• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Superfish

Hi,
https://safeweb.norton.com/report/show_mobile?name=superfish.com

Based on that, the site seems to be no good but yet it has an OK rating. Why is this?

Additionally, does Norton protect against the recently revealed Superfish situation with Lenovo?

Mitka

"Life opens up when you do." - Procter & Gamble

Replies

Kudos0

Re: Superfish

Hello Milka

Thank you for reporting that site. I will report it to the Safe Web Team.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Superfish

Windows 10 Home X 64
Kudos0

Re: Superfish

Kudos2 Stats

Re: Superfish

Kudos0

Re: Superfish

While it looks like they've got something out there for it, the link suggests only Windows 8 and Windows Server 2012 are affected.  Don't know if that's accurate or if the signature isn't complete.  I believe that Symantec/Norton should be publicly forthcoming w/ what their products do given the media attention Superfish is getting.  I've read the generic blog which is great, but need specifics on how their product(s) are protecting users.

Kudos0

Re: Superfish

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos1 Stats

Re: Superfish

dhalter1:

While it looks like they've got something out there for it, the link suggests only Windows 8 and Windows Server 2012 are affected.  Don't know if that's accurate or if the signature isn't complete.  I believe that Symantec/Norton should be publicly forthcoming w/ what their products do given the media attention Superfish is getting.  I've read the generic blog which is great, but need specifics on how their product(s) are protecting users.

The Superfish issue is limited to only certain Lenovo products that were manufactured in the last quarter of 2014.  It is also adware, i.e., it presents ads on your PC - so if you have a Superfish problem you will know it because its job is to announce itself.  While the certificate issue makes this a hot topic in the press, as a practical matter the problem is extremely limited and easily remedied.  Superfish is the topic of the week, but it is not something that most of us need to concern ourselves with.

http://securitywatch.pcmag.com/hacking/332216-lenovo-s-worst-superfish-s...

Kudos0

Re: Superfish

SendOfJive, you should read the comments to the link you post - most don't agree w/ the author.  

Given that the crypto key associated w/ the adware has been compromised, a bad guy could repurpose the engine to do whatever he wanted.  Lenovo has basically bundled a MITM attack directly onto their platforms.  Also, the supporting engine is used in other adware and it all needs to be cleaned up.  Much more serious than some on here are making it out to be.

http://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/

http://www.zdnet.com/article/lenovos-superfish-its-worse-than-we-thought/

https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken

Kudos0

Re: Superfish

Hello Milka

The site you mentioned in your opening post is now rated as malicious instead of green. That is the superfish website.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Superfish

dhalter1:

Much more serious than some on here are making it out to be.

It's serious if you are using one of the affected Lenovo PCs, haven't done anything about it, and don't have a security program installed.  That narrows the field down dramatically.  If you are worried about installing Superfish at this point, I think just about any decent AV product will catch it.  It was a serious issue before it was detected, and it does raise some serious questions about what other pre-installed programs might be doing behind your back, but Superfish itself is now pretty much a done deal.

Kudos0

Re: Superfish

"Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops."

http://www.theregister.co.uk/2015/02/23/mozilla_mulls_super_phish_torpedo/

Kudos0

Re: Superfish

I don't know if I can trust what I read in the register after what I saw in it this weekend. That was my first time reading that newsletter.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.