The Ed Bott Report

Ed Bott
Home / News & Blogs / The Ed Bott Report

Apple to support reps: "Do not attempt to remove malware"

By | May 19, 2011, 5:00am PDT

Summary: A confidential internal Apple document tells the company’s front-line support people how to handle customers who call about malware infections: Don’t confirm or deny that an infection exists, and whatever you do, don’t try to remove it. See for yourself.

Apple is actively conducting an internal investigation into the Mac Defender malware attack I wrote about yesterday (here and here). An internal document with a Last Modified date of Monday, May 16, 2011 notes that this is an “Issue/Investigation In Progress.”

The document (shown below) provides specific instructions for support personnel to follow when dealing with a customer who has called AppleCare to request help with this specific attack.

There are two different resolution paths, depending on whether the customer says Mac Defender / Mac Security has or has not been installed.

According to this document, if the caller says he or she has not installed the software, the support rep should “suggest they quit the installer and delete the software immediately.” That is followed by this disclaimer:

AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer’s Mac is infected or not.

If the software is already installed, support personnel are instructed to make sure all security updates have been installed using Software Update. They are then to direct the customer to the “What is Malware?” Help document using Finder. The final step is clear:

Explain that Apple does not make recommendations for specific software to assist in removing malware. The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options.

Finally, that is followed by these four bullet points.

Important:

  • Do not confirm or deny that any such software has been installed.
  • Do not attempt to remove or uninstall any malware software.
  • Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
  • Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.

Apple has not responded to a request for comment on the ongoing Mac Defender attack or this policy.

How do Apple’s competitors handle Windows malware infections?

Microsoft provides free telephone support for security issues to all customers, regardless of whether the software was purchased at retail or as part of a new PC. Microsoft Support Article 129972 (last updated May 17, 2011) contains these instructions:

How to obtain computer virus and security-related support

For United States and Canada

The computer safety team is available for computer virus and for other security-related support 24 hours a day in the United States and in Canada.

To obtain computer virus and security-related support, follow these steps:

  1. Before you contact a support engineer, make sure that you run updated antivirus software and updated spyware removal software on the infected computer.For more information about how to obtain a free computer safety scan, visit the following Microsoft Web site: http://www.microsoft.com/security/scanner/(http://www.microsoft.com/security/scanner/) For more information about antispyware software, visit the following Microsoft Web site:http://www.microsoft.com/protect/computer/spyware/as.mspx(http://www.microsoft.com/protect/computer/spyware/as.mspx)
  2. Call 1-866-PCSAFETY or call 1-866-727-2338 to contact security support.

For locations outside North America

To obtain computer virus and security-related support for locations outside North America, visit the following Microsoft Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4

A page at Microsoft’s Security TechCenter includes similar information for security professionals.

Dell directs customers to third-party security software partners for removal. It also offers paid malware removal services for $129 (phone) or $229 (in person). The service uses the tag line “No fix. No fee.”

HP provides a similar paid service. “Virus and spyware removal” are included in the services offered with the HP PC Tune-up Service. It’s available for a one-time fee of $99 or a monthly subscription fee of $10.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “The Ed Bott Report”

Topics

Software, Computer Virus, Malware, Apple Inc., Microsoft Corp., Computer, Spyware, Adware & Malware, Cyberthreats, Tools & Techniques, Security, Viruses And Worms, Management, Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.

Disclosure

Ed Bott

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.

Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books are currently distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press.

On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.

Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMWare. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.

Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Biography

Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

Talkback Most Recent of 452 Talkback(s)

  • Makes Sense
    Would an OS manufacturer help remove a virus? I wouldn't expect them to. Its not like its their fault. Would you Apple haters expect Microsoft to help remove XP Antivirus, or the various scareware out there for windows right now?

    Note I am saying scareware. Malware that gets into windows through known vulnerabilities is another whole story.
    ZDNet Gravatar
    TBone2k
    19th May

  • ZDNet Blogger

    Did you actually READ the post?
    @TBone2k

    For heaven's sakes. I actually published Microsoft's policy (free support for removal of this sort of malware) as well as those of Dell and HP.

    All you had to do was read to the end.

    Sheesh.
    ZDNet Gravatar
    Ed Bott
    19th May
  • RE: Apple to support reps:
    @Ed Bott That is what I was thinking! He got so upset when he realized the King had no clothes that he didn't even bother to read your article!
    ZDNet Gravatar
    Peter Perry
    19th May
    • Flagged
  • RE: Apple to support reps:
    @Ed Bott Hey Ed, the Apple Care rep you supposedly talked/exchanged with yesterday or the day before said it was easy to remove this malware but you didn't report how to do it. That's unethical. Don't tell me you didn't follow up and ask how its done. If so then your "mission" here seems malicious to me.

    Update: Ed added a link to remove the malware, but he didn't include it when he originally published the "Applecare" article. I've come to expect this type of behavior from ZDnet as some of their other authors do the exact same thing. Print something inflammatory and then correct it later with no admission of the correction.

    Update 2: Now the link is gone. Hmmmm......
    ZDNet Gravatar
    kent42
    19th May
    • Flagged
  • RE: Apple to support reps:
    @Ed Bott
    Try to call Microsoft and tell them that you gave your root password to install a program that screwed your system, and then report back what they say. The thing you miss, is that these are not programs getting in because the system security is inferior; these are people giving their root password to an install program, and nowhere in any of these policies or in real life will you get help for that.
    ZDNet Gravatar
    RedVeg
    19th May
    • Flagged
  • RE: Apple to support reps:
    @Ed Bott
    LOL
    ZDNet Gravatar
    mikroland
    19th May
    • Flagged
  • RE: Apple to support reps:
    @kent42 Wrong! he gave a link in the blog, another case of non-reading!!!
    ZDNet Gravatar
    silentblue
    19th May
    • Flagged
  • RE: Apple to support reps:
    @Ed Bott

    With the history of Microsoft and malware, they kind of owe it to their customers to look after them.

    If this becomes a pervasive problem for Apple, I am sure that they will provide solutions. Their history of supporting their customers is rather better than that of Microsoft.

    It is interesting, Ed, you seem to be writing more stories about Apple than Microsoft these days. Have you got nothing good to say about Microsoft, so you feel the need to spread bad news about Apple?

    ps. I run Windows and Mac OS X machines every day and have never been affected on the latter. Similarly, I have regularly had to help people with their infected Windows machines, but never Macs. Perhaps, that is about to change, but I am not seeing it yet.
    ZDNet Gravatar
    jorjitop
    19th May
    • Flagged
  • RE: Apple to support reps:
    @Ed Bott - Why do people buy all sorts of Malware/Virus protection then? Why not just let your computer get infected with thousands of evil programs, and then call Microsoft and say, "fix it for me?"

    I suspect the answer is Microsoft will tell you to get lost.
    ZDNet Gravatar
    Wade Williams
    19th May
    • Flagged
  • Yet another one who didn't finish reading the article...
    @Wade Williams
    Geeze. You obviously didn't read the 2nd half of the post either.

    To recap: Microsoft does provide a toll free number for helping people get rid of various infections. 1-866-PCSAFETY and it's available 24/7 in the US and Canada.

    Btw.. Most systems don't get infested with "thousands" of evil programs. A system with "thousands" of evil programs would likely stop working long before you got anywhere near 100 of said malware. It would run out of resources long before you even got close.
    ZDNet Gravatar
    Wolfie2K3
    19th May
    • Flagged
  • I applaud you on your efforts here....
    @Ed Bott .... finally, Apple is seeing the truth in virus/malware infections can affect all OS including OSX. Given the right conditions, all OS will fall victum to all virus and malware activity.

    One thing people dont realise is Windows 7 is just as secure as OSX. it is the user that allows things to be installed and if setup correctly, no malware or virus activity will ever get thru any OS.

    No OS can stop the user allowing access to the mission critical files of any OS. Apple is seeing this to be true with the latest malware/virus attack.

    The more Apple denies this to be be true, the more malware and virus attacks will continue. happy
    ZDNet Gravatar
    dtroyerSMU
    19th May
    • Flagged
  • RE: Apple to support reps:
    @Ed Bott He was drunk on apple juice therefore could not read it! Cut him some slack ED! LOL
    ZDNet Gravatar
    MisstreeGB
    19th May
    • Flagged
  • Well Duh!
    @Ed Bott

    Of course Apple is not an "anti-virus" (note: in quotes because there are NO Mac viruses) service.

    Again, Mac Defender is NOT a virus.

    There are many great freeware anti-malware utilities for Mac OS X. One of the best is ClamXav.

    There's even a free MacDefenderKiller trojan removal program designed specifically for those who were dumb enough to install Mac Defender on their Mac.

    Ed, you as a Windows user might think that the "sky is falling" for Mac users, but nothing is further from the truth. Mac OS X has ALWAYS been free of viruses... as opposed to Windows which has hundreds of thousands of viruses and new ones coming each day.

    It's quite obvious that your "Microsoft Report" articles about Mac Defender are not aimed at Mac users (who know that the sky is NOT falling) but is instead aimed at your Windows-using readers.

    By trying to paint Macs as being in the same league as Windows PCs, it seems your goal is to placate Windows users (and yourself) by distracting them from the real, unjustifiable problems caused by Windows' terrible security.

    Like a cheap magician, you get your audience to look at a diversion you created, in order that they don't focus on what is REALLY going on. wink
    ZDNet Gravatar
    Harvey Lubin
    19th May
    • Flagged
  • Message has been deleted.
    ZDNet Gravatar
    i8thecat2
    20th May
    • Flagged
  • RE: Apple to support reps:
    @jorjitop,

    "With the history of Microsoft and malware, they kind of owe it to their customers to look after them."

    Apple doesn't?

    "If this becomes a pervasive problem for Apple, I am sure that they will provide solutions. Their history of supporting their customers is rather better than that of Microsoft."

    If Apple waits for malware to become a problem, they will suffer the same fate as Microsoft. There is a lot of speculation on why OS X hasn't seen the number of malware attacks as Windows. However, the latest pwn2own contest had MacBook/Safari combo falling first. I won't say that this means OS X is any less secure then Windows, but it certainly isn't invulnerable.

    "It is interesting, Ed, you seem to be writing more stories about Apple than Microsoft these days. Have you got nothing good to say about Microsoft, so you feel the need to spread bad news about Apple?"

    Fair enough. I think the forums in general could be come a better place without stoking some flame wars. However, Ed is certainly not the only guy on ZDNet that does this.
    ZDNet Gravatar
    bmonsterman
    19th May
    • Flagged
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources