Yep, the hijacking crapware Superfish is after us. It is
relentless. So I went to the Microsoft Store.
Wait, there’s more. I rarely tackle technology on Spittin’
Grits, but Superfish and hijacking crapware must be outed. This grotesque piece
of work called Superfish is boring its way deep into your computer, and the
consequences include your on-line identity and safety. I’ve spent several days
reading about this menace because it is that serious a threat. So here goes.
Like most of you, I am an ultra-ordinary computer user, so I
subscribe to a readable techy site, How to
Geek; I owe those geeks a serious Thank You. It began for me with the most
horrible-est piece of junk that I was aware of: The ethically challenged Ask
toolbar. You’d better see if you have it. Look at the toolbar of your browser,
located just under the URL line. If you have it, go here
to read about it on How to Geek. That step led to reading several articles on
horrible add-ons and adware. That led to an article that really caught my eye: it
contained words like “Windows,” “Lenovo” (an up-to-now maker of highly rated
computers), “hijacking” adware, “browsers,” “https,” “SSL” (which I had never
heard of), “root certificate” (which I had never heard of), “scary,” “fake,”
and “hacker.” The headline read Download.com
and Others Bundle Superfish-Style HTTPS Breaking Adware, located here.
That article sounded ominous, with all those words together
in the same sentence, ominous enough that I went looking for what this stuff
was, because I was in the market for a new computer; I was looking at a Lenovo
computer.
First I came to a tech article on arstechnica
with the headline Lenovo PCs ship with man-in-the-middle adware that breaks
HTTPS connections [Updated].
Uh-oh. I was going to buy a Lenovo computer at a retail
store. What a close call that was.
“SSL” stands for “Secure Socket Layer.” Without this
technology on web servers hackers/criminals can steal all your personal
information, your ID, and rob you blind in a heartbeat. Yikes! This IS the
“root certificate.” And Superfish bored into it.
Some people and almost all businesses, most importantly,
your financial institution, apply for an SSL certificate. The granting agency
verifies all the information about the persons or businesses to ensure they are
who they say they are: Microsoft, Google, Amazon, Bank America, Best Buy, most retail
stores, credit unions, pizza franchises, everything you can think of have
the SSL certificate to ensure users’ safety. After being thoroughly verified,
these places are sent the SSL "root" certificate to put on their servers. Some businesses,
of course, like Amazon and Facebook and Twitter and on and on have a gazillion
servers. The servers are the internet’s skeletal make up. The rest of us
ordinary users ride the servers like riders on bikes, skates, trains, boats,
planes, anything mobile, and up to now we’ve enjoyed a relatively free ride,
since others were looking out for our safety and privacy.
No more. Once Superfish and other hijackware bored their way
into servers, the “Private: Keep Out” door is opened wide, to all manner of
hackers and criminals, and there we stand naked behind that door.
Those hijackware borers are not to be confused with the “normal”
obnoxious, sometimes dangerous, crapware, malware, and adware that come on
Windows’s operating system and are picked up by the major browsers: Explorer,
Chrome, Firefox, and search engines like Yahoo.
They are the repulsive pop-ups and worse. Those are bad
enough, and the major players like Microsoft, Google, and others have been
complicit in this ethically challenged behavior; it makes your PC run like molasses
in the winter of 2014-15 and opens you up to hackers/advertisers. That’s why
when you open your browser to go somewhere, ads pop up that have been following
you, recording you, and know what you like.
So how do you know if a business or financial institution
has a secure SSL root certificate?
When I go to my financial institution via Explorer, Chrome,
or Firefox, I first see on the address bar that it turns green, although it
doesn’t stay green. Then I see https://, and the ‘s’ is
significant. Then on the far left of the URL bar I see a small padlock. The
site is “secure,” that is unless something like Superfish bored into the root
certificate.
My own view of American businesses, as unpopular as it may
be, is that they are inherently amoral, right out of the box. Too many,
including the “too big to fail” Wall St. banks, are immoral and may be into
illegal stuff. Many are at least unethical. They all depend on consumers, but
they want consumers, lots of them, who don’t know or don’t want to know what
they are getting. Thank goodness for the watchdogs. They are the ones who
discovered the ton of crapware, adware, malware, and most importantly, the
hijackware. I would no more go to a retail store to buy a PC right now than I
would believe that the big banks are not into sub-prime loans -- again.
But I need a trustworthy computer. That’s why I went to the
Microsoft store, to buy one of their guaranteed “sterile” computers. Their
sterile “Signature” line of PCs are free of any viruses, adware, crapware, and
hijackware. If they don’t do what they advertise, I have recourse.
The only recourse current PC users with a Windows operating system have against the bad stuff
inside their computers is to go to a Microsoft store and have them remove the crap.
And we must put pressure on the computer giants; no one will do it for us.
In fairness, Google has pledged to make some changes
regarding crapware. You can read about this here
on How to Geek. On the other hand, there’s Yahoo. Here’s what the HTG geeks
have to say:
Contrast this [the
Google page] with searching for “vlc download” [a software] on Yahoo… Every
single thing you see on the screen is an ad for crapware, some of which is
pretty much malware. In fact, you can keep scrolling, because there are even
more ads for crapware when you scroll down, and you have to scroll near the
bottom to find the real download location. In order to get all the ads in a
single screenshot, you have to use a tablet in portrait mode.
The
moral of this techy tome is that we will have to look out for our interests,
including knowing more about what is under foot and listening to the watchdogs’s
barks.
No comments:
Post a Comment