Monday, May 23, 2011

AppleCare staff told not to care about Mac malware infection

Apple is advising its AppleCare support representatives not to remove the new Mac Defender malware from users’ systems or even to confirm or deny that a machine is infected, according to a confidential memo obtained by Ed Bott of ZDNet.

The memo, dated May 16, 2011, instructs AppleCare support staff how to react if a Mac users calls about possible infection of the Mac Defender malware, which displays a web pop-up telling a user that his or her Mac has been infected by a virus and to install bogus anti-virus software. If the user installs the software, the program loads porn sites on the computer.
Bott, who was the first to spot complaints about the malware in Apple’s support forums, said that he counted 200 posts from users asking for help to remove the bogus software.
According to the Apple memo, there are two resolution paths that AppleCare representatives can take when users call about Mac Defender. If the user says he or she has not yet installed the bogus software, representatives are instructed to suggest that the user quit the installer and delete the software immediate.
“AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer’s Mac is infected or not”, the memo says.
If the user says he or she has already installed the software, Apple provides support staff with a number of guidelines.
“Important: Apple does not provide support or assistance in removal or diagnosis of malware. If the customer’s Apple product is eligible for support, advisors should determine that the Apple product is working properly by isolating the issue and ruling out issues with Apple product”, the memo states.
Apple advises support staff to make sure Mac OS X is up-to-date and all available security updates have been installed, direct the customer to the Help document “What is Malware?”, and then explain to the customer that “Apple does not make recommendations for specific software to assist in removing malware.”
Then, Apple provides four “important” bullet points for the support staff:
  • Do not confirm or deny that any such software has been installed.
  • Do not attempt to remove or uninstall any malware software.
  • Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
  • Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.
Apparently, AppleCare really doesn’t care about helping Mac users with malware on their machines. Apple did not returnInfosecurity’s phone call asking for comment on the memo and the Mac Defender malware.
Karel Obluk, chief scientist at internet security company AVG, was willing to comment: "After the recent discovery of a malware toolkit for Apple's OS X, it's clear that usage of the platform has reached a critical level, at which it has become a profitable target for malware developers. This marks a watershed in OS X's user experience, after which users will have to be more vigilant about their security online, and will need to take actions to protect themselves against online threats.”
Obluk added, "For Apple, it's time to admit that there are threats to OS X users, and to start educating its customers on how to avoid them. Avoiding the issue is an unacceptable abdication of its duty to its customers."

That's nice, ignore the problem and it should go away. No, they offer NO HELP AT ALL!  Even Microsoft would help for a  nominal fee.  Couldn't they, at least, suggest AV software?  They can't even talk about it, that's reeeeeeally odd even for Apple.


  1. Here's the thing... Being haters and all you probably don't get to see how Apple works things out. Because of the position they are in, knee-jerk responses are more than likely to cause more trouble than they are actually worth.

    Look at the "antennagate" issues. Apple kept quiet while they researched the problem and then announced a solution. A solution that worked.

    Look at the latest patent troll stuff from Lodsys. Ten days after the first letter hit a developer's desk they responded with letters.

    This stuff takes time to sort.

    Here is what I suspect is going on. Not being Mac users you wouldn't know that the OS does some limited antivirus stuff. Built in. I would think that Apple are figuring out a way to block and remove this and will release a fix in an upcoming security update.

    If you are stupid enough to click and install a trojan then you need to clean up your own act rather than go to the genius bar every time you install malware through a social engineering trick.

    Far better that the genius bar people actually sort out real problems rather than hold peoples hands to fix a problem of their own making.

  2. Yes, but, not even acknowledging the situation? Not being able to talk about it? If I were an Apple customer I would be furious. The very least they could do is point the customer to a website of Apple's creation suggesting ways to remove the unwanted software. Tell them , "Yes, we understand the problem and we want to help. We are currently working on the best solution for this issue." I don't know, instill a little peace of mind for your loyal customers.

  3. Read the directive yourself, which is directed at Applecare personnel -- the folks that pick up the phone when you call Applecare.

    Applecare personnel are told to point people to Apple's user forums where there is plenty of info on how to deal with this issue. Aparently it is quite easy to remedy.

    They also can tell people where to purchase antivirus software (at the Apple Store's software pages). Isn't this what you haters seem to want everyone to do?... purchase antivirus software for their Macs?

    What AppleCare personnel aren't directed to do currently is to try to remotely diagnose and repair specific malware infestations, which can be an involved time consuming process. Mac Defender malware apparently doesn't require as radical a solution as this, but as many Windows users know firsthand, in the absolute worst case, removing malware could involve making a complete disk backup, wiping one's boot disk and reinstalling everything. This is not something that should be undertaken lightly, or be directed via the phone.

  4. Apple has posted the following instructions to their support site.

    How to avoid or remove Mac Defender malware

    This should be more than adequate to address the flaming concerns of FUD-slingers like Ed Bott.

  5. I have already posted that comment twice on this forum - but it kept being deleted.

  6. The Applehaters comment system tends to auto-delete new postings from time to time. It recently took me 4 tries to get one to stick.

    Perhaps this is the level of quality that non-Apple users are accustomed to,

  7. Thanks of the advice Brett...

    BTW Looks like my first comment was correct.

    "Here is what I suspect is going on. Not being Mac users you wouldn't know that the OS does some limited antivirus stuff. Built in. I would think that Apple are figuring out a way to block and remove this and will release a fix in an upcoming security update."

  8. Lol, nope, as a non-Apple user I am accustomed to excellent quality devices and OS's. I have never had a virus or malware and I can do everything an Apple computer can do and more, better and for less money.

    As far as your posts getting deleted, I believe Blogger marks posts as spam if they contain a lot of http:// links in them. FYI

  9. They were told to not fix it because Apple had to do research. Also, since Apple has now done the needed research, there is a new memo telling AppleCare staff to remove MacDefender on sight.

  10. Apple's "fix has already been circumvented.

  11. Looks like apple's security software with automatic updates has cooled things down for the time being.