In its “Response to Concerns Regarding eDellroot Certificate”, Dell says that it “deeply regrets” introducing a huge security hole on customers’ computers that could see criminals eavesdrop on your private communications – but it falls short of an apology.
Of course it regrets that customers might think twice before buying Dell PCs and laptops in future, and that its users’ trust has been shaken by the company’s Superfish-style antics, but it doesn’t saying anything as simple as “We owe you an apology. We’re sorry. We were wrong. We let you down.”
If I upset my wife, trust me the correct response is not to say “I deeply regret” whatever happened.
Here is what Dell had to say to its customers:
Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.
The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.
We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.
Your trust is important to us and we are actively working to address this issue. We thank customers such as Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, who brought this to our attention. If you ever find a potential security vulnerability in any Dell product or software, we encourage you to visit this site to contact us immediately.
Yes, I’m pleased that Dell says it will start rolling out a fix, but it would still have been nice if it had said sorry to customers.
I have to assume that Dell isn’t sorry because the company has passed up a great opportunity to apologise to the home and business customers who may find it disturbing that their privacy and security was put at risk because of software that Dell put on their computers.
You won’t find any “sorry” on Dell’s official Twitter support account, @DellCares, either where they just drily point concerned customers to the above statement.
It’s almost like Dell’s support team have been told not to say sorry.
Maybe it’s the lawyers who are stopping companies from putting their hands up and admitting they did wrong after virtually every security snafu and data breach. But I don’t think it’s a good way to rebuild a relationship with customers who were put at unnecessary risk.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.