AuthentificationCyberCrimeFirewallSecuritySecurity ManagementVirus

Dell Helps PC Owners Remove ‘Superfish-Like’ Rogue Certificate

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Google + Linkedin Subscribe to our newsletter Write a comment

Dell confirms it installed certificate but says it was to help customer service, nohing malicious

Dell has issued instructions on how to remove a self-signed root certificate from a number of its PCs after users raised security concerns in an episode reminiscent of Lenovo’s Superfish controversy earlier this year.

The Austin, Texas-based firm confirmed it was Dell Foundation Services that installed the ‘eDellRoot’ certificate, but stressed its existence was for customer support reasons – not like Superfish, which was used to inject adverts onto affected systems.

Those who discovered the offending certificate claimed it was a risk to any affected system, but Dell has not revealed which of its products are impacted.

Dell certificate

Michael-Dell“Customer security and privacy is a top concern and priority for Dell,” a company spokesperson told TechWeekEurope. “The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience.

“Unfortunately, the certificate introduced an unintended security vulnerability. To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support.

“We are also removing the certificate from all Dell systems moving forward. Note, commercial customers who reimage their own systems will not be affected by this issue. Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process.”

Dell will also issue a software update removing the certificate later today.

It remains to be seen what reputational damage Dell will suffer, having already witnessed the backlash against Lenovo following Superfish. However the firm is adamant there was no malicious intent behind the certificate and it was only intended to aid customers.

“The certificate is not malware or adware,” Dell said in a blog post. “Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information.”

Do you know the history of Dell? Take our quiz!