Open Letter To Dell Inc. From The Security Community

March 8, 2008 – 3:05 PM

For Immediate Release. Please distribute as you see fit

December 2, 2003 — We in the antispyware, antivirus and security communities would like to express our disappointment with the new technical support policy in place at Dell Inc. Dell’s new support policy does a disservice to its customers and puts everyone on the internet at risk, including non-Dell customers, by discouraging the removal of malicious software.

Dell’s new policy came to light in a recent issue of the Lockergnome Windows Fanatics newsletter. This policy forbids Dell technical support persons from providing assistance to customers in removing infections of unwanted commercial parasites. This policy forbids providing removal instructions or recommending a spyware removal program. The policy even forbids mentioning informational web sites that can provide information about the spyware and how to remove it.

According to a Dell employee, the only acceptable response to a customer infected with spyware is to refer them to their Internet Service Provider (ISP).

A spyware-infected computer is not a problem for the ISP. This is a problem for the company that sold the customer an agreement for technical support along with their PC. Dell should honor that agreement, not pass the buck to overworked ISPs who correctly will refer people back to the PC vendor.

Dell claims that removing spyware may violate the license agreement of other software that may have installed the spyware and cites this as the reason for the new policy. Perhaps Dell Inc. is unaware that many spyware programs and most other commercial parasites are classified and targeted as viruses by industry-leading antivirus software.

Will Dell forbid employees from recommending an antivirus program? Will Dell prohibit their techs from suggesting a firewall because it might be used to block a spyware program from sending user data to its vendor? How far does this policy go before common sense prevails?

Countless thousands of people become infected with all manner of commercial parasites every day. Most of these parasites have no license agreement and exploit security flaws to install themselves. How can you violate a license that doesn’t exist? The parasites that do include a license agreement may not disclose the undesired effects they have on the user’s computer and may provide no means of removing it.

It is ironic that Dell Inc. would institute a policy forbidding advice about how to remove spyware. Dell itself includes an antispyware product on all Dell PCs that ship with a built-in DVD player.

According to Pacman’s Portal, “it seems that after Dell found out certain applications being installed from DVDs would report back information about what customers were watching, they decided to implement an anti-spyware service.” Specifically, an application called DVDSentry disables the spyware that may come with some DVD player software.

How can Dell justify a policy of withholding information from spyware-infected customers when they distribute an antispyware product themselves?

It is inappropriate for Dell to make decisions based on a license that might exist, associated with software that might be present, which might forbid removing the parasite causing problems for Dell’s customers. Dell is not associated with this software or their vendors, has no knowledge of what may or may not be in the license or even if a license exists at all.

It is understandable that Dell does not want to provide manual instructions on removing commercial parasites. Few people are qualified to provide proper spyware removal instructions today. It is probably not possible to give that sort of advice over the telephone. You need log files, links to specialized removal software and, most importantly, you need experience in removing these parasites manually.

What is not understandable and certainly not acceptable is that Dell requires its technicians to withhold information from paying customers. It is irresponsible to refuse to help a paying customer remove a parasite infection by pointing them to a site that can help them. That infected customer might infect someone else and Dell would be directly responsible for any damage that caused.

We call upon paying customers of Dell Inc. to contact Dell and ask them to retract this policy. One day it may be you asking for help and being told “Sorry, removing the virus popping up pornographic ads in front of your children might violate the license of other software”.

Dell Inc. should be more concerned for their paying customers than for persons who would distribute spyware and viruses. We call upon Dell Inc. to retract this misguided policy and allow their support technicians to refer infected customers to web sites that can help them.

Respectfully,

Mike Healan, SpywareInfo
www.spywareinfo.com

Tom Wilson, TomCoyote
www.tomcoyote.org

Bill Webb, CounterExploitation
www.cexx.org

Kevin McAleavey, Privacy Software Corp
www.nsclean.com

Mike Cashman
www.mjc1.com

Paul Wilders, Wilders Security Organization
www.wilders.org
www.wilderssecurity.com

A. Porter, SpywareGuide
www.spywareguide.com

J.Hertsens, XBlock
www.xblock.com

This letter is available in PDF format at http://www.spywareinfo.com/articles/dell/support_letter.pdf

You must be logged in to post a comment.