Lenovo Superfish malware opens big hole for hackers ...beware anti-virus program Avast uses the same trick !


UPDATED with Windows Certificate removal of AVAST trusted Root Certificate


As many have reported today Lenovo has installed a malware program called Superfish on it is products for some time.

Not to repeat what others have written about it, so get a quick update at::

http://www.extremetech.com/extreme/199521-lenovo-pcs-ship-with-adware-that-breaks-https-destroys-system-security

In short it means that the Supefish malware can read alle data in an encrypted HTTPS connection, which of course should be confidential.
That is one issue.

The big issue is that it is an entrance for hackers to listen to the secure data as well.

Today I looked at my anti-virus program AVAST on my PC, and it certainly looks at is uses the dirty same trick of installing a root certificate in your browsers.

I use Firefox as my browser and it is not hit by the Superfish issue (it is said), however when looking in the list of Root certificates for the browser I suddenly see



I did not add this Certificate...

This is the same trick as Superfish uses.

Avast adds the certificate so it can listen to all encrypted HTTPS traffic, and it may open up to hackers as in the Superfish case.

It is really bad behavior from a security company not even to ask before adding the certificate and by default enabling this feature.

An encrypted HTTPS connection should be an "end-to-end" secure connection, with only two parties having access to the data.
AVAST may use a unique certificate and intentions may be good, but it is still a "man in the middle" (attack) and AVAST has access to all confidential data going through the connection.


You should disable it!

How to disable the feature:

1. First disable the feature in Avast

- Start the Avast interface in the taskbar in Windows



Goto settings



Select Active Protection and then Web Shield -> Customize


Disable "Enable HTTPS Scanning"


2. Remove Root Certificates

You need to remove the Root Certificates

Firefox:

In menu select "Options"



Select "Advanced" -> "Certificates" -> "View Certificates"


Goto "Authorities" and scroll down to the Avast Root Certificate and click button "Delete .."


Accept to remove and click OK.

Internet Explorer

It is a little more complicated since you will need to start Internet Explorer with Administrator rights.

- Right click on the Internet Explorer icon and select "Run as administrator"


An Access User Control dialogbox pops up ,,click on "Yes" button

In Internet Explorer select Internet Options



Select "Content" -> "Certificates"



Goto tab "Trusted Root..." and find Avast Root certificate and click the "Remove" button


Google Chrome

I have not installed Google Chrome but the procedures are the same as in the other browsers

UPDATED with Windows Certificate removal of AVAST trusted Root Certificate

Click on windows startbutton and write "Manage Computer Certificates" and and click on it


Open "Trusted Root Certification Authories" and select the Avast certificate.



Right click and select remove.


Posted on 02/19/2015 11:13:49 PM CET