Take a look at this Dell Community thread to see what I mean. It's almost comical.
These are a few problems I see:
- They are informing the public of this malware problem using phone calls, not a posting on a Web site. A customer thinks he's being scammed and posts a question to a support forum. Someone named "DELL-Matt M" replies:
"The service phone call you received was in fact legitimate... We have assembled a customer list and are directly contacting customers like you through a call campaign. On the call, you should be provided a phone number to call if you have additional questions. Hopefully you received this on your call. If not, let me know and we’ll get it to you as soon as possible so you have all of the follow-up information needed."
Another customer rightfully asks: "So why is there no information in the recall links or other readily obvious place on the site?"
- The next information about the problem is another post to the same thread from "DELL-Matt M".
"We will continue to update this forum as new information becomes available or questions arise."
This story is making the news and Dell will update customers in a forum thread?!?
- One customer then questions whether 'DELL-Matt M" works for Dell!
"Will you please post your employee number? In a phone call to Dell this morning I was told that no Dell employee wrote this...."
- "DELL-Matt M" replies:
"Yes Art, I am a Dell employee and the information I posted is accurate. If you need specific information, please contact US_EEC_escalations@dell.com.
Still no link to an official Dell story.
- Try searching for "Dell PSIRT" or "Dell security". You get nothing about the security of Dell products.
Dell needs to step up its game. It's shipping products to customers with malware, and it's "handling" the issue through a support forum.
I think my post Every Software Vendor Must Read and Heed referencing Matt Olney's recommendations is a good place to start, Dell!