
Dell does a Superfish, ships PCs with self-signed root certificates - devhxinc
http://arstechnica.com/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/
======
rdancer
The force that should prevent customer-hostile behaviour is brand reputation,
and risk of lawsuits. Unfortunately, the unit profit from the sale of a Dell
or a Lenovo laptop is at or below zero, while the fixed costs remain
incredibly high. So the business changes. The vendor fights for survival, and
both QA and long-term thinking have been brought to the chopping block.

The only to win this game, both for producers and consumers, is not to play.
Don't let a company that sells shitty PCs install software for you.

------
krylon
At work we use quite a few Dell laptops.

If I had the time, I would install Windows from scratch on each and every
machine anyway, just to get rid of the insane amounts of, uh, stuff that
typically come preinstalled on machines these days.

But the only cases where I could justify the effort were machines for our
automation people, because those came with Windows 8/8.1 preinstalled, and
currently, Siemens only supports their Simatic/WinCC software on Windows 7.

 _Sigh_ Does anybody know of an easy way to remove this certificate?

I seriously would like to know what's in it for Dell. I mean, creating the
certificate and putting it into their install images meant additional work.

~~~
Orangeair
I don't know how to do it through group policy or anything fancy like that,
but have you tried running certmgr.msc and deleting it through there? I can't
test it on my computer since I don't have a dell, but clicking on a
certificate gives me a delete option in the menu bar. The cert you're looking
for should be under "Trusted Root Certification Authorities"

~~~
krylon
Thanks for the hint. I do not have a Dell laptop handy, but I will try to get
my hands on one. Hopefully, this can be automated in some way.

------
coreyp_1
Seriously, why do these technology companies do this?!?

~~~
delish
I find it funnny that "seriously" in your post turns your sentence into a
rhetorical one. Still I'll try to answer your question.

Large companies make ten thousand software changes per year, a few of them are
bound to be perceived as dangerous and nefarious. For me, the stasistical view
is more useful than the attempt to find motive.

I don't blame them. 99% of their changes are benign. but I don't suffer the
illusion that they're consciously working in my interest. Asking, "why did
they do this?" implies that that this action is different from past ones. I
group all those actions together as "actions of a large corporation."

edit: phrasing.

