Dell's response to motherboard malware causes confusion
The company has been slow and sloppy in providing clear details on the vulnerability, leading to customer frustration
Follow @tsamson_IW
Dell has another (yes, I'm going to say it) Motherboard-gate on its hands, though instead of overheating PC motherboards, they're malware-infected server motherboards. Apparently, the company's attempt at addressing the issue with quiet precision hasn't quite worked out, causing more confusion and drawing more attention to the problem than Dell likely would have preferred.
Dell acknowledged the problem publically in a Dell Support Forum in response to a purported customer inquiry about the issue. The customer stated that he had received a troubling call from someone claiming to be Dell service rep who told him the replacement motherboard he'd received for his PowerEdge R410 server contained spyware in its firmware.
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
The author of the post said the call was more alarming than helpful in that the rep was non-technical and could not provide any details about the problem. Evidently, he turned to the Dell support forum for answers because he couldn't find them elsewhere. "Does Dell have an official article documenting this issue and laying out further details and the potential risks?" his post said. "Obviously it causes me grave concern [to] be informed of a vulnerability but not have all of the technical details, especially when they asked to be able to schedule the service call to resolve the issue at least ten business days in the future," he wrote.
Enter Matt McGinnis, Dell's senior strategic marketing manager for Dell PowerEdge servers. McGinnis acknowledged the malware problem and said the phone call was legitimate, as that was Dell's planned approach to alerting customers to the problem.
McGinnis went on to discuss it in vague terms. Since then, he's shed more light on the problem -- including the fact that the malware resides not in the firmware but in the flash storage on the motherboard:
