Updated: 04/26/2017 by Computer Hope

Superfish is an advertising company whose software is widely considered to be malware. In February 2015, the U.S. Department of Homeland Security advised users to remove Superfish software, such as Superfish Window Shopper, because it exposes computers to cyber attacks.

For Superfish to insert advertisements into a user's encrypted web traffic, Superfish installs a self-signed root certificate on the user's machine. The certificate has the effect of making all encrypted communications vulnerable to a man-in-the-middle attack, allowing a malicious third party to eavesdrop on any HTTPS sessions.


Notably, Superfish software was pre-installed on many Windows 8.1 laptops manufactured by Lenovo and sold in 2014. If you are running Window Shopper or any other Superfish software, it is highly recommended that you uninstall it by running Windows Defender or another anti-malware tool.

Lenovo, Malware, Man-in-the-middle attack, Security terms