Dell in hot water over 'Superfish 2.0' bloatware
Pre-installed software on new laptops leaves users vulnerable to cyber-spying
PC giant Dell has received flak this week over a piece of bloatware that contains a vulnerability which could leave users open to being spied on when shopping or banking online.
The program - being dubbed Superfish 2.0 by some, in reference to a similar bloatware-related incident with Lenovo earlier this year - has been installed on laptops made since August, according to Reuters. It contains a root certificate that can be exploited by cyber-criminals to siphon off data, read encrypted messages are redirect web traffic.
It is not known how many devices have been affected by the software, or whether the problem is contained to specific regions.
A Dell spokesperson told Reuters that the company is aware of the problem, and that it would provide users with instructions on how to remove the certificate.
However, according to The Register, it may not be so simple to remove the dangerous certificate from laptops. The website said that the certificate automatically reinstalls itself after a restart, even when it's been deleted manually, calling it an "unkillable zombie". It is not yet known how the certificate manages to reinstall itself after each reboot.
As a result, it's likely that, when Dell posts up instructions on how to remove the bloatware with the offending certificate, the process will be technical.
While PC vendors claim that bloatware - pre-installed programs on new PCs - are designed to improve user experiences, the majority of the industry believes that they are used to gain added revenue from the low-margin devices. Experts have labelled this practice a "disturbing trend" as vendors tamper with certificate stores when loading up the pre-installed software.