Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I am right or wrong to be alarmed at this tech support advice? 2

Status
Not open for further replies.
alicep

alicep

IS-IT--Management
Jul 4, 2000
75
US
I had difficulty accessing a tech support web portal for a product we use. They have updated the webportal for the maintenance agreement and I couldn't log on. I was getting an error about XP not being able to install certificate from "unknown publisher". I emailed their support and this is the response I rec'd from their tech support:

"We see that you are receiving an error "unknown publisher" when you try to install the pki certificate.
Please use the below steps:-
Open Internet Explorer
Click on Tools
Click on Internet Options
Click on the Security Tab
Click on Custom Level button
Scroll down to Download unsigned ActiveX controls
Choose enable under it.
Click on OK
Then click on “Yes” and
Click on OK."
They went on with instructions for manually installing the certificate they attached to the email message.

From a technical standpoint, enabling active X as they suggest is not a safe thing to do. What I did do was put their webportal in my Internet Explorer Trusted Sites.

But, I think they are lacking ethics when they suggest I do something unsafe just to make their webportal work. Were they being lazy and leaving off the steps to add their web site address to trusted site? Or, do they really not care that they suggest I open up my system to all Active X controls?

I intend to respond back to them about this. I am probably not the only person they have given this solution to and I doubt I am the only one questioning whether it is secure action to take.

I am just wondering if other people would complain to them or just let it go. Thanks for reading and feedback. Alice




 
Sort by date Sort by votes
Internet Explorer and Windows ships with a default set of Root certificates. Any website which can trace it's certificate back to one of these Root providers will work in your browser without any problems.

However, there are other sellers of Root certificates, as well as Root certificates which are new or updated since Windows came out.

What you can do is examine the certificate when your browser prompts you & you can decide if you trust them.

Be cautious of self-issued certificates, and certs that come from places like Romania. But if they're legit, there's probably nothing to worry about.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
 
Upvote 0 Downvote
If I blindly followed the tech support's advice to enable unsigned ActiveX, I would never be prompted at ANY website. I think that is where I am having an issue with the advice they gave. They fixed their web portal's problem, but opened my computer up to other (possibly malicious) websites in the process.
 
Upvote 0 Downvote
couldnt you just add it to your trusted sites list and then you just wouldnt be prompted for that set of webpages?
 
Upvote 0 Downvote
That is what I did, but only because I knew their advice wasn't a good solution.
 
Upvote 0 Downvote
that's tech support for ya....

it wasnt the best solution but it was the simplest from his point of view
 
Upvote 0 Downvote
Yep, and by saying that he's probably creating more zombie computers every day.

ActiveX is the worst invention in a long line of Windows security defects. As long as Windows has it, it cannot be secure.

Pascal.
 
Upvote 0 Downvote
I agree that it wasn't the smartest resolution. Most likely though this tech support receives questions from very non-technical users and when they gave instructions that seemed a little more complicated, the users balked and couldn't understand what they were doing.
So most likely you received a response from a jaded tech support and got the half-thought answer response.
 
Upvote 0 Downvote
Perhaps you should contact the support/quality manager for that software company and suggest a more secure response for such a situation (that I'm sure they see a lot)
 
Upvote 0 Downvote
Why didn't you call them back and suggest it to them why you think there's a safer solution? It would be a big help to this techsupport person and future clients don't you think? In everyday techsupport, there's a lot of "trial and error" and "live and learn" scenerios because the clients expect an instant answer when they ask. This techsupport person you've talked to may not have as much expertise experience and it would be a great help for you to demomstrate a better solution to them so they can benefit from you as well.

To me, this post is like laughing behind someone's back for a not coming up with the best solution - yet a solution it is.

Problem fixed, next...
 
Upvote 0 Downvote
dennisbbb - I don't think anything in my posts suggest I am laughing at them. Quite the opposite from laughter. I am alarmed at what they are offering up to their customers as solutions. This was an email support case, so I was not on the phone expecting an instant answer. It was 3 business days turnaround time for the email reply to come.

I think I will follow Auger282's advice and see if I can find out how to contact a quality manager since the issue likley starts at a level above the front line tech.



 
Upvote 0 Downvote
Where it was good advice or not, I don't see any ethics question here.
 
Upvote 0 Downvote
The fault I see in the email is forgetting to mention: DISABLE "Download unsigned ActiveX controls" once you are done with installing the script.

The ethics question arises when Tech Support intentionally give potentially dangerous instruction such as "format c: /x /q"

Anything else is a solution opened for suggestion and comments by the client.
 
Upvote 0 Downvote
Wouldn't it be an ethical question only if they intentionally gave you bad advice?

There is no way to know if they gave the advice in email or other wise to specifically do harm or knowing it could do harm and not saying anything.

Regards,
Chuck
 
Upvote 0 Downvote
cspillman. I guess that is true, I have no way to know if they were intentionally leaving off the more secure (but lengthier) solution of either using trusted sites or resetting the switch back to prompt/disable. I guess it is more of a quality issue than ethics and I hope to address that with a quality manager at that business.
 
Upvote 0 Downvote
It seems at face value, that it might be more of a negligence issue than ethical problem... but that's just my take on it.

Regards,
Chuck
 
Upvote 0 Downvote
no, it is an ethical issue. They took money off you, the customer, offering themselves as professionals with a certain level of technical support. You had a right to expect the support to be professionally safe. They then suggested something that is not safe. This means that either they put themselves forward as technically expert when they weren't, or (more likely) they gave advice they knew to be unsafe, without warning you (because they assumed you were too daft to carry out the better procedure).

It's analogous to a pharmacist telling you to stop taking the antimalarials (because they make you feel sick) without warning you that you are now vulnerable to malaria.
 
Upvote 0 Downvote
But aren't you talking about ethics vs responsibility?

Yes, they are responsible for giving the best technical advice and in this case, obviously fell quite short of that, but that still doesn't definitively point to an ethics issue, does it?

Am I saying that responsibility is not tied to ethics? No. But in this case, it is not entirely clear if this was more of an ethics problem, IMO.

Regards,
Chuck
 
Upvote 0 Downvote
The difference is whether they intended to defraud the customer. Not everyone who gives a wrong answer is unethical.

Perhaps they didn't give the best advice, but was it absolutely wrong? Where is it written in law or engineering standards how IE must be configured? It's a matter of opinion. Professions, such as medicine and law, have standards regarding the presentation of opinions. Computer tech support doesn't.
 
Upvote 0 Downvote
The difference is whether they intended to defraud the customer.
Click to expand...

There is no way to know they they intended to defraud the customer.

They very well could have intentially gave the wrong information as a quick shortcut rather than walk them through the correct procedure, but we don't know that for sure.

Until you know for sure they did anything intentionally, you can't really claim this as an ethical issue.

Regards,
Chuck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mountainbear
  • Locked
  • Question
Tech tools
Replies
0
Views
1K
Mountainbear
Mountainbear
mahman
  • Locked
  • Question
New cabling business advice
Replies
1
Views
201
mforrence
mforrence
RojGebriel
  • Locked
  • Question
IT business owners and IT Supports, need your help
Replies
0
Views
184
RojGebriel
RojGebriel
PeterMAS
  • Locked
  • Question
Would U.S. tech. staff accept low salaries for an adventure in an exotic locale?
Replies
2
Views
244
PeterMAS
PeterMAS
Pro50
  • Locked
  • Question
IT Management for financial services companies 6
Replies
6
Views
244
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top