Advice Request Dell BIOS Upgrade Utility and 7z SFX

Please provide comments and solutions that are helpful to the author of this topic.

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
I downloaded DELL System BIOS update utility for my Inspiron laptop from the official drivers download page — it has its vendor and application name as below(1):

Screenshot (92).png


It looks like a self-extracting executable program created using 7z's SFX module for installers. The file is digitally signed by Dell ✅ so it would run without issues.
If the above is standard because the 7z (SFX stub) is holding the main Dell BIOS utility executable, should they not use another way in which the downloaded exe identifies well with the brand? I am taking the perspective of an average user, ambiguity and trust.
For such a large corporation, the application and vendor name should reflect association and ownership of Dell, shouldn't it?

EDIT: I just checked their BIOS utility for a few business laptops —old Latitude model and a newer Precision model. They have vendor name as one would expect:
Screenshot (100).png

I've also seen similar practice (1) in cases like Shadow Defender and Firefox setup stub (years back).

Screenshot (97).png Screenshot (96).png
 
Last edited:

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
That does seem a little sloppy. Honestly, this is one of my big gripes with Windows culture -- the concept of a self-extracting standardized archive shouldn't be accepted in this day and age.

I usually just get 7zip so I can manually extract the package via the right-click menu -- it's a lot to ask of me to trust that double-clicking an EXE simply extracts an archive.

I would much rather they just distribute things as a .zip or if they really want the efficiency of 7zip, ask users to install 7zip and then distribute the archive as a .7z.
 

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
I would much rather they just distribute things as a .zip or if they really want the efficiency of 7zip, ask users to install 7zip and then distribute the archive as a .7z.
And you could see quite some developers (perhaps more common among beginners and those building a small market utility?) choosing such self-extracting archive approach on stackoverflow.
The Dell archive contains a bunch of exes, dlls and .sys files, typical of such packages based on requirements. While their point to deliver one-click exes is understandable, their approach looks unprofessional. There are better ways and they know it. They do it elsewhere.
Do they prefer this method for older laptops or for regular non-business models? Hmm.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top