Dell's response to motherboard malware causes confusion

The company has been slow and sloppy in providing clear details on the vulnerability, leading to customer frustration

Dell has another (yes, I'm going to say it) Motherboard-gate on its hands, though instead of overheating PC motherboards, they're malware-infected server motherboards. Apparently, the company's attempt at addressing the issue with quiet precision hasn't quite worked out, causing more confusion and drawing more attention to the problem than Dell likely would have preferred.

Dell acknowledged the problem publically in a Dell Support Forum in response to a purported customer inquiry about the issue. The customer stated that he had received a troubling call from someone claiming to be Dell service rep who told him the replacement motherboard he'd received for his PowerEdge R410 server contained spyware in its firmware.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

The author of the post said the call was more alarming than helpful in that the rep was non-technical and could not provide any details about the problem. Evidently, he turned to the Dell support forum for answers because he couldn't find them elsewhere. "Does Dell have an official article documenting this issue and laying out further details and the potential risks?" his post said. "Obviously it causes me grave concern [to] be informed of a vulnerability but not have all of the technical details, especially when they asked to be able to schedule the service call to resolve the issue at least ten business days in the future," he wrote.

Enter Matt McGinnis, Dell's senior strategic marketing manager for Dell PowerEdge servers. McGinnis acknowledged the malware problem and said the phone call was legitimate, as that was Dell's planned approach to alerting customers to the problem.

McGinnis went on to discuss it in vague terms. Since then, he's shed more light on the problem -- including the fact that the malware resides not in the firmware but in the flash storage on the motherboard:

  1. "This issue does not affect any Dell PowerEdge servers shipped from our factories and is limited to a small number of the replacement motherboards only which were sent via Dell's service and replacement process for four servers: PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410. The maximum potential exposure is less than 1 percent of these server models.
  2. Dell has removed all impacted motherboards from the service supply. New shipping replacement stock does not contain the malware.
  3. The W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware.
  4. All industry-standard antivirus programs on the market today have the ability to identify and prevent the code from infecting the customer's operating system.
  5. Systems running non-Microsoft Windows operating systems cannot be affected.
  6. Systems with the iDRAC Express or iDRAC Enterprise card installed cannot be affected.
  7. Remaining systems can only be exposed if the customer chooses to run an update to either Unified Server Configurator (USC) or 32-bit Diagnostics."

McGinnis's response does address the problem pretty soundly. However, the company's approach to alerting users to the problem isn't sitting well with some customers. "So why is there no information in the recall links or other readily obvious place on the site?" one forum user posted. "I also received a call about it, but had no way of knowing if this was a legitimate issue."

Another user, in fact, even questioned whether McGinnis was who he claimed. In his post, he didn't mention his full name, title, or any other such information; he just posted under the screen name DELL-Matt M. Only by registering for the Dell Support Forum can you click on his hyperlinked screen name to see his bio which reveals his full name and title.

There has to be a customer service (and PR) lesson somewhere for Dell. For example, when alerting customers to troubling security issues, provide plenty of details up front or in written form, rather than having a non-technical rep vaguely describe the issue over the phone. That way, customers won't end up confused and frustrated, airing dirty laundry in a public forum.

Also, perhaps there's a lesson in choosing suppliers with greater care, though I'm curious to see what the next faulty Dell motherboard does. Maybe it won't function properly if installed too snuggly.

This article, "Dell's response to motherboard malware causes confusion," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.


Copyright © 2010 IDG Communications, Inc.

How to choose a low-code development platform