Dell: How to kill that web security hole we put in your laptops, PCs Dell has published a guide on how to remove the web security backdoor it installed in its Windows laptops and desktop PCs. This confirms what we all know by now – that Dell was selling computers with a rather embarrassing hole it in their defenses. New models from the XPS, Precision and Inspiron families include a powerful …
Haven't we all figured out by now that it is not the manufacturers who are implanting these vulnerabilities?"
Those pesky TLAs can take their pick from probably >90% of the embarrasment of "trusted" root certificates installed on your machines - for which they hold copies of the "private" keys. They most certainly have no need to install yet another. They are also probably sufficiently competent to have not installed the private component.
Pretty certain this particular débâcle is a wondrous display of cack-handed corporate pwnership and not state-sponsored.
Dell said it will post information on how to do this properly on its support website, and future machines will not include the dangerous root CA cert.
However, they did not say what the replacement for this "feature" would be. Car manufacturers have to issue recalls for defective products, but Dell just gets to say sorry and post a self help guide. Yes, yes, it's a case of life and limb vs severe financial impact, but it seems as though Dell's fix is a little less than robust.
And now, we're reminded that Dell FU**ED EVERYONE - on purpose - when they sold the company for scrap value and went to hide on Mike's private Montana mountain and just snicker.... These people are vampires... Ooops, but that shouldn't surprise anyone... Dell is one of the largest panderers to the American Taliban (Rethuglicon party) on earth.
1) Go through the Services and disable all services allowing for remote control of PC. Why, in 2015, has Microsoft kept those enabled is beyond me.
1) Uninstall all vendor software. It is always crap, and it bogs down Windows like an anvil tied to your foot. No vendor has ever made any update of any worth to the crap it puts on top of Windows. Now we know that, in addition, vendor software comes with vulnerabilities baked in. Get rid of all of it.
2) Remove all promotional, demo, or time-limited applications. You already have paid for what you need to work with, you're not going to be forking over more for any of those.
3) Install Windows Defender and AV of your choice. Check for driver updates. Run complete scan. Decrapify the abomination called the Registry.
4) Backup.
Takes about a day, but it's worth it - if only for the peace of mind.
My new computer ritual is easier:
1) Insert pen drive containing Linux Mint.
2) Turn on, and follow instructions.
3) Copy home directory from old computer (optional).
4) Enjoy.
Takes less than half an hour, but it's worth it if you want to actually make use of your computer.
1. Realise the stuff you need only runs on windows.
2. Start finding ways to run them on Linux.
3. Get lost trying to find easy and clear help.
4. Go looking for glossary.
5. Realise the working day is done, vow to install windows in morning and actually get paid for job you are supposed to be doing.
<quote>
My new computer ritual is easier:
1) Insert pen drive containing Linux Mint.Remove OEM installed hard drive infected with Windows; and install new hard drive. Obtain Linux distro of choice and place on a flash drive.
2) Turn on, and follow instructions.
3) Copy home directory from old computer (optional).
4) Enjoy.
Takes less than half an hour, but it's worth it if you want to actually make use of your computer.
</quote>
5) When you have decided to replace with new, remove existing Linux hard drive, and reinstall the Windows infected original OEM hard drive.
6) Dispose of old computer.
FTFY!!!
Side benefit, NONE of your PII is left on the old computer as you get rid of it.
As a thought, I've been mucking around with OpenBSD as a desktop over the last few days.
It's pretty usable so far. XFCE window manager seems the same as on Linux, so not really noticing much of a difference (apart from a few command line utils needing alternatives or different options). It actually seems a lot simpler to use than anything with systemd on it. Python is still on there and working fine.
Early days yet though, but I'm hopeful. ;)
This post has been deleted by its author
What we need is for Microsoft to make a clean copy of Windows available at no extra charge to anyone who buys a Windows computer.
You mean like the image you get with the Windows Media Creation Tool? It looked pretty legit and clean Windows to me.
I also requested physical media for my Dell Inspiron. The USB key they sent me also contained clean Windows 8 without any of the OEM crudware.
Uninstall all vendor software
Wouldn't work in this case - as seen in the previous article, once you remove this root CA, a simple reboot and it comes back.
I hope this hurts Dell significantly. This sort of thing must be stamped out.
Vic.
How would you KNOW you have the authentic DNS entry?
There has to be someone "trusted" somewhere and the whole system we have is carefully crafted so that there's a plethora of untrustworthy someones lurking around every corner. Good luck getting your fix for that ratified by the IETF and adopted by the "extremely" complicit US megacorps.
If someone sells me a lock for my front door knowing that it can be opened with a screwdriver, then they haven't sold me the secure lock that I thought I'd bought.
It's high time that manufacturers were held accountable for the security holes that they leave in their products. These issues cost real people time and money to fix, and they can be so easily avoided with a little bit of diligence.
...it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers.
Whenever I read about companies wanting to service their customers, I automatically think of this definition :
Service: the act of a male animal copulating with a female animal.
I think that definition aptly fits their attitude to us these days.
Nah, every IT department I've worked in has simply wiped the laptops as they come in,same for desktops. Get our own pre-build on them with apps installed etc. This is more of a home user issue.
Heck even at home I wipe any pre-builds I'm asked to setup for people, less guff and usually takes less time than stripping off that Mcafee internet suite that's pre-installed.
So, DELL's "Patch" exe (What, no script? WIndows - always like a Zimmer frame of computing) seems to have banished the certificate. For now.
Dell: "A software update process will run from November 24 that will remove the certificate automatically from machines"
Really? Dell has some software running on my machine that can unilaterally alter the system without any decision on my part?
The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easiercustomer support experienceway for us to cram yet more SPAM down our unsuspecting "customers'" throats. Unfortunately,the certificate introduced an unintended security vulnerability.we got caught, dammit!
There, FTFY
The recent situation raised is related to an on-the-boxsupportbackdoor certificate intended to provide abetter,faster and easiercustomer support experienceway for us to cram yet more SPAM down our unsuspecting "customers'" throats.Unfortunately,the certificate introduced an unintended security vulnerabilitywe completely fucked it up, dammit!
There, FTFY
;)
Hey Dell, how about you bloody ASK before grabbing my System ID without my permission.
Hey The Register, How about you get rid of those 16, yes 16 tracking Beacons installed on THIS PAGE that Ghostery is kindly blocking for me!
YOU TRACK ME AND THEN SELL ON MY TRACKING INFO
At least with Dell it is not deliberate, it is just incompetence.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
