Apple to support reps: "Do not attempt to remove malware"

Apple to support reps: "Do not attempt to remove malware"

Summary: A confidential internal Apple document tells the company's front-line support people how to handle customers who call about malware infections: Don't confirm or deny that an infection exists, and whatever you do, don't try to remove it. See for yourself.

SHARE:

Apple is actively conducting an internal investigation into the Mac Defender malware attack I wrote about yesterday (here and here). An internal document with a Last Modified date of Monday, May 16, 2011 notes that this is an “Issue/Investigation In Progress.”

The document (shown below) provides specific instructions for support personnel to follow when dealing with a customer who has called AppleCare to request help with this specific attack.

There are two different resolution paths, depending on whether the customer says Mac Defender / Mac Security has or has not been installed.

According to this document, if the caller says he or she has not installed the software, the support rep should “suggest they quit the installer and delete the software immediately.” That is followed by this disclaimer:

AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer’s Mac is infected or not.

If the software is already installed, support personnel are instructed to make sure all security updates have been installed using Software Update. They are then to direct the customer to the “What is Malware?” Help document using Finder. The final step is clear:

Explain that Apple does not make recommendations for specific software to assist in removing malware. The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options.

Finally, that is followed by these four bullet points.

Important:

  • Do not confirm or deny that any such software has been installed.
  • Do not attempt to remove or uninstall any malware software.
  • Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
  • Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.

Apple has not responded to a request for comment on the ongoing Mac Defender attack or this policy.

How do Apple’s competitors handle Windows malware infections?

Microsoft provides free telephone support for security issues to all customers, regardless of whether the software was purchased at retail or as part of a new PC. Microsoft Support Article 129972 (last updated May 17, 2011) contains these instructions:

How to obtain computer virus and security-related support

For United States and Canada

The computer safety team is available for computer virus and for other security-related support 24 hours a day in the United States and in Canada.

To obtain computer virus and security-related support, follow these steps:

  1. Before you contact a support engineer, make sure that you run updated antivirus software and updated spyware removal software on the infected computer.For more information about how to obtain a free computer safety scan, visit the following Microsoft Web site: http://www.microsoft.com/security/scanner/(http://www.microsoft.com/security/scanner/) For more information about antispyware software, visit the following Microsoft Web site:http://www.microsoft.com/protect/computer/spyware/as.mspx(http://www.microsoft.com/protect/computer/spyware/as.mspx)
  2. Call 1-866-PCSAFETY or call 1-866-727-2338 to contact security support.

For locations outside North America

To obtain computer virus and security-related support for locations outside North America, visit the following Microsoft Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4

A page at Microsoft’s Security TechCenter includes similar information for security professionals.

Dell directs customers to third-party security software partners for removal. It also offers paid malware removal services for $129 (phone) or $229 (in person). The service uses the tag line “No fix. No fee.”

HP provides a similar paid service. “Virus and spyware removal” are included in the services offered with the HP PC Tune-up Service. It’s available for a one-time fee of $99 or a monthly subscription fee of $10.

Topics: Software, Apple, CXO, Hardware, Malware, Microsoft, Security, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

444 comments
Log in or register to join the discussion
  • Makes Sense

    Would an OS manufacturer help remove a virus? I wouldn't expect them to. Its not like its their fault. Would you Apple haters expect Microsoft to help remove XP Antivirus, or the various scareware out there for windows right now?

    Note I am saying scareware. Malware that gets into windows through known vulnerabilities is another whole story.
    TBone2k
    • Did you actually READ the post?

      @TBone2k

      For heaven's sakes. I actually published Microsoft's policy (free support for removal of this sort of malware) as well as those of Dell and HP.

      All you had to do was read to the end.

      Sheesh.
      Ed Bott
      • RE: Apple to support reps:

        @Ed Bott That is what I was thinking! He got so upset when he realized the King had no clothes that he didn't even bother to read your article!
        slickjim
      • RE: Apple to support reps:

        @Ed Bott Hey Ed, the Apple Care rep you supposedly talked/exchanged with yesterday or the day before said it was easy to remove this malware but you didn't report how to do it. That's unethical. Don't tell me you didn't follow up and ask how its done. If so then your "mission" here seems malicious to me.<br><br>Update: Ed added a link to remove the malware, but he didn't include it when he originally published the "Applecare" article. I've come to expect this type of behavior from ZDnet as some of their other authors do the exact same thing. Print something inflammatory and then correct it later with no admission of the correction.

        Update 2: Now the link is gone. Hmmmm......
        kent42
      • RE: Apple to support reps:

        @Ed Bott
        Try to call Microsoft and tell them that you gave your root password to install a program that screwed your system, and then report back what they say. The thing you miss, is that these are not programs getting in because the system security is inferior; these are people giving their root password to an install program, and nowhere in any of these policies or in real life will you get help for that.
        RedVeg
      • RE: Apple to support reps:

        @Ed Bott
        LOL
        mikroland
      • RE: Apple to support reps:

        @kent42 Wrong! he gave a link in the blog, another case of non-reading!!!
        silentblue
      • RE: Apple to support reps:

        @Ed Bott

        With the history of Microsoft and malware, they kind of owe it to their customers to look after them.

        If this becomes a pervasive problem for Apple, I am sure that they will provide solutions. Their history of supporting their customers is rather better than that of Microsoft.

        It is interesting, Ed, you seem to be writing more stories about Apple than Microsoft these days. Have you got nothing good to say about Microsoft, so you feel the need to spread bad news about Apple?

        ps. I run Windows and Mac OS X machines every day and have never been affected on the latter. Similarly, I have regularly had to help people with their infected Windows machines, but never Macs. Perhaps, that is about to change, but I am not seeing it yet.
        jorjitop
      • RE: Apple to support reps:

        @Ed Bott - Why do people buy all sorts of Malware/Virus protection then? Why not just let your computer get infected with thousands of evil programs, and then call Microsoft and say, "fix it for me?"

        I suspect the answer is Microsoft will tell you to get lost.
        Wade Williams
      • Yet another one who didn't finish reading the article...

        @Wade Williams
        Geeze. You obviously didn't read the 2nd half of the post either.

        To recap: Microsoft does provide a toll free number for helping people get rid of various infections. 1-866-PCSAFETY and it's available 24/7 in the US and Canada.

        Btw.. Most systems don't get infested with "thousands" of evil programs. A system with "thousands" of evil programs would likely stop working long before you got anywhere near 100 of said malware. It would run out of resources long before you even got close.
        Wolfie2K3
      • I applaud you on your efforts here....

        @Ed Bott .... finally, Apple is seeing the truth in virus/malware infections can affect all OS including OSX. Given the right conditions, all OS will fall victum to all virus and malware activity.

        One thing people dont realise is Windows 7 is just as secure as OSX. it is the user that allows things to be installed and if setup correctly, no malware or virus activity will ever get thru any OS.

        No OS can stop the user allowing access to the mission critical files of any OS. Apple is seeing this to be true with the latest malware/virus attack.

        The more Apple denies this to be be true, the more malware and virus attacks will continue. :)
        dtroyerSMU
      • RE: Apple to support reps:

        @Ed Bott He was drunk on apple juice therefore could not read it! Cut him some slack ED! LOL
        MisstreeGB
      • Well Duh!

        @Ed Bott

        Of course Apple is not an "anti-virus" (note: in quotes because there are NO Mac viruses) service.

        Again, Mac Defender is NOT a virus.

        There are many great freeware anti-malware utilities for Mac OS X. One of the best is ClamXav.

        There's even a free MacDefenderKiller trojan removal program designed specifically for those who were dumb enough to install Mac Defender on their Mac.

        Ed, you as a Windows user might think that the "sky is falling" for Mac users, but nothing is further from the truth. Mac OS X has ALWAYS been free of viruses... as opposed to Windows which has hundreds of thousands of viruses and new ones coming each day.

        It's quite obvious that your "Microsoft Report" articles about Mac Defender are not aimed at Mac users (who know that the sky is NOT falling) but is instead aimed at your Windows-using readers.

        By trying to paint Macs as being in the same league as Windows PCs, it seems your goal is to placate Windows users (and yourself) by distracting them from the real, unjustifiable problems caused by Windows' terrible security.

        Like a cheap magician, you get your audience to look at a diversion you created, in order that they don't focus on what is REALLY going on. ;-)
        Harvey Lubin
      • Message has been deleted.

        i8thecat2
      • RE: Apple to support reps:

        @jorjitop,

        "With the history of Microsoft and malware, they kind of owe it to their customers to look after them."

        Apple doesn't?

        "If this becomes a pervasive problem for Apple, I am sure that they will provide solutions. Their history of supporting their customers is rather better than that of Microsoft."

        If Apple waits for malware to become a problem, they will suffer the same fate as Microsoft. There is a lot of speculation on why OS X hasn't seen the number of malware attacks as Windows. However, the latest pwn2own contest had MacBook/Safari combo falling first. I won't say that this means OS X is any less secure then Windows, but it certainly isn't invulnerable.

        "It is interesting, Ed, you seem to be writing more stories about Apple than Microsoft these days. Have you got nothing good to say about Microsoft, so you feel the need to spread bad news about Apple?"

        Fair enough. I think the forums in general could be come a better place without stoking some flame wars. However, Ed is certainly not the only guy on ZDNet that does this.
        bmonsterman
      • RE: Apple to support reps:

        So why isn't the article titled "No computer manufactures or OS publishers provide free malware removal"
        john_gillespie@...
      • Please read to the end of the post

        @john_gillespie

        There at the bottom. See that part about Microsoft providing free support for security issues? Your title would be inaccurate.
        Ed Bott
      • Sure hate losing, don't you i8thecat2?

        @Ed Bott
        Seriouslly, Special Eddie? Like the mentally challenged are just some sort of joke for you to make fun of?

        So you don't like the message, then close your eyes and wear earmuffs so you don't have to deal with it.

        That won't make it go away, but at the very least you will be happy it isn't happening.
        John Zern
      • RE: Apple to support reps:

        @Ed Bott:
        Microsoft has a toll free call for "access to the security team," but that does NOT mean "free removal of the virus."

        If you want to be accurate, get a PC infected and call the team, then report your experience. Do they walk through removal of the virus for free? Do they connect to you and remove it themselves for free? Do they charge for the service? Do they refer you to a third party?

        Saying "Free support for removal of this sort of malware" without fact to back it up (a toll free number is not "free support for removal") is a bit misleading.

        I suspect you'll find something similar to Dell or HP's practice - "We'll remove for a fee (probably $100+,) or you can go talk to these guys."
        egmccann
      • Better data

        @Ed Bott Here is a link to the Small Dog Electronics (Apple vendor) blog that explains in detail what Mac Defender is (a trick site to get your credit card number if, and only if, you type in your admin password) and exactly how to care for it. Good data to share, as opposed to all the juvenile bile-spewing that follows...
        http://blog.smalldog.com/techtails/tt767/
        frabjous