Apple to support reps: Don't confirm Mac infections Apple officials have instructed members of the company's support team to withhold any confirmation that a customer's Mac has been infected with malware or to assist in removing malicious programs, ZDNet's Ed Bott reported on Thursday. He cited an internal document titled "About 'Mac Defender' Malware," which was last updated on …
But if you do that, surely some things won't "just work"....? Doesn't the world end if that happens?
Joking aside though, automatically opening attachments by default? Have Apple learned nothing from the experiences of the rest of the world of end-user computing over the last 20 years?
Certainly not. The invulnerability of Apple and Linux systems is a matter of faith rather than of demographics. The "fanbois" actually believe that stuff and so do the marketing departments. Of course it is clear that the "end user" hasn't learned much in that time either. It's not just a matter of popular OS's being bigger targets than unpopular ones either. Popular social networking, music and shopping sites are all common target acquisition locations - come visit, become a target. So, follow popular fads on line using a popular OS and make twice the target you would following reports of UFOs and black helicopters.
Use a proper browser. Safari is on this machine somewhere, but I treat it like Internet Explorer under Windows - update it for when it's needed, then hide it away somewhere and use something better.
For all Microsoft's faults, at least they do try to help out with this kind of thing. Defender, Malware remover and the like. They can be ridiculously slow to respond to alerts, but at least they respond.
Apple are a marketing company. They are interested only in selling you the latest shiny thing. Something wrong with your old shiny? There's a new one - that'll fix everything, and you'll be better than your friends for having the new one.
In my experience trying to sort issues with iPhones, Time Machine and even monitors, Apple don't give a rat's ass about after-sales. The "Genius bar" is all well and good, but the closest one to here is 40 miles away, and yes they did tell me to go there for help when I rang them up. When Time Machine tried to backup the backup drive it was copying to, Apple told me "it's supposed to do that!" When one of my users took in a Mac desperately in need of a RAM upgrade, they sold him Snow Leopard! I've pretty much quit asking...
Written, surprisingly, on a MacBook...running Linux. ;-)
Yes it's a trojan, but that's what it calls it in the story. Your "that sounds more like a trojan than a virus" just shows you're yet another commentard who jumps straight to the comments section after reading only the headline.
Actually I think the distinctions between "virus", "trojan", "adware" and all the rest are irrelevant. They are all badware and shouldn't get onto your machine.
As far as I can remember, they stopped claiming that a while back. But I have to say, its completely their fault for not being in touch with the PC side of computing and all the crapware thats on the market. If you see something that popped up and YOU didn't start it... Chances are you should just close the window out. ** Oooh --new business idea just came to mind--As for the porn popping up I'll take my Paris and run with it.
I suspect the Genius Bar people can say what they like (pro-tip: they're not actually genii).
This is an AppleCare related memo. AppleCare is a support product, and the email states that AppleCare will not fix for free the results of some idiot typing in their admin password to allow a trojan to install. My car warranty doesn't cover repair to my car if I drive like an arse and crash it into someone, either. I don't suppose any other PC makers warranty/support product covers you for malware infection either.
I know, but it does make for a great mental image :-)
Thanks for the pro-tip, but I'd already worked out that a techie worth his salt is very unlikely to want to be slapped in a retail store doing 9-5:30 and faced with the public asking dumb questions - most of us have enough of that from immediate family members! ;-)
I've taken two items in with problem - a MacBook Pro with a problem battery and an iPhone with an incorrectly calibrated accelerometer - and in both cases they took they item, ran a diagnostic, and replaced it on the spot. I've never had such good service from anyone in the tech industry (and it can be truly awful).
That may very well be the case, but your comment history outs you as a Fanboi of the highest order. I will therefore be taking your anecdotal evidence of Apple's good service with a pinch of iSalt.
Reading between the lines, Apple sold you a dodgy iPhone that should never have passed the factory QC check and not even the battery in your laptop works properly. To me, that's "truly awful".
I have an iPod photo that went in to the Genius bar 3 times in my year's warranty period. It never got abused, but periodically the hard disk would make lots of spinning noises, then it would display the take me back to the shop sad face picture. Every time it was immediately replaced.
When it did it again after the warranty expired I took it back and was told by someone who to me did not look like they knew what they were doing that the hard disk needed replacing and it would cost me £100. I balked at this and decided to source one online. In the meantime, I disconnected the battery and disk drive. Out of curiosity a couple of days later, I reassembled it, and it worked again! Now, ever 4 months or so (when sad face shows up), I have to go through this process again.
Easy replacement under warranty aside, I've been reluctant to buy another Apple product since this as I feel the crapware will die soon after warranty and I may be left with a pretty brick.
@JakeyC: "That may very well be the case, but your comment history outs you as a Fanboi of the highest order. I will therefore be taking your anecdotal evidence of Apple's good service with a pinch of iSalt."
It's a bit pointless saying, "you only say that because you like it" - it applies equally to your own statement. There isn't any point having a discussion on that basis, because it presupposes that any opinion at variance with your own is dishonest.
My comments about any company (including Apple) reflect my experience - if I get good service, I'll come back for more. When I shopped at PCWorld, I was served by disinterested people who didn't seem to know a great deal about their own products. So they don't get my business. If your experience is different, great! Lets hear about the place where you enjoyed good service.
BTW - the battery in question was over 2 years old, and had performed well up to that point (then began to swell up). They replaced it because it was listed as a flawed batch from Apple's suppliers. These things happen to *all* hardware manufacturers at some point, but it's a real breath of fresh air when they just sort it out. And if you aren't aware of the realities of mass-manufacturing, I have to wonder who the real 'Fanboi' is...
I had problems updating my iPhone software (only apple thing i have). The support agent was helpful and efficient. He took me through getting my phone back to working (step by step as I did it) and explained everything needed to get my apps and music back.
I received an email confirming the actions needed.
The customer service was exemplary. The service Ralph5 received was not unique.
I will read your future comments with a big pinch of salt as your bias is obvious.
All manufacturers have faulty goods that slip through QC. The failures are often described as "infant mortality". It is why the guarentee period is valuable.
All operating systems are shipped with vulnerabilities, the bad guys will exploit them if there is money or kudos to be gained.
Just what you'd expect from Apple. It's right up there with all their iphone screw-ups.
Like not warning the rest of the world their alarms won't work on daylight savings changes.
Or that the constant crashing of the operating system after iphone4 release was going to be more than annoying. It would also switch data roaming back on long enough for email to be pushed.
At least I learned I didn't want Apple as a business partner through the relatively cheap outlay of an iphone rather than an imac
If the only infections are social engineering Trojans ANY OS is vulnerable. All that is required is an installation routine and enough social engineering to get or installed.
Maybe Apple should be using this to promote the OS X App store?
Til then there will always be someone who cannot resist if instructed "Don't press the red button"
"Maybe Apple should be using this to promote the OS X App store?"
Who says they're not? Can we be 100% sure that this isn't Apple or some miguided fanboi (aren't they all?) trying to justify the idea of an OSX appstore. Remember "you will only install software personally approved by the Big Jobs himself".
Typical of Apple's contempt for its customer base.
Like not bothering to tell the world the iphone alarm won't work after daylight saving changes.
Or that the operating system crashes experienced after iphone4 release were more than annoying. They would switch data roaming back on just long enough to push email to your phone.
Still an iphone was a relatively cheap way of finding out I didn't want Apple as a business partner. I'd have been pig-sick if I'd bought an imac and a load of software.
Got an HTC now. No regrets
I bought a Mac Pro last summer, prior to that a G5 in 2005, prior to that a G3 in 1999. All of which I still have. RAM comes from Crucial, peripherals I buy cases off the interwebs & buy OEM drives & put them together myself.
I trust that meets with your approval.
Oh, and my iPhone came from Orange.
You work your foreign workers to the point of suicide. Have one of the most environmentally unfriendly products lines. You blame the end user for holding your defectively design iPhone incorrectly. How you address these issue. You hirer a few "Counselors" for close to a million workers, you "green wash" your environmental track record and your blame the end user for holding the phone like a human would hold it..
Now you are putting people are risk by not telling your own customer they are infected with a malware/virus. So they can continue using their credit cards online and have their identities stolen. Possibly infect other computer (if it is a virus) on the Internet.
I am sure we will see a PR campaign stating there is no security flaw in OS/X but the user is just holding the mouse wrong.
I guess Apple didn't want their share holders to get upset.
1) that Apple won't confirm or deny the existence of an infection on a given machine.
Since it's not caused by the OS or the hardware - its not their area. I presume they do suggest that the user seek out a suitable program to deal with it.
2) thatthere is an increase in malware on Apple machines - it was bound to happen eventually.
Whilst this may be a new instance, it's nothing to be surprised at. Any OS that allows you obtain escalated privilege to do something legitimate can be compromised like this, including all variants of *nix platforms.
Why it is more important is that Mac users, who have been lulled into a false sense of security by too many unfounded claims that OSX is immune from malware, will suddenly have to become much more aware of what they are doing.
In some respects, although I would suffer like everyone else, I think that sudo, UAC on Windows and whatever they call the equivalent on OSX (I know it's sudo under the covers), which make it easier to do things with escalated privileges, should be removed. This would make hoops that you must jump through to be able to do destructive things on a system cause you to really think what you are doing, rather than just clicking on "Yes" or asking for a password. But the hooks they use are built into all modern OS's, and even if they weren't supplied with the OS, they would still be there. And SELinux and Role Based Access Control (RBAC) only changes the problem, not solves it.
Of course, this makes computers difficult to manage by ordinary users, so will never happen. And if someone did propose a locked-down OS, then everybody would be screaming from the rooftops about too much vendor control over the OS.
I came to the conclusion some time back that all PC OS's are too complex to trust ordinary users to look after properly, but have not got to the next step of trying to solve the problem. This issue shows that even OS's with good security features are not safe if users do not understand what they are doing.
Maybe Google ChromeOS is the way to go. Locked down OS with a configurable application layer on the top (I just wish it was not in a browser). But I'm sure you will still see personal information being stolen, botnet clients and anonymizer proxies on this platform once the crackers start looking.
I don't see what else it could be in though. Anything else would either mean the user would have to be installing things directly in the OS which would put things back to square one or creating a new application lay that was completely incompatible with everything that's gone before. That might be possible on phones where super cramped screen sizes mean all previous applications (including web apps) need tweaking (at the very least) to work efficiently (if at all). But Chrome seems aimed at PC format devices (with a bigger screen, and standard input devices) so having to recreate the wheel shouldn't be necessary.
If you accept that users are going to spend the majority of their time using the web browser part of any such OS it probably makes sense to give them only one thing to know about.
Though by allowing webapps to be cached for off-line use and this native code stuff google are doing they're pretty much just moving these problems from the OS to the browser. Hopefully it'll make root kits and the like a bit harder though.
The two most likely and 'simple' answers are to run of a bootable CD or DVD (linux is good for this, but I'm not sure about windows and OSX) or clients that connect to server with virtual machines on.
I'm sure other answers will be suggested (and developed in the future) but for now using a client that can't get infected is, in my view, only possible using a fixed, non-editable image.
ttfn
I understand that read-only media is a potential solution, but you then have to worry about updates, as even an OS on a R/O media may contain bugs that lead to information leakage or access problems during the running of the system.
If you look at most Live disks, you normally have a degree of persistent storage, because the Live CD is normally overlaid by a UnionFS, often stored on USB memory device. This allows users to keep information after the system is shut down. If you have persistent storage, especially if it allows browser tools or extensions to be installed, then the system is still vulnerable.
And you also assume that you don't need to install printer, network card or display drivers. I don't know how often you use a Live CD, but whenever I have, I have found it a seriously disappointing experience, being slow, and missing support for anything that is slightly out-of-the-ordinary (like the non-free Radeon and Nvidia drivers to accelerate display performance or a lot of wireless cards).
Using Virtual Machines only works if you use fixed boot images (otherwise you are just exporting the problem into the virtual machine), and if you are talking about server farms, only in a large environment with some trusted support to maintain the infrastructure. It does not help home users, and would be seen as just another level of complexity to configure. And my point about persistent storage above is still relevant.
I have thought all of these things through, and with the current user expectation of control over their own PC's, none of them are really workable.
If we could have a highly trusted read-only image, that did not contain any bugs and also had everything that a user might want forever, then you could propose such a solution, but this is a Utopian view (and you know that Utopia means either "good place", or more likely "no place").
Google, with ChromeOS are trying this, but we need some more work exposing 3D graphics acceleration and abstracted sound and other device layers to be exposed in the browser to make it acceptable for even modest gamers. I am not going to hold my breath for a port of Crysis or BioShock onto Chrome OS.
I'm neutral on the conflict between different OSs and their fans, but I must say this is a poor show. If an Apple support person knows from the evidence that a user's machine has been compromised he/she should be duty bound to inform them of that fact - else Apple must bear some responsibility for whatever negative consequences follow (since, free or not, they are offering a support service). Denial is never a good option.
A Javascript running on Firefox looking like a virus scan telling me my Windows PC is infected and trying to flog me an antivirus program. Only thing is, my PC was running Linux at the time. Perhaps the crooks behind this scam now get information from the DOM or wherever to say what the host platform is.
Yes it's not that difficult to persuade many users who know nothing about how their platform works to download and install malware on it by using standard FUD marketing. Mac users seem to pride themselves on not having to know how their platform works. My 91 year old Dad seemed very anxious, when I told him his Ubuntu PC didn't need continuation of his previous Windows antivirus subscription, so I guess this issue will affect Linux on the desktop given the fact that it's being increasingly used by people who just want the platform to work without them having to understand very much about it.
........by the rest of us. The assertion that OSX is *intrinsically* far more robust than other OSes was always a chimera. Many of us have pointed out for a very long time that the main reason for the Mac's "immunity" was largely that the villains couldn't be bothered devoting the time and the resources to targeting Apple's machines when they have a vastly larger and thereby vastly more profitable "market" with Windows machines. The Macs are now a more profitable target, there are "attack kits" becoming available specifically aimed at the OSX and we can expect to see far more of this. I would strongly recommend to any Mac owner that he/she takes this seriously, ignores Cupertino's propaganda and protects their Mac properly. AV and the like *are* available for Macs, flaming well use them and the same large helping of common sense that we Windows users have to employ.
.........replying to a posting where I specifically say that Mac-owners *should* install AV and malware detection, hmm? I was simply (as you were perfectly well aware) saying that Mac owners should not any longer believe that they are in any way immune. The "mood music" from Cupertino on this subject has always been that OSX is intrinsically superior to Windows in this area - and there is no point in pretending that is not the impression that they have tried to give. That they recommend installing AV and malware detection anyway should come as no surprise - their legal dept would have insisted that they did for obvious reasons, whatever impression of the OS their marketing dept would wish to give.
*intrinsically* more robust than normal Windows instances up to and including Win XP, especially where the Windows users have been encouraged to make their normal users administrator accounts (like many, many pre-installed Windows PC's). That is a fact. People who deny this can't actually understand privilege separation.
But this story is about a social engineering issue, where users are being tricked into running something with enhanced privileges. It is not an unseen, unknown back door into the OS, but very visible and relying on user interaction, and as long as an OS has the ability to run something with enhanced privileges, can affect absolutely any operating system.
Let me ask you something. If asked in a pop-up to install something that suggests it will fix a problem (especially if it comes up because of a cross-scripting problem when accessing a Bank or some other trusted organization's site), do you think that your grandparents, or if you are old enough to be unfortunate and have lost them, your parents, can *sensibly* differentiate between what is really safe and what is not? I know that I am worried that my 82 year old father, who is a regular Internet user, cannot differentiate between 'good' messages from Microsoft Windows Update and 'bad' ones, even though my two brothers and I drum it into him at every opportunity. And I also have to dis-infect my two youngest (teenage) children's systems sometimes, even though they are old enough to understand the dangers.
Current OS's are just not suitable for purpose when given to non-technical users.
I won't use "mac" and "malware" in same context for 4 years now. I got my lesson on IRC, mac news sites, forums and usenet.
Even some security guys gave up warning community. They either report to Apple and security companies or -if black hat- sell them.
Anyway, when something serious happens, we will sure hear about it or figure it ourselves. E.g. when our newspaper doesn't arrive that day since the machine doing the final editing got down.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
