When you sell as many computers as Dell does, all it takes is one small screw-up to create a security catastrophe. In this case, computers sold as far back as August of this year may have shipped with a compromised security certificate that could lead to a complete breach through a trivial exploitation of that certificate. So far, Dell has refused to disclose exactly which products are affected, but reports are confirming their Inspiron, XPS, Precision and Latitude lines are shipping with this problem. They are admitting that the problem exists, have published instructions on how to manually remove the compromised certificate, and will be releasing a software update to remove the certificate altogether. If you’ve purchased a Dell since Spring of this year, you should probably read on.
What this means for (some of) you:
In case the above didn’t contain enough technical jargon to convince you of how serious this is, let me unload on you: Dell shipped a slew of computers with a self-signed security certificate installed as a root trusted authority, and left the private encrpytion key on the devices. Even if you only understood part of that sentence, I’m betting you can intuit what publishing a private key does to the certificate. Yes, that’s right, it’s like sending everyone keys to your front door with your address printed on the key. Why this is a big deal is also fairly simple to explain. Because this key is essentially available for anyone to use, any reasonably proficient hacker could set up a fake hotspot at your local coffee shop, wait for a Dell computer to walk in, and then pretend to be Dell while unencrypting all of your network traffic. If that sounds bad, then you are picking up what I’m putting down. What do you do if you have an affected computer? Here are the instructions on manually removing the bad certificate, or wait for Dell to release a fix, which is schedule to arrive as of the time of this writing.
Full Disclosure: C2 Technology Partners, Inc. is a Dell Partner, meaning we sell Dell equipment and services, though after this particular goof, perhaps not as much as we had in the past.
Want to know more about security certificates? Here’s a reasonably straight-forward explanation of what they are and how they work.
Though its still used on over half of all Windows-based computers around the world, Microsoft has stopped providing certain versions of Windows 7, specifically Home Basic/Premium and Ultimate, to computer manufacturers worldwide. Once the current inventory runs out, the only computers that can be bought with Windows 7 will be business-class machines (such as Dell’s Optiplex and Latitude model lines) with the “Pro” or “Enterprise” version installed. Everything else will be Windows 8 or 8.1 until Microsoft launches Windows 10 mid-next year.
What this means for you:
While it’s true that the average consumer may have trouble purchasing a Windows 7 machine for the foreseeable future, Microsoft has no intention of cutting off support for Windows 7 like it did for Windows XP earlier this year. There is still a very large base of enterprise installations running contentedly on 7 and some companies have only just recently completed their migration from XP! Microsoft will continue to provide licensing avenues for companies that need to expand their existing Windows 7 fleets, and most IT organizations appear content to wait to see what Windows 10 has in store for their companies as opposed to switching their operations to the much maligned 8.
All this being said, if you need a new computer, don’t let the lack of 7 or the presence of 8 deter you from a purchase. As mentioned above, it is still possible to purchase Windows 7 Pro machines, though they come with a premium price as compared to the cheaper consumer lines that sold with Windows 7 Home. If you can’t get a Windows 7 machine, consider shopping for one that has 8.1 (not 8), which has multiple improvements (mostly under the hood) over its predecessor. Be prepared for some transition pain – mostly in learning how to navigate Windows 8’s dual-personality interface, but once you get settled in, the experience will largely be the same as what you enjoyed in Windows 7.
Dell, on the tail-end of a dismal earnings report that failed to meet Wall Street’s expectations, has been busily diversifying its product offerings in the face of flagging PC computer sales. The fruit of one of those diversifications is coming from Dell’s recently purchased WYSE division, a manufacturer known most prominently for their thin-client platforms, in the form of an extremely small thin-client that can be plugged directly into the HDMI port of late-model monitors and TV’s to create a “computer on the go.” Dubbed “Ophelia” this device is just slightly larger than a USB flash (nee thumb) drive, and will run the Android 4.0 OS natively, but can also hook into virtualization platforms from industry standards VMWare, Citrix and Microsoft. Expected to arrive in July for developers and the general public this Fall, Ophelia is expected to cost approximately $100.
What this means for you:
More and more businesses are turning to virtualization and cloud-based resources, one of many factors that is contributing to Dell’s weakening PC sales. The purchase of WYSE was a shrewd move, assuming this trend continues, and we don’t see a rebound like the industry saw in the 80’s with it’s first romance with the client-server model. Unlike the first go-round with client-server technology, today’s thin clients are more than powerful enough for the average knowledge worker’s needs while still being easier and cheaper to maintain than a fleet of standard desktops. The move to ultra-portable seems to be a natural next step, given the modern workforce’s growing acceptance of mobility, and may be a much-needed shot in the arm for Dell.
Should you go out and buy one? At $100, it may add another layer of sophistication to your fancy LCD big-screen in the living room, or add a valuable and extremely portable resource to your traveling business kit. It’s still way too early to tell, but basing it on Android will give the device a solid app eco-system that will hopefully prevent it from being just another addition to the drawer of lost technology toys.