The Pharmer in the Dell: Redux

By | December 2, 2015
Print pagePDF page

The Pharmer in the Dell: Redux

Ten years ago, in 2005, Dell tried sneaking malware/PUPs onto their computers and we wrote it up and called them out. In 2012 we republished the article ( with some changes ) because Dell again tried to trick consumers into purchasing computers with pre-installed malware and/or PUPs.

Well, the more things change, the more they stay the same. Dell is calling “Foul!” because, they claim, they had no idea Dell certificate was very similar to the Superfish malware that Lenovo installed on their computer a couple of years ago. Dell got caught (as did Lenovo) and are trying to walk it back.

Our friends at Emsisoft have written a great article about Dell’s faux pas and we’ve republished it (below). We found this article spot on and informative; we hope you do as well.

Superfish reloaded: eDellRoot certificate punching a huge security hole in your new Dell computer

If you have recently bought a new Dell computer, it could come with a very dangerous security flaw. The flaw means that that malicious websites or software could be automatically trusted by Dell’s security software. It also means you are vulnerable, when using public Wi-Fi networks, to so-called ”man-in-the-middle” attacks.

Dell has acknowledged that a self-signed root certificate called eDellRoot, pre-installed on its new PCs, introduces the security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for its customers to service their system. However, being a “self-signed” certificate, eDellRoot enables attackers to intercept traffic from an affected Dell laptop and any HTTPS-enabled website. The hacker can then act as proxy between the laptop and the website by re-encrypting the traffic with a rogue certificate that’s signed with the eDellRoot private key.

It’s not yet clear how many models are affected, although users have reported finding it on Dell XPS 15 and XPS 13 models, as well as a Latitude and an Inspiron 5000 series model.

Dell is now providing customers with removal instructions and says it will not add it to new devices going forward. The removal instructions can be downloaded here.

Dell fishing for trouble with this latest security flaw

It is an extremely embarrassing situation for the company, which publicly criticised its competitor Lenovo in February this year when Lenova pre-installed a program called Superfish that included a self-signed root certificate.

As one Dell XPS 15 laptop user says, “To add insult to injury, it’s not even apparent what purpose the certificate serves. At least with Superfish we knew that their rogue root CA was needed to inject ads into your web pages; the reason Dell’s is there is unclear.”

If you have recently bought a Dell computer and want to see if you are affected by this, go to Start -> type “certmgr.msc” -> (accept on UAC prompt) -> Trusted Root Certification Authorities -> Certificates and check if you have an entry with the name “eDellRoot”.

(Quoted article above is courtesy of Emsisoft, You can read the original article here. )

Our Premium Weekly Newsletter is now FREE! Sign up today.

 

3 thoughts on “The Pharmer in the Dell: Redux

  1. Janice M

    Many more thank yous for watching out for all of us, your loyal fans & friends. Speaking for myself, you’ve saved me so many headaches & heartaches just because of you constant online “WATCH”. It’s so nice to have 2 people I KNOW I can trust when it comes to the computer business–whenever you recommend things, I get them if at all possible. You’ve never steered me down the wrong path…so you’re stuck with me. Thanks Again.

    Bless you both and enjoy this beautiful advent season!

    Reply
  2. Jennifer Akridge

    I bought a Dell about 5 years ago and after using it a short time, it crashed. I can’t say the reason why with any certainty. It continues to run well at present…thanks to you and Emsisoft. I am looking at purchasing another computer in the next six months. Are there any brands which you recommend as being without malware, pups etc.? Thank you. Jennifer

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *