Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!

Security Vulnerability on Dell PCs is Compared to Superfish

Security Vulnerability on Dell PCs is Compared to Superfish

Dell says it inadvertently shipped new PCs with a potential security vulnerability. This lapse has drawn comparisons to Lenovo’s Superfish fiasco, but there’s one major difference: Dell quickly acknowledged the problem and fixed it.

“Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability,” Dell Chief Blogger Laura P. Thomas writes in a post to the firm’s official corporate blog. “The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.”

News of the Dell vulnerability originally came via personal blogs andReddit, but gained steam and attention when bigger blogs and professional news organizations picked up the story.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

From a technical standpoint, this problem is indeed very similar to Superfish: Software in the form of a self-signed trusted root certificate is installed by Dell, and it contains a security vulnerability. This vulnerability could be exploited by hackers to usurp HTTPS-encrypted web sites such as banks and services like Google that contain digital identities. So the potential loses are both financial and personal.

And Dell, like Lenovo, felt that it was doing the right thing—in this case, trying to improve customer service—when it fact it was doing the wrong thing for the right reason. You may recall that Lenovo installed malware-like software called Superfish on its PCs, and that it did so ostensibly because it felt that it could provide a better experience for its user. This is a peculiar delusion from which all PC makers suffer to one degree or another. But Lenovo’s decision to inject more relevant advertising on web pages was particularly tone deaf.

Dell seems to have a similar inability to grasp the obvious. Like Lenovo before it, Dell is arguing that the offending software “is not malware or adware.” And in an effort to distance itself from the Superfish fiasco, Dell says that the software “will not reinstall itself once it is properly removed using the recommended Dell process … [and it] is not being used to collect personal customer information.”

The good news? Unlike Lenovo, Dell is at least moving quickly to acknowledge this problem and fix it.

“We have posted instructions to permanently remove the certificate from your system,” Thomas explains. “We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.”

You can download Dell’s removal instructions in Word DOC format.Dell also recommends that anyone who finds security vulnerabilities in its software contact it immediately.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at Thurrott.com, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By