Net Neutrality and Superfish

Facebook logo Twitter logo

Earlier this year, the tech community was up in arms in regards to a program called Superfish, which Lenovo was pre-installing on their systems prior to January 2014.  Superfish has been breaking the secure connection between those PC’s and the internet, leaving unsuspecting Lenovo users vulnerable to hackers.  Around the same time that the Superfish controversy arose, in February of 2015, the FCC held a vote on Net Neutrality.  Net Neutrality essentially argues that to throttle, or slow, traffic to certain sites, or charge the site or user a higher fee for accessing bandwidth are unfair regulations that do not allow the public access to all legal content and applications on an equal basis.

Superfish is a program that Lenovo was paid to pre-install on their machines, marketed as a “shopping assistant” that is in all honesty an adware program that inserts ads into web pages as users browse the internet.  Superfish acts like a middle man in order to force ads onto otherwise secure web pages.  In order to push ads onto secure sites with an HTTPS certificate, Superfish installs a self-generated root certificate into the windows certificate program, and replaces all certifications with its own when entering an HTTPS site.  Superfish assigned this weaker certificate to all of Lenovo’s PC’s prior to January 2014, meaning that as soon as hackers found vulnerabilities in one certificate, they could access all Lenovo PC’s thanks to Superfish.  If you use a Lenovo PC that was purchased prior to January 2014, be sure to uninstall Superfish using Lenovo’s automated removal tool and if you are unsure if you are at risk of Superfish, check out LastPass in order to detect Superfish on your computer.   Users can also update Windows Defender to remove remaining pieces of the software, including the root certificate.

superfish

Moving on to Net Neutrality, the FCC held a vote earlier this year regarding the throttling of internet speeds or increasing prices based on the bandwidth that a website takes up.  Phone and cable companies fought hard against Net Neutrality, as they want to remain free to control traffic and pricing at their discretion.  If Net Neutrality were to become a reality, broadband internet would become a public utility, and regulatory measures would be applied like those already in use for phone companies and other utilities in order to ensure that internet access is equally possible for all citizens.  The proposal for Net Neutrality passed in late February, meaning that nobody, government or corporate can control free open internet access.

Net Neutrality levels the playing field amongst internet service providers, giving the FCC the power to regulate pricing and speeds to ensure that the public has reasonable access to the internet for a reasonable price.  By making broadband internet into a utility, the FCC has shown that not only are they up-to-date, but they feel that internet access is somewhat of a right for most Americans.

About The Author: Andrea Andrea Eldridge is CEO and co-founder of Nerds On Call, a computer repair company that specializes in on-site and online service for homes and businesses. Andrea is the writer of a weekly column, Nerd Chick Adventures in The Record Searchlight. She prepares TV segments for and appears regularly on CBS, CW and FOX on shows such as Good Day Sacramento, More Good Day Portland, and CBS 13 News, offering viewers technology and lifestyle tips. See Andrea in action at callnerds.com/andrea/.

Video Transcript

Keba: Here in Tech News, U.S. Regulators are moving toward tougher rules for internet service providers like Comcast, Verizon, and more. Today the FCC is expected to approve a plan that puts the internet in the same regulatory camp as the telephone. This would require that providers act in the public’s interest when providing broadband connections. The goal is to prevent broadband providers from intentionally blocking or slowing web traffic. And we have a little bit more on this in the tech department. Dan and Ryan, over to you.

Dan: Well yeah, because you’ve heard that term probably, net neutrality, and you might not know exactly what it means. So we thought Ryan Eldridge from Nerds on Call was just the man to break it down. We have two topics for you actually, net neutrality and then also this thing called SuperFish.

Ryan: Yeah.

Dan: Let’s start with this net neutrality.

Ryan: Do it.

Dan: As a user at my house, I want this, don’t I?

Ryan: The good news is you already have it.

Dan: Okay.

Ryan: Net neutrality already exists. Every website on the internet is treated exactly the same, but the ISPs are saying that places like Netflix and Hulu, where we are streaming our videos, where we are doing legal access to content, those take up more space on the internet and cause the rest of us to get slow connections when we are checking email or doing business.

And so they are proposing, what they want to do, is set-up two separate speeds on the internet. One for just regular use and one for like, they call it a fast-lane where you can get premium content faster. You can watch your Netflix without interruption, you can get HD content. Now 4k content, which is going to take of even more space. Well the problem with that is, they want to charge, possibly, us consumers and also charge the other guys, Google, Netflix, anybody else that is providing content. And while that sounds okay, well I kind of want a faster internet, everybody does, but it stifles innovation and you’re giving access to just the cable companies and the telecommunications company, power over the rest of the internet saying, “Well, Netflix will charge you $1 million a day for your content.”

Dan: Okay.

Ryan: But let’s say I have a new start up and I want to put my content out there. Right now we can all compete equally on the internet.

Dan: I follow you.

Ryan: But if Netflix can spend $10 million . . .

Dan: They got an advantage.

Ryan: They got a huge advantage. So all of a sudden, all of the start-ups are going to die, Silicon Valley is going to start to shrink because all it’s just to get on the internet it’s going to cost too much money. So that’s one problem.

Dan: Okay.

Ryan: Also taxes and all the other stuff that we’re getting right now. If we can change and classify the internet as a utility, which is something that we all use, then the FCC can regulate it. If you remember last year there was a big hullaballoo about going on and regulating the internet, and everybody wanted to do all kinds of stuff. Well that was challenged in court and it turns out the FCC was over reaching. They don’t have the power to regulate the internet and so that was overturned in the court and so now what they’re doing today is they’re trying to classify it as a utility.

Dan: Pass a law that would circumvent the court ruling.

Ryan: Yeah, so the FCC chairman has proposed this. And so they’re voting on it today and they’re expecting to split down party lines.

Dan: The chairman will vote in favor of it?

Ryan: He’ll vote in favor. There’s two democrats and two republicans. The republicans are suggesting that they’re not going to vote in favor of it. The republicans, they say, “We don’t want more regulation. We want a free and open internet but we don’t want the FCC to regulate it.” And so they’re proposing roughly the same thing but just without the regulations.

Dan: Hope you all understood. We’re going to quiz you at the end of the show on that. All right, what about this thing called “SuperFish”? You’ve been in here in the past and you’ve told us what great deals you can get sometimes on the Lenovo computers?

Ryan: Yeah.

Dan: Yeah, but careful what you get.

Ryan: Lenovo is the number one manufacturer in the world. And in order to make their equipment cheaper, they put all kinds of different programs, trial programs on their PCs. We all get the Norton trial, the McAfee trial. Well, they also have other little programs in there like, photo editing, and shopping assistants, and things like that.

Well Lenovo put a program on computers called “SuperFish” and it was designed that when you would go on certain websites they could show ads on the website. In fact on apple.com, they were able to show websites. So imagine what would have cost to advertise on apple.com. Thousands, if not, millions of dollars. And so we have a screen shot, I don’t know if they have it in the studio but there’s a screen shot where you see it’s Apple’s home page and then an ad of all these different iPads you can buy. Sounds pretty cool for Lenovo because if somebody clicks an ad and buys something, Lenovo makes money or they sell that advertising space but those advertisements aren’t that vetted by anybody so who knows what you’re getting.

Dan: Apple wouldn’t have put those on there.

Ryan: No they wouldn’t. No way.

Dan: Yeah.

Ryan: And the biggest problems with SuperFish is that it hijacks what’s called “the secure connection”. So normally I tell everyone, “Hey, if you’re on a website and you see HTTPS in the address bar, you’re pretty safe because that’s an encrypted connection.” Well what SuperFish does, is it writes a certificate to your browser and stands between you and the internet, and takes all of that secure traffic that you think is secure and reads it before it gets to you. So if you’re checking your email, your bank statements, Facebook, you’re doing all kinds of personal things you think is secure, they’re able to see it. And here’s the worst part, when SuperFish wrote those certificates, they used the same encryption code on every PC. Which means that all you had to do is get that code, a hacker has to get that code, and they can get into anybody’s stuff and see what they’re doing, and it’s already been cracked.

Dan: That’s not super.

Ryan: No, so there’s a removal tool. First thing you want to do is go to lastpass.com/SuperFish. They have a detection tool. So if you have a Lenovo machine, run this program, it’ll tell you if you’ve got it. Second thing you need to do is update windows defender. The biggest problem is if you just go under your “add/remove programs” and remove it? The root certificate that it created stays, which means that hackers can still get in to that program. So update windows defender and that will remove the roots certificate. So you got to do those two things and Lenovo, if you go to support.lenovo.com you can download the SuperFish Removal Tool, and that will remove the tool itself.

Dan: I’m changing your name. you’re not a nerd; you’re a really smart guy. Wow, thank you, Ryan.

Ryan: You’re welcome.

Dan: We’ll see you again. Keba. [SP]

Woman: That was a lot of information; hopefully we can get that on the website, right?

Dan: Yes.