Microsoft recently put out updates for Windows Defender, offering this as a standard feature on Windows 8 machines. The definitions install automatically, then scan for infections and remove them as and when. So recently, this Lenovo security advisory checked out different models of laptops affected by Superfish SSL hijacking. The component comes with the claim that it can be used to enhance users’ computing experiences.
The removal process was tried on a copy of Superfish provided by the researcher, who had extracted it from one of the tested PCs. During installation, this software installed the application, as well as a malicious root certificate.
Using Microsoft Windows Defender to scan within the Virtual PC did not reveal any problems. But the most recent update made it more capable, and after installing this, the engine easily detected the fake Lenovo certificate, and recommended that this be removed. And this was on the quick scan setting. The cleanup went without a glitch, and a restart later, there was no sign of the offending certificate in the PC.
If your PC has no antivirus software active, Windows Defender steps in automatically and conducts scans and definition updates. To check try removing the antivirus you do have, and check the event logs on the system. For safety’s sake, this is better done on a virtual machine. Otherwise, you may soon be calling the Microsoft tech support number to recover lost or corrupted data.
When there is another antivirus program running, Defender stays disabled. At this time it performs neither scheduled nor manual scans. This is usually also when the Superfish program sneaks in as part of the installation package of some other third party software. Because with other security software, there is no guarantee of the malicious element being detected. And this is in even more doubt if you are using the quick scan mode
One area where Windows Defender does not check the certificates is inside programs, which store their own certificates. Firefox is one popular software, which does this, and so if there is a malicious add-on that somehow was installed, Defender will not detect it. For this, you need manual removal from the certificate manager.
If you suspect that Superfish has somehow snuck into your system, put aside calling the Microsoft tech support number and try using the updated Windows Defender for san and removal. With the current definitions, this malicious element is sure to be removed without a hassle.