The Superfish saga continues. In its latest statement about the vulnerability, Lenovo has provided a link to an "automated removal tool" that can rid users of Superfish's ill-fated Virtual Discovery software. The statement also clarifies a few things, including the fact that ThinkPad laptops are, mercifully, unaffected by the Superfish snafu:
As we've said previously, Lenovo is exploring every action we can to help our users address the concerns around Superfish. In addition to the actions that we have already taken we are:
1) In addition to the manual removal instructions currently available online, we have released an automated tool to help users remove the software and certificate. That tool is here: http://support.lenovo.com/us/en/product_security/superfish_uninstall
2) We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem.
We ordered Superfish pre-loads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday. We recognize that this was our miss, and we will do better in the future. Now we are focused on fixing it.
Since that time we have moved as swiftly and decisively as we can based on what we now know. While this issue in no way impacts our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device, we recognize that all Lenovo customers need to be informed. We apologize for causing these concerns among our users for any reason – and we are learning from experience and improve what we do and how we do it. We will continue to take steps to make removal of the software and underlying vulnerable certificates in question easy for customers so they can continue to use our products with the confidence that they expect and deserve.
In related news, PC World reports that a "proposed class-action suit" has already been filed against Lenovo. The suit alleges that Superfish and Lenovo damaged the plaintiff's laptop, breached her privacy, and profited by "studying her Internet browsing habits." Sounds about right. The plaintiff is reportedly seeking damages from both Lenovo and Superfish.