Dell said human error was to blame for mistakes which led it to ship a number of replacement server motherboards to customers pre-loaded with spyware. The company declined to say whether it was running anti-virus software at its factory but said it had taken 16 steps to improve processes. The infection hit replacement PowerEdge …
What chance do we stand ?
What chance do we stand if new hardware arrives pre loaded with viruses?
Also, it appears from the article that Dell is hardly being very forthcoming about how this happened.
Perhaps they need to take a leaf from Apple on how to handle P.R.
On second thoughts, perhaps not...
Alien intervention ?
I'm always puzzled by "human error" which seems to imply other agencies might be involved - do they think gods or pixies might be intervening to cause errors ? Why not be honest and admit "we did it" ?
Well they could always..............
.............try the "shit happens" explanation and see if that runs any better!
ps. Reg: Can't we have an "Evil Dell" icon?
W32.Spybot.Worm infection route
W32.Spybot.Worm is a detection for a family of worms that spreads using the Kazaa file-sharing network and mIR ..
"The worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware,"
w32.Spybot is a P2P downloads-associated virus - was that some sort of new modification of it in the firmware? Any explanation from Dell on this?
How can a virus infect a motherboard?
"How can a virus infect a motherboard?"
Not firmware, but flash memory on the motherboard.
Thank god for that, is it me only who would be worried if it was the robots who placed it there? :)
Of course it was the robots!
What do you think we've got the Terminator icon for? Skynet must have started on a PowerEdge server.
Hold on. If Arnold was a T100, and the liquid metal one was a T1000, what, exactly is the T410?
"He said the spyware would only infect people running unpatched versions of Windows without any anti-virus software - so that's presumably what Dell factories run on."
Quote of the year, love it!
Actually, it could be some git
borrowed the USB drive that normally sits on the automated system recording device to move some music files on his personal laptop, then put it back in the system. The automated system, being standalone and only used to burn the data to the flash drive as part of the refurb process wouldn't even need to be running Windows. Could be a linux or BSD device that copies the data from the drive to the USB to the flash. In the air gap case it certainly shouldn't need AV since the USBs should be scanned before being inserted into the device.
Of course, it could also be a Windows system since Dell probably gets them almost free from MS. But it wouldn't have to be.
....spyware would only infect people .....
and I thought it was a software virus - am I at risk now?
"He said the spyware would only infect people running unpatched versions of Windows without any anti-virus software."
You mean like right after you just installed windows?
presumably, since these were replacement motherboards, thus being installed in established systems, the spyware really should've had no effect on anything, since every IT admin worldwide is a knowledgeable and responsible individual and would never run a windows system without malware protection...
Did anybody think it would be divine intervention?
Beware the BIOS rootkits..
You think its bad now, just wait until people find out that several of these boards made their way into SCADA systems.
Maybe the whole 2012 thing is actually a variant of the Y2K bug, but with an embedded BIOS worm with a date trigger of 21st December 2012.. imagine the chaos when 100M windows machines nuke their hard disk firmwares on the stroke of midnight.
AC, because there won't be any on 21-12-2012....
He said the spyware would only infect people running unpatched versions of Windows without any anti-virus software - so that's presumably what Dell factories run on.
LOL. Good one. Major cuss. Love the Reg incisive commentary. True, straight to the point and funny with it.
Why not blame the users?
Just like Apple did. If Apple can get away from it, then everyone else should.
...Apple tie in of the week.
Please try harder.
Dell shipping Spyware?
You mean, as opposed to the stuff they normally install that opens backdoors to Dell even whilst your machine is shut down? AC because - well, what's the point? They already have me...
The Dell factories are fine, this happened in a remanufacturing shop.
Dell contracts most of this work out. These contractors strip the good parts off of warranty returns. The motherboard bios is brought up to date if necessary. The virus found its way into a bios binary on one or more of the updater systems.
Still an unforgivable sin, but rest assured quality control is much tighter at Dell's factories.
Of course it's human error. Ultimately... everything can be tracked to human error. Corporate statements and those of politician's sound increasingly the same... much bloat, little content.