back to article D-Link must suffer indignity of security audits to settle with the Federal Trade Commission

Taiwanese networking equipment vendor D-Link will have to submit to a decade of product security audits after agreeing to settle a lawsuit brought by the US Federal Trade Commission. It has also pledged to maintain a "comprehensive software security programme" for the next 20 years, designed to make its IP cameras and routers …

  1. Warm Braw

    Our strong belief in the quality and security of our products

    That's the great thing about belief - it doesn't require evidence and even defies it.

    1. theblackhand

      Re: Our strong belief in the quality and security of our products

      How dare you try to take away my beliefs and make me think!!!

  2. Anonymous Coward
    Anonymous Coward

    promises, promises

    Look how well that worked out when a certain "social media" company promised the FTC that it would clean up it's act back in 2011.

  3. A random security guy

    D-Link should have been banned from doing business

    A company that claims its routers are secure and does not take any of the generally accepted practices for ensuring security should be banned from doing business.

    D-Link got off rather lightly. Maybe we have to depend on our estranged neighbors from across the pond to stuff GDPR down their throats. Our tools and our organizations are too weak.

    1. Anonymous Coward
      Anonymous Coward

      Re: D-Link should have been banned from doing business

      "A company that claims its routers are secure..."

      The claims were in marketing for sub-$100 products targetted at consumers where they tried to balance ease-of-use, functionality, security and cost.

      In many basic tests, they do seem secure as long as the consumer takes basic steps (i.e change the default password, don't enable inbound access and leave UPnP disabled).

      While I can understand your desire for more security, there will continue to be a place for less secure products that are cheaper or more functional.

      And if they start prosecuting companies for lying in marketing materials, where will it end?

      1. Jimmy2Cows Silver badge

        Re: prosecuting companies for lying in marketing materials

        And if they start prosecuting companies for lying in marketing materials, where will it end?

        You say that like it's a bad thing. IMHO it's equivalent to false advertising and heavy prosecution is long overdue.

        1. Anonymous Coward
          Anonymous Coward

          Re: prosecuting companies for lying in marketing materials

          The problem with this particular case is where do you draw the line on security? At what point does the vendors responsibility for a product end and a customers responsibility start when considering the security of a product?

          The vast majority of DLinks products are pretty much par for the course in their respective markets - they are towards the lower cost end of the market and aimed at less technical users BUT have features that can be enabled to allow customers to do non-standard tasks. While I wouldn't recommend a DLink product, I have helped others reconfigure products so they work as required and there has been nothing too alarming in what I have seen.

          It's all very well treating the world as black and white, but the reality is that most products and their associated marketing is a shade of grey that varies significantly based on the circumstances.

      2. paulf
        Facepalm

        Re: D-Link should have been banned from doing business

        @AC "In many basic tests, they do seem secure as long as the consumer takes basic steps (i.e change the default password, "

        Um, from TFA: "Back in 2017, the FTC accused D-Link of [...] the use of non-removable default passwords in its IP cameras,..."

      3. Kevin McMurtrie Silver badge

        Re: D-Link should have been banned from doing business

        Last time I bought a D-Link product it wouldn't stay running for more than a few minutes when connected to the Internet. Most TP-Link, Cisco, and Netgear haven't been any better. That's no value at any price.

        "prosecuting companies for lying in marketing materials" - Very long overdue in the tech industry. I get tired of returning everything for a refund because it can't even do what's printed on its box or tech support says it needs an update that will be out "soon."

  4. JLV

    Once upon a time, after a firmware update, my D-Link hijacked all DNS to point to its ParentGuard trial subscription offer. Tried its best to obfuscate how to opt out. And made sure you couldn’t look it up since world and dog domains always resolved to their exact page.

    Toxic piece of shit tech by a terminally incompetent company with the morals of rutting hyenas.

  5. Mike Shepherd

    Ratings

    Maybe we need official ratings for features like security (e.g. 1-5 stars?) so people know what to expect.

    Many of us would know from experience to rate D-Link with 1-2 stars ("cheap and kind-of works, but don't expect too much, like security").

    But buyers shouldn't have to base their decisions on experience.

    1. Mayday
      Flame

      Re: Ratings

      "cheap and kind-of works, but don't expect too much, like security"

      Which is exactly why the average consumer (not me) buys D-Link to begin with.

  6. sanmigueelbeer
    Pint

    One down and another >9,999 more to go, FCC.

    You better pick up the pace.

  7. Ole Juul

    Two years

    "the vendor has been granted a two-year “safe harbor” period to get its house in order"

    So it will take them two years to fix something they claim they're not guilty of. Interesting.

    1. paulf
      Happy

      Re: Two years

      Isn't that a bit like "No Contest" = "I didn't do it, and I promise not to do it again".

  8. Chairo

    "D-Link argued that it shouldn't be on trial, since no actual customers have been harmed"

    There might be a few cases where their customers threw the product against a wall and were hurt by the shards flying around. Or perhaps they vented their frustration by biting on the router and breaking off a tooth. It would be interesting what that company understands under "harm". Being hacked doesn't seem harmful enough, it seems. Or do they consider that all their customers are private suckers that have no way to prove any "harm"?

  9. Starace
    Devil

    Well my D-Link router is secure...

    ...mostly because it managed to blow up its DSL port the day the warranty expired.

    Useless POS.

    The replacement Draytek at least seems to work.

  10. Anonymous Coward
    Anonymous Coward

    Noooo not an audit

    Banning their products would have sent a stronger message...

  11. SoloSK71

    All good things but watch the price increase. Remember you can have 2 of the three components of IT gear. It can be cheap, secure and up-to-date. Choose two.

  12. Andy The Hat Silver badge

    So a company that has documented history of security violations and failure to comply with federal directives gets told to sort itself out (again). Yet a company that doesn't have such a history gets pulled from the US on the basis of "whispers and suspicion" ... welcome to the proof that the China trade spat is nothing to do with security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like