to be on the laptop that has the problem but why am I having similar problems? Could it be also in the desktop ones? I have tried to remove any malware with my own program but it seems to get worse everyday with more and more glitches and now I am not sure what to do. I can't return the computer and cannot afford to replace it. How can I find out if I have Superfish in it and what do I do to remove it? I feel so vulnerable.

This blog lists things to do if you have an affected laptop.

The FTC has more information about Lenovo laptops.

Leave a Comment