Posted on 05/20/2011 4:59:09 PM PDT by Swordmaker
Apple hopes that if it pretends that malware doesn't exist its customers will believe so too. Apple techs are under strict orders not to help customers who are suffering from malware infe Employees claim ~6 percent of Macs are now infected by malware, though many Mac owners are convinced their computers are "immune" to such problems. (Source: Cult of Mac) Microsoft actually helps protect its customers from malware programs and acknowledges they exist. It even offers its customers free protection. (Source: iTech News Net) Jobs and company hope to keep customers ignorant of the truth
Apple, Inc. (AAPL) long had the good fortune (from a certain perspective) of not being very popular with consumers and thus gaining security through obscurity. With millions of Macs in the wild and Apple sitting pretty in fourth place in PC sales, though, the company is seeing an increasing number of malware attacks.
I. The Customers Want the Truth? They Can't HANDLE the Truth!
In response to these attacks Apple has reportedly implemented a policy which is equal measures bizarre and baffling -- it's telling technicians to adopt a "don't ask don't tell" policy with regards to customers complaints about malware, feigning ignorance on the topic.
An Apple Store Genius (store technician) leaked internal documents to ArsTechnica. One memo reads:
Apple Internal Use Only - Issue/Investigation in Progress - Confidential Information - Do Not Disclose ExternallySymptoms
Customers may call AppleCare to report and issue with malware (trojan) software known as Mac Defender or Mac Security, or because they are concerned that their Mac could become infected. The name may vary as new variants are released onto the internet. This malware is installed from malicious websites.
Products Affected
Mac OS X 10.6, Mac OS X 10.5, Mac OS X 10.4
A second memo adds:
Important
- Do not confirm or deny that any such software has been installed.
- Do not attempt to remove or uninstall any malware software.
- Do not send escalations or contact Tier 2 for support about removing the software or provide impact data.
- Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.
The disgusted Apple employee is quoted as stating, "Frankly, it's Social Engineering at it's finest. In some respects, I feel a little bad for the people hit by this, but at the same time, I can't help but be frustrated that people inherently trust everything they're prompted to do on their machines. The beauty of Mac OS X is its security model. That people blindly enter a password is going to be the undoing of it."
(The employee's comments allude to that Apple's OS requires users to verify installations using a feature similar to the UAC found in Windows 7.)
II. How Widespread is the problem?
Andy says that in the past about 0.2 percent of service Macs were suffering from some kind of malware -- "most always DNS trojans." Now that number soared to around 5.8 percent, mostly thanks to MacDefender -- a trojan that DailyTech previously reported on.
The employee states, "There's been a very real uptick in the number of malware instances we've seen."
"With regard to how the company is dealing with it, the answer is not very well," he adds. "As you know, OS X requires an admin user to authenticate and OK the install for pretty much anything that's not drag and drop. The response has been a case of 'they installed it, so it's not our problem.' Until something that makes use of a zero-day exploit hits, I really doubt that we're going to do anything, technology wise, to address this."
But is the OS X security model really superior to Windows 7?
Famed Mac security expert Charlie Miller, who won multiple years for the fast Mac hack at Pwn2Own, comments, "Mac OS X is no more secure than any other operating system. It has vulnerabilities, and it will let you download and run malware. The difference is that there simply isn't that much malware written for it. The bad guys have focused all their energies at Windows, which makes up the vast majority of the computers out there. However, as market share for Macs continues to inch up, that equation is going to change and bad guys will begin to focus in on Macs, if that hasn't already started to happen. And as I mentioned above, Macs are no more inherently secure than Windows, so when the bad guys decide to go after them with gusto, it'll get ugly fast."
Other hackers have also commented that OS X 10.6 ("Snow Leopard") has inferior security to Windows 7. To boot, Apple doesn't provide users with free antimalware software like Microsoft Corp. (MSFT) does.
III. How Long Can Apple Keep up the Charade?
In recent months botnet-forming worms and trojans have targeted OS X. Most of these pieces of malware have been amateurish efforts, though, or works in progress. Nonetheless it remains a very real possibility that Apple could one day see a serious attack.
The question remains how long Apple can continue to manage to deceive its customers and obfuscate the fact that its platform has malware on it, and that the threat is growing.
But the line still seems to be working on the most gullible of Mac users. For example in our coverage of the MacDefender infection one pro-Apple commentator and self proclaimed "expert", "TonySwash" wrote:
In the real world actual and successful malware attacks on Macs are virtually unknown, and if there are any at all the number is vanishingly small.
...
The really embarrassing thing is not that Windows get's (sic) all that malware, that's just the result of piss poor design decisions going back decades, what's really shameful is the way that some Windows fans choose to deal with this reality. They deny it. It's not Microsoft or Windows faults (sic), it's everybody's problem, or if it's not everybody's problem then its (sic) some sort of perverse reflection of Windows strength (sic).
Eventually Apple may have to face the music, though, particularly if customers take legal action against it for feigning ignorance, now that corporate documents have revealed that Apple is well aware of the attacks on its platform.
There's plenty of things you can fault Microsoft and the Windows platform for, but one thing you can say in their favor is that at least when they encounter malware they try to help customers and counter rather than claiming their products are "magic" and have no problems.
I have never done any of that, I merely do scans with free security software.
There is another step between the drawing and the disembowlment/quartering in traditional english executions, not politely mentioned. Well deserved for whoever came up with the windefender hoax malware.
I never have much luck with them. Maybe I surf too much porn or something..
They are so getting sued.
It can be difficult to break through the worst gatekeepers but a flash drive can help that, then scanning can be rough at first until the most hardcore stuff is gone, but then the scanning with all the various types of programs does it’s thing, and then I repeat the scanning using many various competing programs.
I enjoy the process and like getting free computers for me, or to give to someone for free as a starter computer.
I just cleaned out my Mac. after it was attacked by Russia's biggest export.
Only took me two hours, which for a techno-tard like me is something of an accomplishment.
The only fully secure computer is one that is unplugged, sent through a shredder, then melted into slag.
Unlike Microsoft technicians...who don’t have to feign anything. :)
You will find a video here explaining that: How To Remove MACDefender Malware Software [Video How-To].
I picked it up the other day (clicking on a picture of a dog of all things while doing an image search in google). Didn’t install it, and got rid of it pretty easily via my geek son. It was no big deal. Of course, I didn’t click on the install button. It might have been a much bigger deal if I had.
BTW did Apple really send out a memo with a typo in it?
That seems to be the most common vector. There is some kind of javascript that downloads the installer when you click on the Google image preview. I got the installer during an image search, and was a bit taken aback when an unexpected installer popped up (I cancelled the install and deleted the .dmg from the downloads folder, so I didn't get infected).
One major protective measure: Go to Safari ->Preferences ->General, and uncheck "Open "safe" files after downloading". I believe it's off by default.
“Whomever wrote it, updates it, and/or distributes it through those hoax ads should be executed without trial, Middle Ages style (shown their entrails before theyre given the axe).”
I make a living removing badware from windoz boxes, and I agree with you. If I was running the show, I’d burn the first person convicted of releasing a major virus live at the stake in the middle of the Washington Mall with cameras broadcasting the fire live to the whole world. And I’d keep burning them until it stopped. I think after the third one, all would be well again.
If you get a warning that your Mac is infected with malware while surfing the Internet, you've detected it. Don't believe it! Don't click on any part of it. Ignore it.
Don't download it, don't install it. Don't give it permission to install.
If you installed it, here's how to remove it simply
I spoke to some friends who work in the Apple store in Modesto, and another who is a friend of my daughter who is an Apple Care call center person... They all said this is BS! First, they are not getting anywhere near the level of calls about MacDefender as this guy claims. Secondly those they do get, they tell the customers how to delete the application and take out the auto-startup in the user's login items. Four or five easy steps. Anonymous, "Apple employees" leaking things... putting their jobs at risk... Two in two days? Just at the time when there usually is typically a spate of FUD released before a major Apple PR event??? There is NOTHING new about this type of Scareware attack. There was one just like it last year. . . and it went nowhere. There is nothing special about this one either.
I like you.
Nice touch.
:’) Well done!
Do not be suprised if as the end of the article states, it will end up taking either just one Mac user or a whole class action lawsuit to force the hand of Apple to accept the reality that Mac will very much end up getting hacked, and even more so now, with it using the intel processors for Apple/Mac related products.
I suppose I'm safe...for now.
*cue ominous music in minor key*
I spoke to some friends who work in the Apple store in Modesto, and another who is a friend of my daughter who is an Apple Care call center person... They all said this is BS!So the question is... How long before this backfires in Apples face? Just stupid! To pretend Malware does not exist is equivalent to Apple claiming the world is flat.
Whether or not it is posted on Apple's wall, Apple projects to the public a very clear mission statement:The cynicism this article attributes to Apple would be directly in contradiction of Apple's mission, and if such cynicism actually characterized the company Apple would never have succeeded in the mission as I have characterized it.To provide the public insanely great digital devices. (Cynicism about the reality of the profit motive would be gratuitous. Certainly Apple, or any other company, would collapse if they did not get credit - in the form of profit - for accomplishing their mission. But a company which make profit itself its explicit mission loses its bearings and is not profitable).
They are so getting sued.If by "they" you mean the publisher of this article, we are in agreement.24 posted on May 20, 2011 9:19:35 PM EDT by rmlew
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.