Applecare rep talks about Malware

[thejadedmonkey]

ZDNet posted an article about the state of malware on the Mac, specifically regarding Mac Defender, and the Applecare responce. I didn't see it anywhere, so I will share.

Full article: http://www.zdnet.com/blog/bott/an-a...is-getting-worse/3342?tag=mantle_skin;content

An AppleCare support rep talks: Mac malware is "getting worse"

Over the weekend, I got an e-mail from an AppleCare support rep, who was responding to my recent reports of Mac malware being found in the wild. At least one prominent voice in the Mac community dismisses these reports as “crying wolf.” The view from inside an Apple call center says it’s for real:

I can tell you for a fact, many, many people are falling for this attack. Our call volume here at AppleCare is 4-5x higher than normal and [the overwhelming majority] of our calls are about this Mac Defender and its aliases. Many frustrated Mac users think their Mac is impervious to viruses and think this is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls.
...

AC: There’s usually about 600 or so of us spread around 14 centers for CPU support. Before this started happening, we had 7-12 minutes between calls generally. Now we’re lucky to have any time between calls.

We started getting a trickle of calls a couple weeks ago. However, this last week over 50% of our calls have been about it. In two days last week I personally took 60 calls that referred to Mac Defender.

 

[miles01110]

Perhaps if the peanut gallery would stop colloquially referring to "malware" as "viruses" the perception that OS X was impervious to "malware" wouldn't be so prevalent.

 

[TheSideshow]

Perhaps if the peanut gallery would stop colloquially referring to "malware" as "viruses" the perception that OS X was impervious to "malware" wouldn't be so prevalent.

Who do we blame for that? Apple!

 

[thejadedmonkey]

I'm just shocked that they're telling the Applecare staff not to help. If I were to have puchased a 15", $2199 Macbook Pro, plus AppleCare extended warranty for $349, totaling $2548, which is $1192 more than a (roughly) comparable Dell, doesn't that grand they make in profit entitle me to something?

Here is Apple's problem: The consumer who spends 2k on a computer when they could have gotten one for $500, is going to feel entitled. And once Apple doesn't take care of that entitlement, well, there goes their marketing magic.

I know it's not Apple's place to deal with malware, but there are many people who bought into the whole "Mac's done get virus's", and paid 2-4x as much as they otherwise would have. We are going to feel very disenfranchised. As soon as you give us a reason to not feel superior, but also tell us that we are not entitled to what we feel we are entitled to at the same time, you have a backlash on your hands. And that's bad for Apple. very very bad, because it literally destroys their brand image.

 

[*LTD*]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)

Number of infections must be pretty low.

This happens every year. A new trojan is discovered. There's a mini crisis. The media covers it to death. We move on, and the situation is virtually unchanged from years ago.

This will have ZERO effect on Apple's image. There simply isn't enough of a problem. If antenna-gate was so deftly and easily side-stepped by Apple, going on to sell record numbers of nearly everything they make, and consumers now swooning over the iPad, then how much of an effect will a single Trojan have? The same effect as last year, and the year before, and the year before that: nothing.

And the whole Mac's don't get viruses thing? They don't. Still. After a decade. Apple has boasted about this, and it has always been true. It still is.

The AppleCare rep story is bogus anyway. No AppleCare rep in their right mind would go out of their way to make such admissions, regardless of the truth of the matter. The guy even did an interview?? That's enough baloney to make a sandwich.

Ed Bott on The Microsoft Report, telling us about an Apple rep that he actually interviewed, admitting that malware is a real problem on the Mac!

Who actually falls for this ****??

 

[maflynn]

Number of infections must be pretty low.

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

While OSX has shown itself impervious to viruses in the past, that doesn't mean it will always be bullet proof. Additionally, malware covers not just viruses but other program types.

The increased popularity of OSX means the odds will increase in seeing more malware. I'd say Mac users are probably more ill-prepared then their windows brethren.

First because of the perception that macs cannot get viruses and people use the word virus and malware interchangeably. This leads to a false sense of security and laziness when it comes to security.

Secondly is apple's historical stance on being slow and closed to security issues. Unlike MS which strives for a transparent posture regarding security, apple stonewalls and is silent.

Both of those situations means that it will be easier for macs to get malware in the future then windows users.

 

[*LTD*]

2001

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2002

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2003

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2004

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2005

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2006

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2007

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2008

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2009

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2010

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

2011

The infections may be low but the numbers are increasing. I think we're seeing the mac platform coming under increased scrutiny of those who write malware.

One new piece of malware every other year doesn't equal "increased scrutiny."

Saying the same things every year doesn't make it true. We had the same situation like three years ago with that iWork malware. The vast ocean of malware was supposed to hit *then*! It was just around the corner. Windows-sufferers on Neowin were laughing it up, saying that we got what was coming to us and we'll get to to experience the "real" world of computing.

So Wha' happened? Nothing. Nada. It was forgotten.

At this rate we'll be waiting several years more.

But that ocean of malware is just around the corner. No, really. This time they swear it is! Honest!

 

[TheSideshow]

2001



2002



2003



2004



2005



2006



2007



2008



2009



2010



2011



One new piece of malware every other year doesn't equal "increased scrutiny."

Saying the same things every year doesn't make it true. We had the same situation like three years ago with that iWork malware. The vast ocean of malware was supposed to hit *then*! It was just around the corner. Windows-sufferers on Neowin were laughing it up, saying that we got what was coming to us and we'll get to to experience the "real" world of computing.

So Wha' happened? Nothing. Nada. It was forgotten.

At this rate we'll be waiting several years more.

But that ocean of malware is just around the corner. No, really. This time they swear it is! Honest!

What dont you get?

"An AppleCare support rep talks: Mac malware is "getting worse""

 

[Rodimus Prime]

What dont you get?

"An AppleCare support rep talks: Mac malware is "getting worse""

It is LTD. LTD is so far gone in Apple worship the facts could be hitting him in the face and he would deny deny deny. Or do the I am sorry and appoligize for Apple by insulting you.

A few years ago someone put a malware in some file that could downloaded from a post here. It was comedy gold mine on seeing how many "smart" internet users here opened and then spent a fair amount of time undoing the damage. This was before LTD's time as I was still at TTU when it happened but it was funny as hell to watch. I honestly do not think I was posting at the time but I remember reading it. Apple users broke rule number one when surfing the internet. Never open any unsure or unknown file. I follow that rule no matter what OS I run.

Trojans work because they go threw the biggest unpatchable security hole in any OS. The user.

 

[*LTD*]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)

Facts? This story isn't.

No viruses for Macs and about 3 pieces of malware in the wild in 10 years, however, most certainly *is* fact.

 

[TheSideshow]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)

Facts? This story isn't.

No viruses for Macs and about 3 pieces of malware in the wild in 10 years, however, most certainly *is* fact.

You love introducing fallacies

again "An AppleCare support rep talks: Mac malware is "getting worse""

it doesnt matter if its one or a million. It's "getting worse" according to this rep and from this forum a number of people fell victim.


Infection covering over 50% of his calls (reported) at 30 calls per day (reported) at 600 reps (reported) = 9000 calls to AppleCare per day about malware.

Obviously this affect more than 9000/day since the customers need to call in as well as have AppleCare.

 

[roadbloc]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)

Facts? This story isn't.

In that case, neither are any of the stories you post.

 

[Rodimus Prime]

You love introducing fallacies

again "An AppleCare support rep talks: Mac malware is "getting worse""

it doesnt matter if its one or a million. It's "getting worse" according to this rep and from this forum a number of people fell victim.


Infection covering over 50% of his calls (reported) at 30 calls per day (reported) at 600 reps (reported) = 9000 calls to AppleCare per day about malware.

Obviously this affect more than 9000/day since the customers need to call in as well as have AppleCare.

Add in how many people never call in. I know I would never call Apple care for something like that. I generally would go in and fix it myself because not like scripted phone support gives me any answer that I can not or have not done myself already.

 

[munkery]

How serious can you take an article with an unnamed source in a column called "Ed Bott's Microsoft Report."

I'm just shocked that they're telling the Applecare staff not to help.

Again, how credible is that source? Jaded could be the source for all we know.

Also, do you call the hardware manufacturer and/or Microsoft to help you remove malware from a PC?

Microsoft tech support only provides minimal aid with malware removal. That minimal aid, in its entirety, is to tell users to install anti-virus software.

But, what if the threat is novel enough to not be detected by AV software?

Also, how many of those Applecare calls represent actual infections? If the user didn't authenticate the installer then nothing was installed. But, users still could have be motivated to call Applecare despite not being infected due to the FUD webpage that is part of the social engineering of this trojan.

In reality, Mac OS X will not have the same malware problems as Windows. The main reason Windows has so many issues is the Windows OS with the greatest market share, XP, does not use discretionary access controls (DAC) in the account type, admin, used by most users. An OS has no user space security mechanisms and many trojans can install without authentication when run without DAC. The primary user space security mechanism in this regard protects security sensitive data from being logged when entered into password prompts and web forms.

Also, even Windows 7 has a higher liability to have more malware issues due to having a greater number of privilege escalation vulnerabilities.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Mac+OS+X+gain+privileges+2011
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Windows+7+gain+privileges+2011
Privilege escalation is required to install rootkits that bypass user space security mechanisms in OSs that use DAC unless social engineering ploys trick unknowledgeable users.

Most OSs provide enough security such that malware that relies on social engineering, such as MACDefender, is obvious and easy to avoid with a little bit of user knowledge. Even if the volume of Mac OS X malware increases proportionally in terms of market share, the incidence rate of successful infection per capita will not equal that of Windows, specifically XP, due to using DAC by default and having fewer privilege escalation vulnerabilities.

Other examples show that the more targeted platform is that which is easier to exploit. Microsoft IIS is exploited more than Apache despite Apache having greater market share. Android OS has more malware than iOS despite roughly equal market share. The incredibly large volume of Windows malware is due both to being an easier target and greater market share.

 

[*LTD*]

I'm wondering where all the "rampant" Mac malware is, and where the "explosion" of malware is, when we've only really heard of at most three pieces of malware found in the wild over a 4-year period or so.

Where's the explosion? This is really no different than the iWork trojan that popped up a few years ago.

http://www.neowin.net/news/main/09/01/22/iwork-09-trojan-infects-20000-pirates

And before that, Leap-A in 2006:

http://www.theregister.co.uk/2006/02/16/mac_os-x_virus/

Each time we were told the end is upon us.

Since the iWork trojan it's been pretty quiet. And now we have one again, seemingly because it's been a while and it's as if we're obligated to get a new one every 2-3 years. Which I'm totally cool with. A new piece of malware every few years. Seems like a fair deal. So by around 2015 or so we'll have a grand total of like 5 non-virus malware reported in the wild. Most of which we'll never actually experience. But it's something to talk about.

But this is how it works in the Apple world. Something pops up every few years, people go a little crazy, we're forced to hear about impending doom, and then . . . crickets. At this rate it'll take years or until we begin to see reported malware (the likes that makes these big headlines) slide into the double digits.

The only explosion I see is of sensationalist headlines . . . and of course, Windows malware. So, in other words, the usual.

 

[munkery]

ClamXav has contained definitions for MACDefender and related variants for over a week. This list shows all the Mac malware detected by ClamXav.

Use ClamXav's Sentry feature to real-time scan ~/Downloads, ~/Library/Mail, and ~/Library/Mail Downloads. See the links in my sig for more Mac security tips.

This is the prompt that appears when MacProtector is detected:

 

[GGJstudios]

I'd say Mac users are probably more ill-prepared then their windows brethren.

Actually, the reverse may very well be true. If you think about the threats that exist for Mac OS X, they're all trojans, which require the user to actively install them. In the past, they targeted software pirates, through trojan-laced versions of iWork and other apps. What's different about this one is that it targets those who are fearful that they might have a virus. Who does that sound like? A long-time Mac user, who likely knows there are no viruses and only rare encounters with malware? Or a long-time Windows user who recently switched to Mac, who still jumps every time "virus" is mentioned?

I believe the MacDefender threat is targeted toward recent Windows-to-Mac switchers, who still have the "Windows mentality" that they need antivirus.

Trojans work because they go threw the biggest unpatchable security hole in any OS. The user.

This couldn't be more true.

 

[mrsir2009]

Yeah, Apple said Macs don't get viruses. Malware is not a virus.