Apple officials have instructed members of the company's support team to withhold any confirmation that a customer's Mac has been infected with malware or to assist in removing malicious programs, ZDNet's Ed Bott reported on Thursday. He cited an internal document titled "About 'Mac Defender' Malware," which was last updated on …
Yep, seen that!
Girlfriend was looking for at bike shops and the top link on a google search (which looked completely normal until clicked) opened what looked like a finder window complete with nasty looking stuff in it, downloaded a package and popped up the instalation confirmation dialogue!
Well, that caught my attention and a swift 'let's not do that!' stopped what might have been bad news.
As more people are drawn to a platform I guess we can expect ever more attempts to dupe the innocents.
Bastards! (malware producers, not the innocents)
Took away admin privies from the other half's macbook from the word go.
Annoyed her even more with noscript. Anything that she wishes installed gets thoroughly discussed first. Friendface banned.
Ok that might sound draconian, but honestly, from day to day use, that's exactly the environment I work in. When have you ever trusted your users?
Look, honestly, OS X isn't all that bad as it stands. Frankly, I kind of like it, in the sense that it is nicer than windows to work in. It is a 'nix after all. It's not like other 'nix like OS's are unexploitable.
But with iOS being what it is and what OS X could become, and Apple's holier than thou attitude..... my last apple purchase was a Merom cored macbook, it's telling I have not bought anything newer.
If this news about the memo is true it is but a further nail in said coffin.
Coming to your from "Ed Bott's Microsoft Report"
How can you take a report about Apple as full and unbiased truth when it comes from a regular column called "Ed Bott's Microsoft Report"?
Any excuse to have a go at Apple is greeted here as enthusiastically as a superinjunction is by a footballer.
Accuracy, veracity and lack of bias just doesn't come into it.
I'll say again - irrespective of whether you're on OSX or WIN XP/Vista/7, any newbie - or inexperienced user - should not be using an admin account. So even agreeing to install anything should result in an automatic "Oh no you don't - you're not allowed to" from the system.
I'm assuming an experienced user is unlikely to fall for such crapware.
This sort of slating is as inappropriate for Apple as it was for Microsoft. I', no great MS fan, but I don't see why they should be reviled for the actions of DFU's.
Just let Apple/MS patch as soon as possible whatever vulnerability is exploited - and if you do use Mac Anit-Virus s/w, use one of the trusted systems - Sophos etc., (Norton is not good news for Macs).
There has been so much publicity even in the non-IT media recently regarding fake anti-virus malware that most people should be aware of it.
The thing is *nobody* should regularly be using an admin account for general use; they should be used solely for carrying out admin tasks on the machine. There have been far too many bits of malware that just require you to visit a site (some of the reputable sites, but having themselves been compromised - see Sony Thailand today for instace) to think that an experienced user will be able to avoid getting infected. If the user's got admi nrights when he visit such a site then it's giving the malware writers an almighty legup in effectiveness.
Unless I've missed something Windows 7 doesn't actually allow you to run as admin precisely - they've taken the Unix-like route of running admin accounts as sort of pseudo-admins with UAC popping a window up whenever you need to perform an action that requires full privileges.
If you're running a limited privileges account you get exactly the same UAC prompt but you have to log in as an admin to continue ... pretty much like sudo.
The problem now isn't so much the OS; not *nix, not OSX, not Windows (any more) - it's that people will simply click "yup" when prompted to. The only way around it is set up only one pure admin account and not tell anyone else the password... though this may not exactly lead to marital harmony :P
Is it good news for anything?
The anti-Mac sheep are out in force today with their childish comments (crapple? really is that the best you can do? reminds me of microshit, micro$oft and mickeysoft but I was about 16 then)
My comment on unbiased reporting was not targeted at the malware itself, which obviously exists, but on Ed Bott's report of Apple's response to it.
Ed Bott has always been on Microsoft's payroll, just google his name for examples. He was even one of the biggest supporters of Windows Vista (maybe because he also published a book on it), need I say more?
If I started to believe what he says about Apple did or did not do without any critical thought I'd better give up on news sites and get my world news from Microsoft's PR site.
Unix-like is surely a requirement to log in as or su root in order to install the download. Mere users don't know how to do that or haven't been authorized to do that.
On Linux there are some desktops where package installation has been "made easier". This, in my opinion, is a big mistake. Drinking potential poison should not be made easier, it should be made harder. Being able to do so by clicking "yup" is a big mistake, on any system where it's possible.
This article has nothing to do with Microsoft, Apple or other wise; it is about a company covering up the fact that their machines are infected.
re: Unbiased Truth
Just because you are paranoid doesn't mean that everyone isn't out to get you!
The same can be said for this article, just because the writer "likes" to find and report on Apple computer problems doesn't mean that they don't exist just as he said.
And likewise, ignore any corporate propaganda you get from sources with Apple or Mac in the title.
Will you believe ArsTechnia?
..Or does it have to be official, straight-from-Jobs-mouth before an apple fan believes that even Apple products can (and do) get malware?
I am not sure that I would consider any of Sony's sites to be reputable.
21 thumbs down...
...for suggesting that inexperienced users shouldn't be using an admin account?
Speaks volumes about the thumbs-downers.
Glad they have sod all to do with MY IT...
UAC is pretty cool: it takes the idea of least privilege, so that by default on servers *even* admin accounts that *do* have rights have to go through a confirmation stage when they're making system-wide changes just to make sure the change is intentional. Yes this can be something of a pain in the arse, and is often disabled, but you can't argue with the intent.
Downvoted for being the kind of git
who doesn't understand why he got downvoted the first time. As in, it has nothing to do with standard best practices.
Well, that's certainly the bias of the article.
I thought about that as I was reading the article, and it is the simplest explanation.
But it is also possible that the lawyers have gotten involved and asserted that IF Apple confirms it is malware, or attempts to provide assistance for removing the malware they open themselves up to court claims.
I'm still leaning toward cover-up, not so much because I trust the lawyers as because the "Macs are immune to viruses" meme seems to be a critical part of their marketing. But it is a close call.
Oh I understand all right...
...it's because common sense is anathema to all the "Let's knock it 'cos it's Apple" brigade.
hah hah hah hah hah hah hah
hah hah hah hah.
(oh, and great, customer support there from Apple for their 'valued customers')
Thats it! We've made it! Hooray!
OSX, my home platform of choice as it happens, is as popular as Windows!
I think it's absolutely superb that OSX is now so popular and the underlying O/S code so shit, that it's considered worth the effort for the scumbag malware writers to get some dodgy apps installed on it! This is truly a great day when I can stand shoulder-to-shoulder with my Windows brothers and declare in a loud voice, "My platform is as completely shit as yours!".
Makes you proud and gets you right here! ( I have my hand on my chest in case you can't see me! )
Pride follows with a Fall.
And, that you are getting a warm feeling from the spread of Apple's ball and chains is perhaps some form of mental illness possibly linked to a deformed tribal gene.
Seriously if you want to support something with all your heart, at least make sure that you actually get to own what it is your throwing your pride into it. Apple doesn't make anything you actually get to own, so it's junk as far as social progress goes.
When they make it all open source, we'll talk about supporting them...
Security by obscurity worked for Sony!
Security by Obscurity?
You mean Security by "Ignoring the Elephant in the Room"
I've seen this on a couple of Macs so far. I always love the comment the owners make "but I though Macintosh is anti-virus". Guess where they got that idea ?
Re: Security by Obscurity?
It is not a matter of "security by obscurity," it is a matter of "infection by stupidity." The user needs to download the app, (the installer may or may not run automatically, based on the browser's settings), and enter their admin password to install it, then click a button to proceed with the installation.
This is not a "virus" or a "worm" or an "exploit," it is merely a malicious program that does bad things, which the user naively invited into his computer and allowed--nay, actively engaged--to execute in their computers.
Even if this were the most secure operating system in the universe, *nothing* can stop a user clicking "Yes, please do bad things to me."
dZ, you probably shouldn't comment if you don't know what is going on.
Mac relies on security by obscurity. There were no or very few viruses for Macs because there are so few Mac users with so little important data on their machines that it was not cost effective to write viruses for them. The hardware was so obscure that no one bothered trying to hack it, thus it was marketed as secure.
As Apple slowly gains share, that advantage will disappear. We'll have viruses like its 1999 again, since Macs have no security.
"It is not a matter of "security by obscurity,""
Yes, it is. Re-read TFA ... Apple has told it's technical support reps to keep mum on the reality of the malware.
Stupidity reigns supreme...
So the users of a machine for which there are no viruses see a web site claiming that they are being scanned and have infections... and THEY BELIEVE IT!? Wow, the depths of human stupidity never cease to amaze me. An id10t problem if ever there was one.
speaking of stupidity...
'a machine for which there are no viruses'?
There's a prime example right there.
Do you honestly believe...
... that there are literally zero viruses for Macs? And that there could never be one? Keep chugging that Kool Aid man.
I believe the anonymous one was viewing this from the point of view of the average apple user who constantly bangs on about there being no viruses on a mac.
This same user, who does not believe viruses exist, sees a pop up saying "Dood!!! Look at all these viruses!!! Dooooood!!!!" and proceeds to click on the link to download and install the anti-virus software to clean up the viruses he claims do not exist.
The point is that they believe their mac to be virus-impregnable AND that the scanner has "found viruses". Double-think in action??
No we don't
There are no Mac viruses in the wild. I saw one once in 1991, it was harmless. Haven't seen one since, and you can't show me one.
Anti-Virus scan? What Anti-Virus?
Most Mac's don't have Anti-Virus installed, so where do they think the (fake) virus scanner came from?!
I think even Paris would think WTF and reboot.
Re: No we don't
Ah, yes you do.
Viruses in the wild..
Those who are implying that viruses (not trojans or worms) are a problem for either the Mac, Linux, or Free BSD need to give real world examples. Prove it.
Still there is nothing wrong with the Mac so far.
However, Apple support should be more understanding with the cult followers and at least assist them in cleaning the pox.
The "wrong" is they allow humans to operate them
Until Apple figures out how to get around that weakness, then you'll have this issue.
It's not Apple's problem if some twat downloads malware.
Not Apple's fault?
Probably not, but then again, neither should Microsoft be blamed for users who do the same thing? Yet they do, continually, often by Mac zealots.
Correct. Doesn't stop the shriller Mac and Linux fanbois round here blaming MS when Windoze users do it though.
>"not Apple's problem"
Ah, the very definition of customer service.
Uhm... it actually is...
"Until Apple figures out how to get around that weakness..."
Surely "Until Apple figures out how to MAKE MONEY OUT OF that weakness, then you'll have this issue."
...and often not.
See my post above.
Not the same.
In this case, the user has to click to download, on a screen with a Windows UI. OK, some users won't intuit the difference between Mac and PC look and feel, but most are used to it through pop-ups. Once downloaded, they have to enter their password. At this point it's all social engineering. It's not good, of course, but there's only so much Apple can do. They are also right to say that that Apple Care is a hardware warranty.
You can't compare that to the Microsoft experience in 2003, with Blaster and so on, which would infect users without routers. At the time, Microsoft disabled its firewall, and UK ISP's routinely inflicted USB modems on their customers. And so it went on for a couple of years, with worms and spyware in particular. Microsoft was caught utterly flat-footed, and destryoyed its U with Vista. Apple has shot itself in the foot with the PR here, but this is so far a trivial problem you have to try quite hard to get. The security problems Microsoft experienced were ones users could get doing nothing. That's the difference.
And your ideas on Apple customer support? Aren't they there to support their customers? Being told that customer support aren't to help, and aren't to confirm or deny the existance of malware is far from helping their customers.
Apple - the ostrich in the room...
It's a numbers game
Blaster worked due to pretty much the whole market using windows i'm fairly certain somthing similar could be created for mac's but there isn't much point as there arn't enough to be able to pass itself around.
You mean that well knowm Windows program Finder.