Fuck you, Dell. Because of your root CA with free matching private key that you put on everyone's systems.



  • There are two issues you need to be concerned with. One related to new machines purchased, and one related to the AUTOMATIC DRIVER INSTALLATION PROGRAM.

    TL;DR: If you bought a DELL in the last 6 months, you are probably impacted. If you've used the driver install program, you're probably impacted.

    Please be aware that this program has the possibility of being installed on ANY Dell PC or laptop.



  • Bonus points on them demonstrating the seriousness of this flaw.

    Huge negative points on using the "dude you're getting a..." headline.



  • @blakeyrat said:

    Huge negative points on using the "dude you're getting a..." headline.

    How else will they get through to these keeds if they can't make 20 year old pop culture references?



  • This was already posted here a few days ago, by @cartman82. But yeah, not good. Thankfully they provide a removal utility, so they're not as shitty as Lenovo was (i.e. using a rootkit). Seems like a moronic dev thought "oh, CA, good idea!" without understanding crypto (which happens a lot).



  • The first one was, not the second that's included with the dell driver tools from what I can see.



  • Same issue.

    Glad we migrated off of Dell years ago (pre-Windows 7) at work, and glad I've never owned a Dell at home...



  • I decided to never support Dell after their tech support couldn't even help my aunt change her screen resolution. I later learned many more reasons...



  • Is it just me thinking that relying on pre-installed OEM software at all is a major undefined?

    To me it looks like buying a used machine and immediately using it to log in to sites, buy stuff, enter credit card details and shit, trusting the "TEH MACHIEN IS READY FOR USE" written in big bold letters on the eBay auction.

    Buying a new machine and totally trusting OEM software is really the same crap, maybe subtler a bit.



  • In some cases I care more about the warranty than my privacy. For example, with some companies, wiping the system and reinstalling Windows (or another OS) can mean that you don't get to receive replacement hardware when the current hardware breaks. :<!---->(


  • :belt_onion:

    There was the time I "inherited" a desktop from a departing coworker. With a bonus install of ILOVEYOU.


  • I survived the hour long Uno hand

    @Matches said:

    If you've used the driver install program, you're probably impacted.

    I recently bought a dell laptop. According to the reviews, the thing shipped with faulty WiFi drivers that needed to be updated in order for the wireless to work reliably. Before I reinstalled Windows on it I went to their website to update the drivers. I clicked one button and was taken to a page that was specific to the exact laptop model that I had.

    I wondered at the time how they were able to identify so much information about my laptop without my intervention. I figured that the thing came with some software that reported all of that information to the website. Since I was doing a reinstall anyway, I wasn't too concerned.

    After the reinstall, I went back to the website and tried the same process again. This time I was prompted to install whatever that utility was. I promptly said NO and decided to continue to use the Windows Update drivers. For everything else, I spent about twenty seconds navigating to the page that had all of the drivers.

    Twenty seconds. That's all it takes to find all of the OEM drivers that you will ever need for a dell laptop. No malware required.



  • What is a laptop manufacturer that doesn't suck?


  • Discourse touched me in a no-no place

    @fbmac said:

    What is a laptop manufacturer that doesn't suck?

    Some of them blow instead… undefined



  • I don't think there is such a thing, but the HP Probook and Elitebook lines work out well for us (most of the time). No ROM based enforced rootkits like Lenovo, no accounting shenanigans or goofy security certs like Dell, no really cheap parts like Acer, no 156 screws all different types to take out and track if you're Toshiba (disclaimer: haven't touched one like that in 15 years, but I'm not letting that fact stop this rant), and no random parts going bad on no-name brands.

    YMMV



  • I heard a lot of bad things about hp warranty service at my area, I suspect these things vary wildly by region.



  • We're in the Midwest. Generally they're ok, but a bit of a pain to work with at times


  • Discourse touched me in a no-no place

    @Placeholder said:

    That's all it takes to find all of the OEM drivers that you will ever need for a dell laptop. No malware required.

    Not that I'm defending the practice, but that's all it takes for you. Good luck getting Grandma to figure that shit out.


  • Discourse touched me in a no-no place

    @redwizard said:

    HP Probook and Elitebook lines work out well for us

    Sure, as long as you don't get one with a mysterious CPU/motherboard failure that HP proceeds to dick around with until your warranty runs out.



  • @FrostCat said:

    Sure, as long as you don't get one with a mysterious CPU/motherboard failure that HP proceeds to dick around with until your warranty runs out.

    4510s models from 2010 were notorious for a number of problems like that. We were happy to get those recycled. Other than that, we've had one or two that were an issue right as the warranty expired.

    The bigger problem is some of the users abuse the machines and then wonder why warranty won't cover it. Examples:

    1. I accidentally closed the lid on my mouse. Now the screen is cracked. Warranty covers that, right? (Um, NO.)
    2. When asked why the laptop casing was bent, person admitted they were angry and "threw it across the room." It's insured, right? (NO.)
    3. Dropped from the top of the stairs. (No, manufacturer isn't paying for it. You are.)
    4. One laptop was brought in as "mysteriously not working, need a warranty replacement." Our tech proceeds to start taking it apart, and about 1/4 cup of coffee comes pouring out. Warranty? Don't think so.

    I could ask my techs to add more examples, but you get the idea.


  • Discourse touched me in a no-no place

    @redwizard said:

    4510s

    I had a 2160; a dv4 I bought in a store. I loved it but the particular one was a piece of junk that HP wouldn't stand by, and it pisses me off because I'd buy them in a heartbeat over Dell's boring ugly shoeboxes if it weren't for that.



  • This one?

    Pro Tip: NEVER buy Pavilions. I have seen nothing but junk from that line since I can remember. (EDIT: The models I quoted above were Probooks.)

    One particular case some years ago, my sister got a Pavilion laptop with an extended warranty from Best Buy (and you're about to find out why I refuse to buy warranties from Best Buy). About a year into the 3 year plan, the unit started randomly failing to boot. She took it into the Best Buy, got it back - no repro, no fix. I went with her to take it back in again and insisted they test it several times a day for up to a week and document how often it failed. Sure enough, it failed enough that they sent it to the service center for repair. Service center sent it back NOT repaired, saying they can't fix it. No compensation, nothing.

    The kicker? Six months later, HP released a firmware update that, if you're able to get the laptop to boot successfully, you could apply the update and problem solved!

    So not only do I avoid Pavilions to avoid headaches, I refuse to get a Best Buy warranty on anything (not that I shop there much anymore anyhow). If the salesman tries to persist, I simply inform them of this experience, then ask them: "since your warranty was worthless to me then, why should I buy another one now?"


  • Discourse touched me in a no-no place

    @redwizard said:

    This one?

    Basically, yes.

    @redwizard said:

    Pro Tip: NEVER buy Pavilions.

    Great, now if you want to go back to Christmas 2009 and let me know that, I'd be much obliged.

    @redwizard said:

    About a year into the 3 year plan, the unit started randomly failing to boot.

    That's basically what happened to me, as detailed elsewhere on this forum: the damn thing quit booting, just flashing the caps lock LED in a pattern that indicated "dead CPU". No extended warranty, so I sent it back to HP, and they proceeded to repeatedly fail to fix it until the warranty ran out.



  • Consider filing a BBB report, next time it happens.


  • Discourse touched me in a no-no place

    @redwizard said:

    Consider filing a BBB report, next time it happens.

    Yes, although there's not going to be a next time, at least not with HP--not unless I can figure out a way to get them to give me a new laptop.



  • At least Dell gave security a thought when they wanted to send this information across the web, sadly that's not something which can be taken for granted.

    I still don't know why they needed to do this though, Dell's Asset Tag thingy makes it super easy to find the right page on their support site. Are people really that dumb that they can't find the asset tag on the bottom of their new laptop? Or do their customers tear that tag off because they "don't like stickers on the underside of my fancy new expensive laptop"?



  • While we're on the subject of HP, my new desktop is an HP Envy 750z so I'll be sure to keep you guys posted if weird stuff starts happening. So far it works great, but it's still very new.

    (I'm not really one to build my own computers...)



  • Acer.


  • Discourse touched me in a no-no place

    @AlexMedia said:

    Are people really that dumb that they can't find the asset tag on the bottom of their new laptop?

    I'm gonna go with "yes".


  • area_deu

    Microsoft themselves?


  • area_deu

    I loved loved loved my Acer TimelineX.
    After about 3 years however, it was mostly unusable (dead keyboard keys, broken hinges, won't boot from HDD).
    Bought an ASUS as a replacement which seemed decent.
    But now? The ASUS pisses me off so much - especially the touchpad.

    I'm planning to get an Acer Aspire V Nitro (Skylake!) soon.



  • Update: Dell has acknowledged it's a problem, thanked the Redditor that brought it to their attention by both name and username, released an updated removal tool and manual removal procedure, and got at the very least Microsoft to blacklist the cert.

    They may have originally been incompetent, but they handled this very responsibly.


  • Grade A Premium Asshole

    @Greybeard said:

    There was the time I "inherited" a desktop from a departing coworker. With a bonus install of ILOVEYOU.

    It is a shame that you did not find out about their feelings until they had left. You don't know what you have until its gone...


  • SockDev

    @TwelveBaud said:

    They may have originally been incompetent, but they handled this very responsibly.

    indeed, it's a shame more businesses don't behave this way.


  • area_deu

    @accalia said:

    indeed, it's a shame more businesses don't behave this way.

    Like the ones who don't do such BS in the first place?


    Filed under: Who am I kidding, the others probably do it, too


  • Winner of the 2016 Presidential Election

    That's what we said about Lenovo too... 😛


  • SockDev

    @aliceif said:

    Like the ones who don't do such BS in the first place?

    well ideally, yes. but mistakes are made sometimes. it's important to own up to them and work quickly to mitigate as much damage as possible as quickly as possible when the mistakes are made.



  • @accalia said:

    indeed, it's a shame more businesses don't behave this way.

    Once they get caught?!
    They could just not do it.


  • Discourse touched me in a no-no place

    @loopback0 said:

    They could just not do it.

    undefined


  • SockDev

    @loopback0 said:

    @accalia said:
    indeed, it's a shame more businesses don't behave this way.

    Once they get caught?!
    They could just not do it.

    one step at a time...



  • @aliceif said:

    Acer

    @aliceif said:

    After about 3 years however, it was mostly unusable (dead keyboard keys, broken hinges, won't boot from HDD).

    @redwizard said:

    no really cheap parts like Acer

    Q.E.D. Anecdote, thank you.



  • @accalia said:

    indeed, it's a shame more businesses don't behave this way.

    @sloosecannon said:

    That's what we said about Lenovo too... 😛

    Citation please.

    Last I checked, [Lenovo][1] not only did not (you had to get instructions on how to from elsewhere), but [reinstalls the rootkit from the BIOS in their own devices][2]!

    @loopback0 said:

    Once they get caught?!
    They could just not do it.

    +1
    [1]: https://what.thedailywtf.com/t/anyone-posted-the-lenovo-malware-news-yet/8265
    [2]: https://what.thedailywtf.com/t/lenovo-laptops-using-rootkit-like-techniques-to-install-their-software/50519



  • @redwizard said:

    One laptop was brought in as "mysteriously not working, need a warranty replacement." Our tech proceeds to start taking it apart, and about 1/4 cup of coffee comes pouring out. Warranty? Don't think so.

    I really lucked out with my new ASUS laptop and its Accidental Damage Protection plan, after I somehow poured about half a cupful of water into it after owning it for all of three weeks. I had to pay for shipping back to their RTM dept in Ontario, but I got it back about a week later (with the C:\ drive mysteriously reimaged back to Win8.1, but that was easily fixed). That could've been a lot more expensive...



  • @fbmac said:

    What is a laptop manufacturer that doesn't suck?

    Acer and Asus are both about as unaffected by a history of major fuckups as any you'll get; pick Acer if you like pretty, Asus if you like solid.

    Lenovo still makes the most reliable laptop hardware AFAIK, and is a good choice if you're going to install the OS yourself. Which you should do anyway, regardless of manufacturer - I have never even once seen a factory OEM image I thought was better than a vanilla Windows install.


  • BINNED

    @flabdablet said:

    Lenovo still makes the most reliable laptop hardware AFAIK

    Eeeeeeh. Their cheaper models are kinda flaky lately from what I saw. So if you want a cheapy thing I'd say look somewhere else.



  • @Onyx said:

    if you want a cheapy thing

    I am unaware of any cheapy laptop that isn't fundamentally shitty, though I'm sure Ben will be along shortly to explain why, in the case of Chromebooks, that shittiness doesn't matter.


  • SockDev

    @flabdablet said:

    though I'm sure Ben will be along shortly to explain why, in the case of Chromebooks, that shittiness doesn't matter.

    well i have a cheapo chromebook for the express purpose of traveling with the robotics team where i want internet access at events but don't want to risk more expensive kit.

    the nice thing about the chromebook is it's infinitely replaceable, cheap, no local stored data. that's kind of important when you are traveling with teenagers that are known to be very rough on kit.

    i wouldn't use one of the cheap chromebooks for day to day, but the 2015 Pixel is actually pretty sweet, particularly when i install crouton and get a full linux or windows VM going there.



  • @accalia said:

    the 2015 Pixel is actually pretty sweet

    Specs look nice, but I can't see how much they want for it. Could it be reasonably described as a "cheapy laptop"?


  • SockDev

    add $300 to double RAM, storage and upgrade to an i7.

    pricy, but given the specs not extortionately so (unlike apple which would happily charge you a grand for an i3, with 2GB of ram,(or some other rediculous setup(is it obvious that i don't like apple? (it is? good!))))



  • @accalia said:

    pricy, but given the specs not extortionately so (unlike apple...

    There are plenty of manufacturers which will sell you a decent spec laptop that isn't a Chromebook for similar money or less.

    If we're bringing up Apple for some unknown reason though... Macbook Air with an i5, 8GB RAM and 128GB SSD is $1099. $100 for more storage and freedom from the cloud.


  • SockDev

    @loopback0 said:

    There are plenty of manufacturers which will sell you a decent spec laptop that isn't a Chromebook for similar money or less.

    yes, there are. i didn't say there weren't

    @loopback0 said:

    Macbook Air with an i5, 8GB RAM and 128GB SSD is $1099.

    yes, but it's apple, so ick, also doesn't the air have like no USB ports at all and no card reader slot either?

    and no, a partial depth SD card slot does not count. if you don't have the room for a full depth SD card slot then fecking well put in a microSD card slot instead. none of this baloney where the card sticks out past the edge of the device when fully inserted!

    @loopback0 said:

    $100 for more storage and freedom from the cloud.
    yes, but again, apple.

    also i have a 256GB SD card in the full size, full depth SD card slot on the chromebook, so i have the storage, and the freedom from the cloud that comes with it.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.