“You are not going out with that boy unless his parents are driving and that's that. I'm not just Spitting Grits here, young lady!”

. . . My father, John Thomas Cravey, USAF, to me in 1956.
Bookmark and Share

ALERT: Superfish is on the Prowl


Yep, the hijacking crapware Superfish is after us. It is relentless. So I went to the Microsoft Store.

Wait, there’s more. I rarely tackle technology on Spittin’ Grits, but Superfish and hijacking crapware must be outed. This grotesque piece of work called Superfish is boring its way deep into your computer, and the consequences include your on-line identity and safety. I’ve spent several days reading about this menace because it is that serious a threat. So here goes.

Like most of you, I am an ultra-ordinary computer user, so I subscribe to a readable techy site, How to Geek; I owe those geeks a serious Thank You. It began for me with the most horrible-est piece of junk that I was aware of: The ethically challenged Ask toolbar. You’d better see if you have it. Look at the toolbar of your browser, located just under the URL line. If you have it, go here to read about it on How to Geek. That step led to reading several articles on horrible add-ons and adware. That led to an article that really caught my eye: it contained words like “Windows,” “Lenovo” (an up-to-now maker of highly rated computers), “hijacking” adware, “browsers,” “https,” “SSL” (which I had never heard of), “root certificate” (which I had never heard of), “scary,” “fake,” and “hacker.” The headline read Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware, located here.

That article sounded ominous, with all those words together in the same sentence, ominous enough that I went looking for what this stuff was, because I was in the market for a new computer; I was looking at a Lenovo computer.

First I came to a tech article on arstechnica with the headline Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated].

Uh-oh. I was going to buy a Lenovo computer at a retail store. What a close call that was.

“SSL” stands for “Secure Socket Layer.” Without this technology on web servers hackers/criminals can steal all your personal information, your ID, and rob you blind in a heartbeat. Yikes! This IS the “root certificate.” And Superfish bored into it.

Some people and almost all businesses, most importantly, your financial institution, apply for an SSL certificate. The granting agency verifies all the information about the persons or businesses to ensure they are who they say they are: Microsoft, Google, Amazon, Bank America, Best Buy, most retail stores, credit unions, pizza franchises, everything you can think of have the SSL certificate to ensure users’ safety. After being thoroughly verified, these places are sent the SSL "root" certificate to put on their servers. Some businesses, of course, like Amazon and Facebook and Twitter and on and on have a gazillion servers. The servers are the internet’s skeletal make up. The rest of us ordinary users ride the servers like riders on bikes, skates, trains, boats, planes, anything mobile, and up to now we’ve enjoyed a relatively free ride, since others were looking out for our safety and privacy.

No more. Once Superfish and other hijackware bored their way into servers, the “Private: Keep Out” door is opened wide, to all manner of hackers and criminals, and there we stand naked behind that door.

Those hijackware borers are not to be confused with the “normal” obnoxious, sometimes dangerous, crapware, malware, and adware that come on Windows’s operating system and are picked up by the major browsers: Explorer, Chrome, Firefox, and search engines like Yahoo.

They are the repulsive pop-ups and worse. Those are bad enough, and the major players like Microsoft, Google, and others have been complicit in this ethically challenged behavior; it makes your PC run like molasses in the winter of 2014-15 and opens you up to hackers/advertisers. That’s why when you open your browser to go somewhere, ads pop up that have been following you, recording you, and know what you like.

So how do you know if a business or financial institution has a secure SSL root certificate?

When I go to my financial institution via Explorer, Chrome, or Firefox, I first see on the address bar that it turns green, although it doesn’t stay green. Then I see https://, and the ‘s’ is significant. Then on the far left of the URL bar I see a small padlock. The site is “secure,” that is unless something like Superfish bored into the root certificate.

My own view of American businesses, as unpopular as it may be, is that they are inherently amoral, right out of the box. Too many, including the “too big to fail” Wall St. banks, are immoral and may be into illegal stuff. Many are at least unethical. They all depend on consumers, but they want consumers, lots of them, who don’t know or don’t want to know what they are getting. Thank goodness for the watchdogs. They are the ones who discovered the ton of crapware, adware, malware, and most importantly, the hijackware. I would no more go to a retail store to buy a PC right now than I would believe that the big banks are not into sub-prime loans -- again.

But I need a trustworthy computer. That’s why I went to the Microsoft store, to buy one of their guaranteed “sterile” computers. Their sterile “Signature” line of PCs are free of any viruses, adware, crapware, and hijackware. If they don’t do what they advertise, I have recourse.

The only recourse current PC users with a Windows operating system have against the bad stuff inside their computers is to go to a Microsoft store and have them remove the crap. And we must put pressure on the computer giants; no one will do it for us.

In fairness, Google has pledged to make some changes regarding crapware. You can read about this here on How to Geek. On the other hand, there’s Yahoo. Here’s what the HTG geeks have to say:

Contrast this [the Google page] with searching for “vlc download” [a software] on Yahoo… Every single thing you see on the screen is an ad for crapware, some of which is pretty much malware. In fact, you can keep scrolling, because there are even more ads for crapware when you scroll down, and you have to scroll near the bottom to find the real download location. In order to get all the ads in a single screenshot, you have to use a tablet in portrait mode.


The moral of this techy tome is that we will have to look out for our interests, including knowing more about what is under foot and listening to the watchdogs’s barks.

No comments:

Post a Comment

Blog Widget by LinkWithin
 
Spittin' Grits. Copyright © 2009 Joanna C. Hutt. All rights reserved. | Contact