New Dell laptops have Rogue certificate installed

Basically Dell self-signed the certificate and the key for it is now public on the internet.

Removing it as suggested, it appears it comes back after reboot. This could turn out to be quite serious as using the key means

someone could set up a spoofed website and no warning would be given. This applies to all browsers apart from Firefox.

http://news.thewindowsclub.com/rogue-certificate-edellroot-dell-laptops-80921/

Statement from Dell

http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate

Test here to see if your Dell is vunerable.

https://edell.tlsfun.de/

More info about this here... it is a serious issue

https://isc.sans.edu/diary/Superfish+2.0%3A+Dell+Windows+Systems+Pre-Installed+TLS+Root+CA/20411

Thanks, hazelnut.

I will notify the folks I know who own newer Dells.

@login123,

it may not just be 'newer' Dells.

if it's all tied in with Dell Foundation Services, I've seen that on Dells for quiet a while, like a year or two it seems - maybe more.

it's one of the bloatware programs I remove from Programs & Features whenever I come across a Dell PC.

if it's all tied in with Dell Foundation Services, I've seen that on Dells for quiet a while, like a year or two it seems - maybe more.

it's one of the bloatware programs I remove from Programs & Features whenever I come across a Dell PC.

''In this case, it is not sufficient to just remove the CA. Dell Foundation Services will reinstall it. This is why you need to disable Dell Foundation Services first, or delete the Dell.Foundation.Agent.Plugins.eDell.dll.''

Thanks mta.

Hazelnut, I had read that, thanks.

In your first link it says also:

"We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it."

So I'll just tell'em to do a thorough checkup.

Seems like Dell should do more in the way of remediation than just remove the certificate.

If the computer is gummed up by their mistake, they should fix it completely.

Test here to see if your Dell is vunerable.

https://edell.tlsfun.de/

Sent that link to my mom so she can test her new Dell laptop, and told her if it is vulnerable to download the Dell updates.

My mothers Dell laptop didn't even have it. Maybe because it was new and Dell was aware of it?

My laptop wasn't vulnerable.

I'm pretty sure my laptop had that program on it when I got it but I uninstalled all of the dell programs when I got it. Only thing I have on here by dell is "Dell System Detect" which is used to update drivers online.

My laptop is from earlier this year. Dell Inspiron 13 7352, came with windows 8 but now runs windows 10.

I've been very happy with this laptop. Its fast, well made, and gets pretty good battery life. I have the I7 version.

This was a bonehead move by dell but its nowhere near as bad as Lenovo. I was actually looking at a pretty nice thinkpad when that scandal happened and went with this dell instead.