Yesterday Dell announced a security vulnerability that it inadvertently introduced on its XPS, Precision and Inspiron computers. While they are releasing an automated patch today that is supposed to remove this exposure, they have documented instructions to remove it now.

This applies to machines purchased during or after August, 2015.

We've digested this down to a much simpler process than described elsewhere. Here's how you do this:

1. Go to http://www.interconnected.com/links.

2. Find the link to the Dell utility to remove this. It's called Dell eDellRoot Certificate Remover.

3. Click on that link. Allow the utility to be saved, and open the folder where the utility was downloaded. How you do this depends on which Internet browser you use (Internet Explorer, Google Chrome, Firefox). The program is currently called eDellRootCertFix.exe.

4. Right click on that utility and select Run as administrator. The utility will run and remove this issue, if it is present.

That's it! We have no reason to doubt that this was an inadvertent error on Dell's part, and that this utility will clear up the issue without further issues.

As always, please contact us if you have questions, need assistance, or want us to do this for you!

----------------------------

Addendum on 11/25/15:

Another certificate was uncovered and described as a security issue.

Laptop Magazine published steps for removal of both. We present an abridged text version of those instructions here:

1. Right-click on the Taskbar, and select Task Manager or Start Task Manager. -
2. Tap More Details in Windows 10.
3. Select Services from the row of tabs
4. Tap Open Services on the bottom of the window. (In Windows 7, the button is simply Services.)
5. Select Dell Foundation Services.
6. Select Stop the service on the left side of the window.
7. Open File Explorer.
8. Tap on the path field, type "c:\Program Files\Dell\Dell Foundation Services" and click Return.
9. Right-click "Dell.Foundation.Agent.Plugins.eDell.dll"
10. Select Delete.
11. Click the Start button Type "certmgr.msc" into search field. 
12. Tap on certmgr.msc from the top of the Start menu's search results.
13. Select Trusted Root Certificate Authorities from the menu on the left side of the window.
14. Tap on Certificates from the menu on the right side the window
15. Right-click on DSDTestProvider if you see it on the right side of the window
16. Select Delete.
17. Tap Yes to confirm.
18. Right-click on eDellRoot on the right side of the window.
19. Select Delete.
20. Tap Yes to confirm.
21. Tap on the Start button.
22. Select Power.
23. Tap on Restart.
24. Repeat steps 11–14 to view your Trusted Root Certificate files. The DSDTestProvider and eDellRoot certificates should now be gone. If they're not, repeat the steps above

(Laptop Magazine post - http://www.laptopmag.com/articles/remove-dells-sloppy-security-software)

It’s been pointed out that we haven’t updated this topic for awhile. In case you have been wondering, some interesting changes, and some interesting consistency, here:

https://www.nsslabs.com/reports/browser-security-comparative-analysis-report-socially-engineered-malware

For this key source of malware – Socially Engineered Malware, Internet Explorer remains at the very top, as it has been for some time, Chrome is a pretty good third place, and Firefox and Safari are, as they have been for several years, at the very bottom. Our recommendations for browser use are unchanged: use the most secure browser available on your platform, keep your operating system up to date, and use Norton Internet Security.

(Note: at this point we do not have enough information about the two new Chinese browsers to make a recommendation regarding them one way or another)

There has been a great deal of press about this vulnerability in recent days, and it’s difficult to determine exactly what an individual’s exposure is, reading through the coverage. Think of the Year 2000 issues but imagine if everyone had just realized the issue on December 31, 1999. On a smaller scale, that’s pretty close to the chaos that’s ensued since this was identified.

Generally, there is little a user of the internet can do directly to protect him/herself from this, since this exposure happens on a service provider’s serverand not on the user’s computer. Further, while many security vulnerabilities give the bad guys access to stored information (credit card numbers, passwords, account numbers, etc.), this one gives unauthorized access only to a snapshot of what happens to be in a server’s memory at a point in time. A subtle difference, but an important one when considering the exposure.

Our best advice: if you’re worried about a given password – either because it’s for a service that was affected, or because you use it in multiple places, or “just because”, then change it. Change it to a “good” password. One that is 8 or more characters long, and uses three of these four groups: upper case letters, lower case letters, numbers, special characters. Don’t use your name, or your dog’s name, or your birthday (or your dog’s birthday) in the password. If you use a word or number in the password, make sure it’s not one that can easily be tied back to you. For example, DAF!090657 technically would be a “strong” password, but it could be cracked, if I used it, in a fraction of a second by password cracking software. Passwords that are a random jumble of letters, numbers and special characters are best, but are hard to manage unless one uses a password manager like Roboform or LastPass.

Keep in mind that if a provider of service for you has identified but not yet patched this exposure, you’ll have to change the password again after the service is patched. If you use the same password (as you should not) for multiple online services, then you put yourself at additional risk for two reasons: 1) because a password mined using a vulnerability like this could be used to access your information at multiple online services, and 2) because, if you change your passwords now but one or more smaller services you use hasn’t patched this vulnerability yet, you’ll have to change them all again. You should never use the same password at multiple sites, for just these reasons. For now, changing your password at larger, affected sites, monitoring email traffic about online services, and monitoring credit card statements, is about as much as a user can do.

Broadly speaking, Amazon.com, Apple services (me.com, icloud.com), eBay, Evernote, LinkedIn, Microsoft services (msn.com, hotmail.com, outlook.com), PayPal, Twitter were not affected by this.

Broadly speaking, Amazon Web Services, Dropbox, Facebook, Twitter, Google/Gmail, and Yahoo were affected, and have patched their systems to eliminate the exposure. It would be a good idea to change your passwords at these services.

You’ll notice I mentioned Twitter in each group, above. See how hard it is to tell?

If you have a service provider that is not one of the big ones (a regional bank, or smaller provider of some service), you should contact that provider to determine its status.

From a service provider perspective, the services that are at the heart of what Interconnected Technologies uses and recommends for our clients were not and are not vulnerable to this issue. Zendesk (our helpdesk service), Freshbooks (our time tracking and billing service), PayPal and Stripe (our credit card processing service), Wells Fargo (our banking service) Rackspace (Exchange service), Jungledisk (backup service), Egnyte (file services) and all services from Microsoft were not affected by this issue.

Only one service widely used by some Interconnected Technologies clients, Google Apps, was vulnerable to this, since it’s based on Gmail. Google patched the vulnerability immediately, and so the cautious approach would be to change any Google / Gmail / Google Apps passwords now. Contact us if you have questions about this or need help doing this.

These are some reference sites for this issue. A quick look will show that things are still in a state of flux as of this writing:

• https://lastpass.com/heartbleed/
• https://filippo.io/Heartbleed/
• http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

This is a very fluid and murky situation in which we find ourselves. The outline above is a good general guide, but as always we stand ready to provide our clients with tailored advice and solutions for their unique situations and needs.

We’ve posted this before – on April 8, 2014 support for Windows XP ends:

http://www.interconnected.com/interconnectnow/2013/12/14/hackerrsquos-playground.html

Here’s some more information which, if it comes to pass, could cause additional ripples. Stay tuned folks – should be interesting.

http://www.networkworld.com/community/blog/why-april-9th-might-be-its-worst-day-2014?t51hb 

And, of course, if you are an Interconnected Technologies client and have Windows XP machines, or have concerns about this event – ask us. If you’re a Managed Services client, we’re keeping on top of your computers. If not, we might want to talk about this in the first quarter!

There has been a great deal of press lately about the Flame or Flamer virus taking over the world and doing all sorts of nefarious things. Interconnected Technologies clients need not worry about this, however, since we always ensure that Norton Antivirus, Norton Internet Security, Norton Security Suite or Norton Business Suite (depending on the client, the internet service and the business need) is installed and protecting all client machines.

Here is a recent communication from Symantec about this:

This is one of the many benefits of doing business with Interconnected Technologies, and we thank our clients for entrusting their I/T security, among other things, to us!