Take a quick second and Google / Bing for the words “Privdog” or “Superfish.”
In a nutshell, these applications install a certificate, which your computers then trust. Then because of that, the chain of trust is broken, and the bad guys can use that as an attack into your systems.
Good news: You can keep vigilent and wipe these evil certificates off your network on all PCs, all at once, using PolicyPak and Group Policy or SCCM or whatever system you use. Here’s Sal from Tech Support with his how to video:
Wipe Privdog (and other evil certificates) off your network using Group Policy and PolicyPak.
Hi. This is Sal from PolicyPak technical support. In this video, I’m going to show you how you can remove certain certificates which might have gotten installed when you installed PrivDog or Superfish, and your computers are going to be less secure on the Internet.
We can remove that certificate by using PolicyPak’s preconfigured Paks for Mozilla Firefox and other different browsers as well. The first step, we are going to look into the SHA1 fingerprint of that certificate. The easiest way to get there is by going to the Mozilla Firefox “Options” and “Advanced/Certificates.” Then click on “View Certificates” button, and this is where you’re going to get that certificate SHA1 fingerprint.
All I need to do is to select that, click on “View” button, and that’s how you can get that “SHA1 Fingerprint.” I will select that, “Copy” into my clipboard. I will “Close” it out, and I will “Cancel” it out here as well.
Once I have that in my clipboard, I will go into my Group Policy “Server.” This is where I’m going to open the Pak “Properties” in Group Policy Editor. That policy is already linked, so all I need to do is to go into that option “Advanced (Certificates)” and I already have that fingerprint and I am also removing (“remove”) that from my target machine.
If you have a different browser like “Microsoft Internet Explorer,” you can open the “Properties,” go into “Extras” tab. This is where you can paste the “Certificates” fingerprint and use the same key like “remove” to remove that.
So I have that option for my two different browsers. Now I will go into my target machine, and this is where we have that certificate. All I need to do is to run “GP Update” and I will get that policy. Once it’s done, it is going to remove that certificate, and your computers are going to be secure when they are going to browse the Internet.
We’ll wait for user side policy to be finished. The policy finished successfully. Now we’ll launch Mozilla Firefox again, and we’ll go under the same place to verify the certificate now is removed. Now you can see that certificate is no longer on the target machine.
I hope it helps.