Apple continues to tell support reps: do not help with Mac malware

Apple continues to tell support reps: do not help with Mac malware

Summary: Apple continues to maintain a public silence on the current outbreak of Mac malware, which may have affected more than 60,000 Mac owners. Meanwhile, a leaked document from an Apple call center confirms that the company continues to refuse any help to affected customers.

TOPICS: Apple, Hardware

Update May 24, 4:30PM PDT: Apple has now posted a support article on its website: How to avoid or remove Mac Defender malware. A note at the top of the article says:

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

How is Apple responding to the flood of customer calls about installations of the Mac Defender malware?

According to multiple tech support insiders, the company has doubled down on its policy of denying any help to affected customers. Meanwhile, despite evidence that a large number of customers have been affected by this issue, Apple has made no public statement and did not respond to two requests for comment.

My sources tell me call volume for Mac Defender-related issues continues to be high. One AppleCare support agent told me last week that 50% of calls in the previous week were related to this issue. A rep in a different location confirmed that number but said volume had dropped this week:

In the first days after Intego identified the issue I would say 50-60% of calls were driven by Mac Defender.

Now still within the 20-25% range....I think Google may be getting a handle on the gamed SEO placements and poisoned links that started the whole fiasco.

So how big is the problem? Apple's silence makes it impossible to know for sure. However, I'm told that the division that handles Mac support calls receives between 10,000 and 20,000 calls a day. If 25% of those calls are related to this issue, which has been going on for 25 days, the total number of customers affected could be between 60,000 and 125,000, and growing.

One contractor who works for a third party that handles support calls for Apple in North America sent me a confidential document that had been distributed to all personnel at his location. The document contains detailed instructions from "the client" (Apple) that the firm's employees must follow when dealing with calls from customers asking for help with Mac Defender issues. (I've posted a copy of the document at the end of this post.)

The document, which is labeled "Valid as of May 20th 2011 subject to further revisions," instructs support reps to "Start with an upbeat tone and stay positive." That's followed by two blocks that outline the script the agents are expected to follow:

"I am glad that you decided to call in about this issue today. Based on the symptoms you describe it sounds like you may have malware on your computer. I would be more than happy to send you an article about what malware is and is not. Lets [sic] make sure you have all your software up to date."

"Apple's [sic] doesn't recommend or guarantee any specific third part [sic] anti-virus protection over another. However I can suggest several third party virus protection programs that you may want to consider researching to find the best one for your needs."

At that point the rep is ordered to suggest "at least three or four different programs from anywhere" and direct the customer to the App Store or the Apple Online Store.

In a particularly Orwellian turn of phrase, the anonymous author of the document then notes dryly, "According to the client the point of this is to empower the customers to become more internet and security savvy."

The end of the document includes a list of "Things you must never do according to the client." The list of prohibited actions includes all of the steps required to clean a Mac Defender infection:

- You cannot show the customer how to force quit Safari on a Mac Defender call

- You cannot show the customer how to remove from the Login items.

- You cannot show the customer how to stop the process of Mac Defender in their Activity Monitor.

- You cannot refer the customer to ANY forums or discussions [sic] boards for resolution (this includes the forums)

The final item on the list contains instructions that prevent support personnel from indirectly helping clients:

- Once you know that the call is about Mac Defender, and then the customer decides to try and ask you general questions to find a loophole (IE: "OK, then how would you uninstall a third party program in general" or "How do I stop programs from starting upon launch") The point of this is, things that would be considered "general product usage" questions are not allowed to be answered if the customer has already informed you that he potentially has MacDefender and is now asking obvious questions to skirt our policy.

The upshot of this policy is to explicitly prohibit any action that could help customers. For tech support personnel, that's a bitter pill to swallow.

One rep who contacted me via e-mail describes the current mood among fellow support reps as "horrid," adding, "We are now under strict orders, of course without distinctly saying it, to help NO ONE with Mac Defender under threat of our jobs ... All I heard all day today from other advisors was how Apple doesn't want to take care of its customers and how this new policy constrained our ability to do our job and directly affects our pay."

A second rep told me, "The shit has hit the fan."

You can see a copy of the entire document here:

Topics: Apple, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Message has been deleted.

    • RE: Apple continues to tell support reps: do not help with Mac malware


      I do not think that is a general rule. I think that there are more MacOS users out there that fall in the general computer user category than ever before but lets not stereotype most of the lot.

      I think that there are just a whole lot of naive and unsuspecting technology users out there no matter what platform they decide to use in what category of technology.

      I have seen one instance of this Mac Defender pop up but I see many (Mostly XP) users falling for similar tactics. People just need to take the time to educate themselves or not dismiss the information on how to safely and securely use their technology devices because it is too much of an inconvenience. Maybe worry less about celebrity's lives and give up some other pointless things you do in your day and give yourself a couple hours a week to learn how to protect yourself. It is not from a lack of information on what is out there either. It is because people are more worried about their personal entertainment and just expect the computer to protect them and that is their first mistake. Using a computer holds some level of personal responsibility just like you have a personal responsibility to protect your house, car, and family.
      • Well said

        That was very well said. Personal responsibility is something we have forgotten about lately, and it is biting us all in the a$$.

        Having said that, Apple's response is <i>pitiful</i> and job risk or not, were I still working at the Genius Bar I would be doing every surreptitious little thing I could do to actually fix the problem when I encounter it. Even if it is just to educate the customer on how to fix it themselves at home. I know quite a few Genii who will undoubtedly take this tack for as long as they can.

        Technology should really come with some basic knowledge documents. "This is how to do X, this is how to uninstall Y, and these are the types of Z to be wary of".
      • RE: Apple continues to tell support reps: do not help with Mac malware


        I agree. Why is it that so much of the Windows community is happy about a rogue AV finally making its way over to the Mac? I've been saying for years that Apple was breading a bad situation for itself. You have users who think they are invincible to viruses so they can do whatever they want and trust whatever they see. Likely the "switchers" are at the biggest risk, those who went from XP to Mac because it's "safe". In my experience a user who continuously gets infected does it on any machine they sit at, no matter how well you protect it. Assuming the user has to have local admin rights, which is how it is at most SMB. It's kind of sad.

        The worst part is some of these users are very likely to have finally started to get the idea that they needed to be caucious while surfing the web. Apple enticed them with this magical, free-from-trouble experience. It's Apple's fault for perpetuating this myth that they are invincible but I do feel bad for the users falling victim to it.
      • Not just what platform ...

        I think that there are just a whole lot of naive and unsuspecting technology users out there no matter what platform they decide to use in what category of technology.

        Not just what platform, but what item.

        Their cell phone drops out, they have no idea why.

        Or their classic car pops a fuse so they put in a larger fuse only to burn a wire, and the explanation that it quit working because they let the smoke out sounds good to them.

        Or how about someone who can't keep the concept of RAM and hard drive separated in their mind? You draw them a picture, they still don't get it.

        Sad to say that more and more people use technologies without a clue of how those technologies work. Not saying they need to know the Doe-Ray-Me of an items function. That would be an unrealistic expectation. It would be nice if people had a fundamental understanding of an items operation, a most basic level, and not have it all be Magic.
      • Good point!

        Now thats a realistic veiw on the situation.
      • RE: Apple continues to tell support reps: do not help with Mac malware

        Each of these people with Mac Defender had to enter their username and password to install the application. They are fully responsible. Now what they could do is delete the account which is 'infected', make a new user account and run their backup to reinstall their files. They do use time machine. Right?
      • I'll tell you why...

        [b]Why is it that so much of the Windows community is happy about a rogue AV finally making its way over to the Mac?[/b]

        My thought on why this is - it's because for pretty much the last decade or so, many (not all, but many) Mac users have had this holier than thou, 'we can do no wrong, we're better than you are because we use a Mac and you don't" attitude. Apple's advertising hasn't done nothing about this except reinforce the behavior.

        So yes, It's nice to see them taken down a few notches.
      • Completely false and so obvious

        @bobiroc Like the article your comment does not ring true and it should not. It is completely false. I was in the Apple store a couple of weeks ago and they walked me through the steps to remove the virus. They even have a document corporate wide in which the Specialist walked through to remove the virus. Activity Menu/Quit Program/Delete Program/Delete related program in download file/remove from log-in startup menu. Right there in a black and white document. Simple process. It is possible a month ago the solution had not been put into a process. But once there was a solution and it was distributed their is absolutely no reason any company would not resolve.
      • RE: Apple continues to tell support reps: do not help with Mac malware

        @bobiroc The article was about the cavalier attitude Apple displays against customers. Not a nice way to treat the people that fills their pockets. Yes, people should be more savvy, but Apple must provide assistance because most Apple users think they're immune to viruses and hence they never install anti virus software in their systems, and Apple loves that people think their systems are invulnerable and indestructible... in a way, it's their fault users get in this kind of mess. What if it was Microsoft? I can see fanbois asking for heads to roll.
      • Message has been deleted.

      • Well put

        @bobiroc I wholeheartedly agree with you.
        Si queres comprar <strong><a href="">Celulares en el Uruguay</a></strong> visitanos, pero si te interesa hacer
        <strong><a href="">Compras en Panama</a></strong> tambien te podemos ayudar.
    • I guess the test was successful

      after finding out how easilly these owners where duped, I'm sure we'll see more of these in the near future.
      Will Pharaoh
    • RE: Apple continues to tell support reps: do not help with Mac malware

      I thought this was the 'Microsoft Report'?
      I guess with MS in total FAIL mode you gotta find a new schtick to drive hit count up.
      • RE: Apple continues to tell support reps: do not help with Mac malware

        @james347 Dude, do you hate everything and everyone? Yes this IS the Microsoft Report - way to go there Susan you can read! However where were you when Ed wrote the first five articles on this subject? let me guess hating on something else somewhere else.

        And how is Microsoft in total fail mode"? Wait a minute, DonnieBoy is that you?
      • RE: Apple continues to tell support reps: do not help with Mac malware

        @james347 Ah, that's it! It's all a conspiracy by MS and its lackeys; Mac users are too smart to allow any malware to get to their machines; they are completely safe from viruses, never crash, never have any hardware or software issues, are MUCH more intuitive to use and fix (except nothing ever needs to be fixed because any reports of problems are made-up stories by MS cronies), and are less expesive than PC's to boot. And THAT was only with they're even better, and have fewer than the 0 problems that the earlier machines had. They would solve the world's problems in a day if the MS conspiracy wasn't stopping them. Jobs for President!
      • agreed, the FUD master and liar at full swing

        and as usual "his sources" cannot be named and might as well made up. and in addition he just pulls some numbers out of his a**. 60.000 affected? sure, ed. i ilke how you say it: "the total number of customers affected COULD be between 60,000 and 125,000, and growing..." or it could be 60 and falling. who knows. surely not ed bott.

        ed bott is the FUD master of all things anti-apple. he hates apple with all his heart, now even more that microsoft is on the brink of a long, ugly implosion. apple support not helping apple users? what a load of bs. another fabricated phony outrage apple story from the usual suspect.
        banned again by ed bott
      • RE: Apple continues to tell support reps: do not help with Mac malware

        Still drinking the koolaid, are you???
      • RE: gotta find a new schtick .....


        Please do not get me wrong on this. <i>I enjoy bashing Microsoft all of the time!!!!</i>

        But, this <b>complete abandonment of your customer when they have encountered difficulties, <u>makes Microsoft look like a saint.</u></b>

        I can sum up Apple's attitude in one sentence:

        <b>F--- You if you can not take a joke!</b>

        Because you are <u>s--- out of luck</u>.

        To those who have done their best to 1) get this customer abandonment publicized, and 2) attempt to assist people who systems have been affected; Apple users owe you a debt of gratitude.

        To those who use Apple computers, beware, the target on your back has gotten larger.
      • RE: Apple continues to tell support reps: do not help with Mac malware

        @everyone responding to james347
        Don't be feeding the trolls. He's a spiteful id-10-T... Clueless to the end and living in his own little world.

        Might have been better if you merged those two sentences into one:

        "F--- You if you can't take a joke, because you are [u]s--- out of luck[/u]."