Jump to content

Featured Replies

Posted
comment_849824

well it seems that Lavasoft Ad-Aware was playing around with Superfish also

 

from the Lavasoft facebook page

 

https://www.facebook.com/lavasoft.adaware

 

A great deal of attention has been given to recent event surrounding Superfish and Lenovo, and the resulting security vulnerability that has been exposed in a Komodia, a sub-component of Superfish’s product.

 

Lavasoft takes security issues very seriously, and would like to take a moment to explain to its users who are naturally concerned by the overlap between Lavasoft and Komodia.

 

Background and Recent Events:

• Komodia delivers a collection of utility SDKs for scanning and intercepting internet traffic on a user’s PC.

• Applications using Komodia SDKs include ad injectors, parental control services, and security products such as Ad-Aware Web Companion.

• One of the technologies used by Komodia to inspect HTTPS (SSL-encrypted) web traffic is a root certificate.

• The private key of this certificate was compromised, creating a security risk that can be exploited by another program running on the same PC.

 

Key Facts:

• For the past year, Lavasoft was developing and testing a new security feature in Ad-Aware Web Companion to scan and eliminate malicious content/advertising in HTTPS traffic, including content injected by internet proxies installed on the PC.

• This functionality was implemented with one of Komodia’s public SDKs (the SSL Digestor). At no point was any encrypted information collected or analyzed. All analysis of incoming traffic to eliminate security risks was performed on the end-user’s PC.

• Several weeks ago, upon consultation with our partners and evaluation of the risks/benefits, prior to the public announcement of the security risk, Lavasoft took the decision to remove the functionality and eliminate the deployment of the root certificate to inspect the traffic.

• Lavasoft’s most recent release of Ad-Aware Web Companion (released on February 18th 2015) does not include this capability, but we are not yet able to confirm with certainty that the compromised component of the Komodia SSL Digestor has been removed. If still present, a new release of Web Companion will be issued promptly on Monday morning.

 

Lavasoft is in contact with its partners to ensure the message is properly communicated. We thank you for your patience and your understanding.

 

:)

 

James

  • FPCH Admin
comment_849848
I used to use Lavasoft Ad-Aware quite a few years ago. Then they seemed to have lost the plot so I stopped using and recommending it.

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

comment_849886

I have it running as an Antivirus which it is now on a few client pcs with no problems, but then I am not convinced we need an Av at all these days

if we have the proper protection and surfing habits.

Guest
Reply to this topic...