I got a warning from my AVG anti-virus that there could be something called a "Superfish" on my Lenovo computer at work. I did some research and it seems that it is only loaded on laptops with Win 8.2. I have 7.
But! doing a little more research, I found this. Any advice about all the stuff below, which I don't really understand? lol
The Komodia problem
As you will have gathered, Superfish on its own was no big deal. The problem was that Superfish used an “SSL hijacker” – Komodia Redirector with SSL Digestor – bought from a small Israeli company called Komodia. This opened a very large security hole. In fact, your PC may have this security hole even if it is not made by Lenovo and has never been near Superfish, because Komodia sold its kit to other companies as well.
These companies include Atom Security, Infoweise, Komodia (KeepMyFamilySecure), Kurupira (Webfilter), Lavasoft (Ad-Aware Web Companion), Qustodio, and Websecure Ltd (Easy Hide IP Classic), according to the official US vulnerability note.
........
Go to the Superfish, Komodia, PrivDog vulnerability test web page, and it will try to find any SSL-disabling software on your PC. The site was built and is being updated by Filippo Valsorda, who created the Heartbleed test site last year. (Heartbleed was a very serious vulnerability in the OpenSSL cryptographic software library.)
..............
If you have installed software from unsafe places such as CNet’s Download.com or from Google search ads, you could have installed one of these without knowing it. How-To Geek suggests deleting certificates from Sendori, Purelead, Rocket Tab, Superfish, Lookthisup, Pando, Wajam, WajaNEnhance, System Alerts, and CE_UmbrellaCert. Given the number of certificates on the average PC, weeding out any bad ones will not be fun.
As How-To Geek points out, Microsoft has a web page that, at the click of a FixIt button, will delete “the certificates folder and everything inside it” and update it to “the list that is accepted by Microsoft as part of the Windows root certificate program”. This sounds like a good solution.
But, it adds, “we really don’t recommend it until somebody tests this out”. Let me know if you do.
I reckon there is now a market for good certificate-checking software.
http://www.theguardian.com/technology/2 ... ar-malware