Microsoft just took a major step towards rooting out the Superfish adware, which exposed Lenovo users to man-in-the-middle attacks. Researchers are reporting that Windows Defender, Microsoft's onboard anti-virus software, is now actively removing the Superfish software that came pre-installed on many Lenovo computers. Additionally, Windows Defender will reset any SSL certificates that were circumvented by Superfish, restoring the system to proper working order. It's a crucial fix, as many security professionals had been struggling to find a reliable method for consistently and completely undoing the harmful effects of the program. To make sure the fix takes effect, any Superfish-affected Windows users should update their version of Windows Defender within the program and scan as soon as possible. You can see if you're affected by the program here.
I want to make it completely clear in plain English: There is absolutely no possible way that Lenovo didn't know exactly what Superfish did.— InfoSec Taylor Swift (@SwiftOnSecurity) February 20, 2015
Lenovo is still reeling from the after-effects of Superfish, both for installing it in the first place and being unable to undo its effects. Some had speculated that the only conclusive fix would come from either Microsoft's antivirus powers or a tightening of certificate protections from a browser like Chrome. So far, Microsoft's approach seems solid although there's still some concern over machines that have already been infected. "It's possible — though unlikely — that Superfish also tampered with downloaded executables in transit," said Rapid7's Tod Bearsley, "so the extra-paranoid may want to simply wipe and reinstall anyway."
The fix also suggests a larger potential role for antivirus companies in the fight against adware. In the past, firms have been wary of marking pre-installed software as malware for simple user-experience reasons, but Microsoft's latest move has drawn praise from across the industry and may signal a shift in those attitudes.
2/20 12:53pm ET: Updated to include comment from Rapid7.