backtop


Print 83 comment(s) - last by nycromes.. on May 25 at 8:44 AM


Apple hopes that if it pretends that malware doesn't exist its customers will believe so too. Apple techs are under strict orders not to help customers who are suffering from malware infe

Employees claim ~6 percent of Macs are now infected by malware, though many Mac owners are convinced their computers are "immune" to such problems.  (Source: Cult of Mac)

Microsoft actually helps protect its customers from malware programs and acknowledges they exist. It even offers its customers free protection.  (Source: iTech News Net)
Jobs and company hope to keep customers ignorant of the truth

Apple, Inc. (AAPL) long had the good fortune (from a certain perspective) of not being very popular with consumers and thus gaining security through obscurity.  With millions of Macs in the wild and Apple sitting pretty in fourth place in PC sales, though, the company is seeing an increasing number of malware attacks.

I. The Customers Want the Truth?  They Can't HANDLE the Truth!

In response to these attacks Apple has reportedly implemented a policy which is equal measures bizarre and baffling -- it's telling technicians to adopt a "don't ask don't tell" policy with regards to customers complaints about malware, feigning ignorance on the topic.

An Apple Store Genius (store technician) leaked internal documents to ArsTechnica.  One memo reads:

Apple Internal Use Only - Issue/Investigation in Progress - Confidential Information - Do Not Disclose Externally

Symptoms

Customers may call AppleCare to report and issue with malware (trojan) software known as Mac Defender or Mac Security, or because they are concerned that their Mac could become infected.  The name may vary as new variants are released onto the internet.  This malware is installed from malicious websites.

Products Affected

Mac OS X 10.6, Mac OS X 10.5, Mac OS X 10.4

A second memo adds:

Important

    • Do not confirm or deny that any such software has been installed.
    • Do not attempt to remove or uninstall any malware software.
    • Do not send escalations or contact Tier 2 for support about removing the software or provide impact data.
    • Do not refer customers to the Apple Retail Store.  The ARS does not provide any additional support for malware.

The disgusted Apple employee is quoted as stating, "Frankly, it's Social Engineering at it's finest.  In some respects, I feel a little bad for the people hit by this, but at the same time, I can't help but be frustrated that people inherently trust everything they're prompted to do on their machines. The beauty of Mac OS X is its security model. That people blindly enter a password is going to be the undoing of it."

(The employee's comments allude to that Apple's OS requires users to verify installations using a feature similar to the UAC found in Windows 7.)

II. How Widespread is the problem?

Andy says that in the past about 0.2 percent of service Macs were suffering from some kind of malware -- "most always DNS trojans."  Now that number soared to around 5.8 percent, mostly thanks to MacDefender -- a trojan that DailyTech previously reported on.

The employee states, "There's been a very real uptick in the number of malware instances we've seen."

"With regard to how the company is dealing with it, the answer is not very well," he adds. "As you know, OS X requires an admin user to authenticate and OK the install for pretty much anything that's not drag and drop. The response has been a case of 'they installed it, so it's not our problem.' Until something that makes use of a zero-day exploit hits, I really doubt that we're going to do anything, technology wise, to address this."

But is the OS X security model really superior to Windows 7?

Famed Mac security expert Charlie Miller, who won multiple years for the fast Mac hack at Pwn2Own, comments, "Mac OS X is no more secure than any other operating system. It has vulnerabilities, and it will let you download and run malware. The difference is that there simply isn't that much malware written for it. The bad guys have focused all their energies at Windows, which makes up the vast majority of the computers out there. However, as market share for Macs continues to inch up, that equation is going to change and bad guys will begin to focus in on Macs, if that hasn't already started to happen. And as I mentioned above, Macs are no more inherently secure than Windows, so when the bad guys decide to go after them with gusto, it'll get ugly fast."

Other hackers have also commented that OS X 10.6 ("Snow Leopard") has inferior security to Windows 7.  To boot, Apple doesn't provide users with free antimalware software like Microsoft Corp. (MSFT) does.

III. How Long Can Apple Keep up the Charade?

In recent months botnet-forming worms and trojans have targeted OS X.  Most of these pieces of malware have been amateurish efforts, though, or works in progress.  Nonetheless it remains a very real possibility that Apple could one day see a serious attack.

The question remains how long Apple can continue to manage to deceive its customers and obfuscate the fact that its platform has malware on it, and that the threat is growing.

But the line still seems to be working on the most gullible of Mac users.  For example in our coverage of the MacDefender infection one pro-Apple commentator and self proclaimed "expert", "TonySwash" wrote:

In the real world actual and successful malware attacks on Macs are virtually unknown, and if there are any at all the number is vanishingly small.

...

The really embarrassing thing is not that Windows get's (sic) all that malware, that's just the result of piss poor design decisions going back decades, what's really shameful is the way that some Windows fans choose to deal with this reality. They deny it. It's not Microsoft or Windows faults (sic), it's everybody's problem, or if it's not everybody's problem then its (sic) some sort of perverse reflection of Windows strength (sic).

Eventually Apple may have to face the music, though, particularly if customers take legal action against it for feigning ignorance, now that corporate documents have revealed that Apple is well aware of the attacks on its platform.

There's plenty of things you can fault Microsoft and the Windows platform for, but one thing you can say in their favor is that at least when they encounter malware they try to help customers and counter rather than claiming their products are "magic" and have no problems.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

World is ending tomorrow!!!
By Lanister on 5/20/2011 1:06:58 PM , Rating: 2
This is a sure sign of the end of the world that is supposed to happen tomorrow!!!




RE: World is ending tomorrow!!!
By JasonMick (blog) on 5/20/2011 1:17:30 PM , Rating: 5
quote:
This is a sure sign of the end of the world that is supposed to happen tomorrow!!!


Only for TonySwash. ;)

I'm sure he's been faithfully praying to Lord Jobs to deliver him to Mac heaven...


RE: World is ending tomorrow!!!
By cjohnson2136 on 5/20/2011 1:20:08 PM , Rating: 2
You know he will just come in here and argue by saying how bad MSFT or Google are. He won't actually respond to what Apple says.


RE: World is ending tomorrow!!!
By themaster08 on 5/20/2011 1:54:18 PM , Rating: 2
My feeling is that he'll keep quiet. He'll want to keep his job at Apple after all.


RE: World is ending tomorrow!!!
By StevoLincolnite on 5/20/2011 1:46:58 PM , Rating: 5
Haha, loved the article pointing at and belittling TonySwash, he had it coming to be honest! lol.


RE: World is ending tomorrow!!!
By themaster08 on 5/20/2011 1:48:37 PM , Rating: 2
I agree. I thought it was hilarious.


RE: World is ending tomorrow!!!
By kraeper on 5/20/2011 2:31:57 PM , Rating: 3
I disagree. Don't feed the trolls.


RE: World is ending tomorrow!!!
By Reclaimer77 on 5/20/11, Rating: -1
RE: World is ending tomorrow!!!
By tng on 5/21/2011 12:21:37 AM , Rating: 3
Well since you asked for it....

You calling someone childish? POT....KETTLE?

On the Tony thing, yeah, no one really likes Tony, except Tony.


RE: World is ending tomorrow!!!
By Paj on 5/23/2011 7:57:56 AM , Rating: 1
Agree. While funny, it would be more credible to link to an offsite article or post to back up his point.


RE: World is ending tomorrow!!!
By ekv on 5/22/2011 5:48:37 AM , Rating: 4
I do not defend Tony Swash in any way, shape or form. I am curious though, who's next? Because they "had it coming to be honest!"

For Jason to pick on a reader is rather poor form. Unless he knows Tony (in the real world) or, heaven forbid, maybe he IS Tony 8) If Tony is such an annoyance -- in the past others have called for him to be banned -- would not a private email informing him of possible sanctions have been a better approach?

Then again, public ridicule is effective albeit trendy.


By RedemptionAD on 5/20/2011 2:00:01 PM , Rating: 5
With proof staring him in the eyes of the internet and his name being called, Lord Jobs has probably force chocked him to death for failing him in the FUD campaign. The reality distortion field is down, send in some W-Wings and Lin- Fighters to blow up the DoushStar.


RE: World is ending tomorrow!!!
By Tony Swash on 5/20/11, Rating: -1
RE: World is ending tomorrow!!!
By Fleeb on 5/20/2011 2:27:52 PM , Rating: 4
Now I understand why you are the way you are.

http://www.bbc.co.uk/news/business-13416598

How sad :(


RE: World is ending tomorrow!!!
By Tony Swash on 5/20/11, Rating: -1
RE: World is ending tomorrow!!!
By themaster08 on 5/20/2011 3:00:25 PM , Rating: 5
Nice sources. Mac support specialists? How about the opinions of real security specialists? You would have known these if you'd read the article, as you would have known that Mac specialists will likely lose their affiliation with Apple for being up-front about this.

Keep drinking your beer, Tony, and drown out the reality.


By snakeInTheGrass on 5/21/2011 5:16:16 PM , Rating: 2
It's entirely possible there will be a real virus or worm one of these days - I don't think any OS has perfect security, and certainly if Apple didn't take security seriously they wouldn't have just brought on a new head for the OS security team - but this isn't it, just the usual sensationalism from a 'journalist'. People can install an app on any OS - Windows, OS X, or Linux. If you're inclined to install random apps that suddenly pop up on screen while you're browsing the web, you're probably a great candidate to be running a malware scanner because apparently you're looking for a way to shoot yourself in the foot. At least this 'news' is in the blog section.

In any case, it doesn't matter because the world is ending right about now.


RE: World is ending tomorrow!!!
By Homerboy on 5/20/2011 3:22:24 PM , Rating: 1
3-4 people a day.
Lets work in some ratios here...
So if Apple has (for easiness sake) 10% of the market share, and MS 90%, that means that if the tables were switched, and Apple had 90% they'd see roughly 25-40 people a day walking in with malware issues right? Simple ratios I know, but I think you could apply it here.


RE: World is ending tomorrow!!!
By nafhan on 5/20/2011 3:54:31 PM , Rating: 3
Look! I can pick and choose quotes from that article, too:
quote:
It gets worse as the stores scale up. We spoke to another Apple Store Genius, who we'll refer to as Andy, whose store services a couple thousand Macs per week. "There's been a very real uptick in the number of malware instances we've seen," Andy, said, adding that in the past, 0.2 percent of the Macs brought into Andy's store might have a malware problem—"most always DNS trojans."

That has changed in the last three weeks. Nowadays, something like 5.8 percent of machines Andy's store sees have a malware-related issue, almost entirely made up of MAC Defender or some variant.

"With regard to how the company is dealing with it, the answer is not very well,"
Andy told Ars. "As you know, OS X requires an admin user to authenticate and OK the install for pretty much anything that's not drag and drop. The response has been a case of 'they installed it, so it's not our problem.' Until something that makes use of a zero-day exploit hits, I really doubt that we're going to do anything, technology wise, to address this."
If I used a bunch of ellipses and cut out a few more things, I could probably make it sound even worse. Ars is a great site, but selectively quoting things can be very misleading. The conclusion of the article (as I read it) is that these problems will likely become more commonplace, but (as with most modern OS's) they can largely be avoided with a little common sense.

Also, have a nice vacation, AND GET OFF THE INTERNET :)


RE: World is ending tomorrow!!!
By Tony Swash on 5/20/11, Rating: -1
RE: World is ending tomorrow!!!
By Ghost42 on 5/21/2011 1:34:00 AM , Rating: 2
quote:
said one, "You couldn't get me to install Norton on OS X if you slipped me the date rape drug


Funny.. I feel the same way about Norton for Windows.. So, your point would be?


RE: World is ending tomorrow!!!
By Ushio01 on 5/20/2011 8:12:10 PM , Rating: 2
quote:
Two or three people a day :)


Hmm 230 odd Apples stores in the US so 690 people with malware problems a day in the US or 4830 a week, that sounds like a problem to me.


RE: World is ending tomorrow!!!
By LSet on 5/20/2011 6:30:57 PM , Rating: 5
I hate myself for taking the bait but...

OK seriously, I need to know, are you an IT security specialist? Do you work for a security vendor or as a security consultant for a major reseller? Have you had any serious vendor-agnostic security training?

Because honestly, as someone who works in a presales/engineer capacity for a reseller, you strike me as someone who isn't and who hasn't.

Of course the majority of Malware has been targeted at Windows, for years it has been the main OS for the home user. You want to target the person who doesn't have the technical know to deal with these kinds of threats, the kind of people who will just click that link. Those people will be in the masses, they are the people who will be using Windows because it was on their £300 PC from PC world. And they are now the people who are starting to buy MACs.

Your logic is like blaming the sporty three door hatchback for being in the majority of road accidents, rather than the moronic teenage boy racer who was behind the wheel.

Every OS has vulnerablities because they are made by human beings. If you like MACs, great, they are well built machines, but Apple's customer reponse to this kind of thing is appalling. I really hope they get a decent wake up call soon, simply so that the consumers benefit.


RE: World is ending tomorrow!!!
By JW.C on 5/21/2011 4:43:45 PM , Rating: 2
Tony, please explain to us if this isnt a problem why in the heck aplle has been snapping up security specialists like David Rice and Ivan Krstic? They sure didnt hire them for their abilities at gaming on the apple....


RE: World is ending tomorrow!!!
By sprockkets on 5/20/2011 6:17:40 PM , Rating: 2
Wow, when I sent that link to you Jason, I didn't expect this. Today is my lucky day.

Kudos.


RE: World is ending tomorrow!!!
By cjohnson2136 on 5/20/2011 1:40:25 PM , Rating: 2
Didn't you know...Macs getting malware was the first sign of the Apocalypse. Now that it is getting worse it clearly means the end is soon.


RE: World is ending tomorrow!!!
By therealnickdanger on 5/20/2011 1:57:12 PM , Rating: 5
Jobs 24:3-20

As Jobs sat on the Mount of Cupertino, the Geniuses came to him privately, saying, "Tell us, when will these things be, and what will be the sign of your coming and of the close of the age?" And Jobs answered them, "See that no one leads you astray. For many will come in my name, saying, 'I am the Steve,' and they will lead many astray. And you will hear of bots and rumors of bots. See that you are not alarmed, for this must take place, but the end of Apple is not yet. For OS will rise against OS, and beta against beta, and there will be viruses and fragmentation in various sectors. All these are but the beginning of the birth pains."

"Then they will deliver you up to GeekSquad and put you to death, and you will be hated by all geeks for my name’s sake. And then many will fall away and betray one another and load other OSs. And many false prophets will arise and lead many to other GUIs. And because malware will be increased, the monitors of many will grow cold. But the one who endures to the end will be saved. And this gospel of the Mac will be proclaimed throughout the whole world as a testimony to all corporations, and then the end will come."


By cjohnson2136 on 5/20/2011 2:05:43 PM , Rating: 2
THIS IS AMAZING


RE: World is ending tomorrow!!!
By SkullOne on 5/20/2011 3:13:52 PM , Rating: 5
This man so deserves a 6...


RE: World is ending tomorrow!!!
By FS on 5/20/2011 2:10:51 PM , Rating: 2
starting today? Explosion at Foxconn factory http://www.bbc.co.uk/news/business-13476800


RE: World is ending tomorrow!!!
By kleinma on 5/20/2011 4:18:21 PM , Rating: 2
more people kill themselves at foxconn weekly due to the slave labor than died in that blast...


RE: World is ending tomorrow!!!
By stimudent on 5/23/2011 12:51:17 AM , Rating: 2
Apple is sounding more like the Big Brother its portrayed in its 1984 commercial.


"We’re Apple. We don’t wear suits. We don’t even own suits." -- Apple CEO Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki