You have malware on your Mac and you call Apple support ... what happens next?

You have malware on your Mac and you call Apple support ... what happens next?

Summary: So, what happens when your Mac gets a dose of malware and you phone up Apple tech support?

SHARE:
89

So, what happens when your Mac gets a dose of malware and you phone up Apple tech support?

Earlier today my ZDNet blogging colleague Ed Bott posted up an Apple internal policy document outlining how Apple advises support staff to deal with Mac owners phoning in with malware issues.

But how does this translate into the real world? What kind of help does Apple actually offer those in need? Is it useful? Does it work? Does it make Mac users safer?

That's what I set out to discover.

Note: I'm in the UK, and the support call was made to UK Apple Support, which seems to go through to Apple's Support Center in Cork, Ireland.

Also, at no point during this conversation did I give the support rep any indication that I was anything more than someone with Mac Defender on their computer.

While on the face of it Apple's internal guidelines might seem harsh, in reality the steps offered up are more than adequate and would get the problem solved. Also, Mac owners would be protected from future malware, whereas just helping them remove Mac Defender would leave them open to future problems.Mac Defender, the Mac OS X Trojan malware currently in the news is a pretty benign thing. It wouldn't really bother me installing this onto any of my Mac systems but I'd first have to disable my antivirus protection (Sophos Anti-Virus for Mac Home Edition), install the beastie, then clean up afterwards. Not worth the trouble when the symptoms of Mac Defender are so easy to fake. It brings up a screenshot.

It also helped that I have a Mac that's still eligible for free phone support (90 days in the US, a whole year here in the UK ... ;), otherwise I'd have had to pay for either AppleCare or for a one-off incident ($49 in the US, £35 in the UK).

So I dialed the number, went through the whole "press this, press that, press the other" rigmarole and was quickly put through to a cheery support technician. Since this was the first time that I'd contacted Apple about this Mac (in fact, this is the first time that I'd contacted Apple Support about anything Mac related) they needed a bunch of details from me.

With that out of the way, we get down to business ...

"So, what's the problem?"

I explain the "fake" situation ... and very convincingly I might add.

"What you have there is a fake. It's a program that tries to scam people."

BINGO! This guy knows his stuff.

"It's something that you have installed on the computer."

Another hit. I've not seen an example of a drive-by Mac Defender infection, so it's true that it has been installed on the system.

"You get it from searching for images on Google and clicking on a bad link - called a poisoned result."

Another direct hit. I'm not sure how much this would mean to the average user (I did my best to sound like this was new to me) but it sounds (and is for that matter) a reasonably knowledgeable answer.

"The best thing for you to do is to invest in an antivirus program."

At this point I was going to start making noises about the word "investing" and how I wasn't keen on "investing" any cash on the problem but the tech support guy had more to say ...

"To put your mind at ease there, I know I've used the word antivirus there this is not a virus. It doesn't actually cause any damage to your computer. What it does is tell you that you have viruses when you don't."

The tech support guy then goes on to list a number of companies that offer antivirus for the Mac - McAfee, Kaspersky, Norton, Intego, Sophos - and that I could find software by searching for the word "virus" in the Mac App Store(!).

I pointed out that I wasn't feeling all that flush with cash (what with having bought a Mac mini and all), and asked if there was any way to get rid of "this Mac Defender thing" without paying.

"Some of them are free."

He then goes on to list a number of free antivirus solutions - Intego VirusBarrier Express (available from the Mac App Store), Sophos, ClamXav. He then admits to running free antivirus on his Mac at home but points out to me that one of the advantages of a paid-for solution is that you get technical support with the purchase.

"I'd give one of the free products a go."

Again, sound advice. All the products he mentioned are capable of dealing with Mac Defender.

But why can't Apple help me remove this malware?

"Because there's no guarantee of removing it completely from the applications. It won't damage the system but it could come back."

Now, it is possible to manually remove Mac Defender from a system without the help of antivirus program, but it's not a one-click thing. While I (and I'm sure most of you out there reading this) wouldn't have a problem removing Mac Defender, I can in some way understand why Apple doesn't want to start hand-holding people through the process. People know how to install a program (after all, it's what got them into trouble in the first place), so the easiest solution is to tell them to install something else.

I then raised the point ... as delicately as I could ... of Macs having viruses.

"It's not that they don't have viruses, it's just that they are rare. It's nearly impossible to get one. There aren't viruses, they're Trojans, programs that say they do one thing and do something else."

Makes sense.

"We do urge people to try to maintain some for of antivirus on their computer. While with Mac you're far less likely to get a virus than on Windows it's a good idea."

Another good point. Shame Apple makes this sort of info hard to find.

So, this Mac malware stuff, is it common?

"We've only started hearing about it over the past few weeks. We've not been inundated by it or anything but we were made aware of it and we've been urging people to get antivirus installed for their own piece of mind. I do agree with the statement that Mac is more secure than Windows. The way the operating system does often require your password to do a lot. Sometimes with earlier versions of Windows things would just install."

He's now on a roll ...

"There's also no real known viruses for Mac ... what a virus is a program that installs itself, replicates itself and does damage."

And then the close ...

"Get an antivirus program. Install it. Get rid of this thing and then keep the antivirus program installed and just for your own benefit give the system a scan every so often."

I really can't argue with that.

Note: I didn't have to press the tech support rep for any of this information - all of it was offered up freely. I didn't get the feeling that there was any pressure on the technician not to speak freely about the problem.

follow Adrian Kingsley-Hughes on TwitterBottom line, I have to say that if I'd phone up Apple with a genuine Mac Defender problem I would have come away there with both a solution to the problem and a prophylaxis to help prevent future problems. While on the face of it Apple's internal guidelines might seem harsh, in reality the steps offered up are more than adequate and would get the problem solved. Also, Mac owners would be protected from future malware, whereas just helping them remove Mac Defender would leave them open to future problems.

Topics: Malware, Apple, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

89 comments
Log in or register to join the discussion
  • Wow

    Maybe Ed needs an updated memo.
    oncall
    • Edwards' memo made of three-fonts pieces, so there is no problem to update

      @oncall: ... it due to suspectable genuinity.
      DDERSSS
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @denisrs Yes, it's all a conspiracy cooked up at Area 51.
        jgm@...
    • RE: You have malware on your Mac and you call Apple support ... what happens next?

      @oncall Trojan today and drive by malware tomorrow!! You only need to exploit a hole in flash etc. to make it work!!
      jatbains
      • I'm not interested

        @jatbains

        In rehashing the whole umpteenth thousand forum posts you guys got going on Mac and malware. The point is Ed is out shouting from the rooftops how Apple is denying and being deliberately unhelpful based upon a leaked memo of questionable legitimacy, while Adrian actually did the homework of getting on the phone and confirming what Apple is actually doing and analyzing it rationally. Again good job Adrian.
        oncall
      • huh?

        @jatbains

        Except you have to put in your password for it to install. One would hope you are smart enough to say "Hey, I never asked for this" and hit cancel.
        itguy08
      • Wanna bet?

        @itguy08:

        Do you honestly think most Mac users are that savvy?
        Joe_Raby
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @itguy08

        You obviously have very limited experience dealing with the general, non-tech-knowledgeable public. By definition they "know" very little and it can be easy for those of us who do know a lot to take for granted how much effort went into acquiring that knowledge.

        Also, assuming the general public is smart is a huge mistake.
        donniebnyc666
      • Oh... Really?

        @itguy08
        [b]Except you have to put in your password for it to install. One would hope you are smart enough to say "Hey, I never asked for this" and hit cancel. [/b]

        Funny thing about that... At the last Pwn2Own fest, the Mac was Pwned by a vulnerability in Safari that allowed the machine to be taken down in < 2 minutes, and [u]without[/u] a password. All they had to do was navigate to the infected web page and BLAM! - it was over.
        Wolfie2K3
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @jatbains There is no "causal link" in these, today a trojan, doesn't tell us anything about tomorrow - that's just flawed thinking.
        jeremychappell
    • Or this guy didn't get the memo

      @oncall
      though he might get a pink slip once Steve Jobs reads this... ;)
      John Zern
      • Well if were into conspiracy theories

        @John Zern

        Maybe the memo was a plant and the guy who leaked it should be worried about his job ;)
        oncall
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @oncall
        Apple has done that before, I know because I had to go help clean up the aftermath. Given the unusual amount of detail already posted on this issue, you could very well be right.
        use_what_works_4_U
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @John Zern
        Truthfully, I've worked in call centers before, and generally 'advice' from 'the client' telling you not to help customers are usually ignored, and you can get away with it depending on how well you document what you did. Experienced reps tend to 'bend' the rules when necessary to help the customer, only the newbies follow the rules to the letter.

        I never worked for Apple, but I doubt it's much different from any other big company: the most important thing isn't upholding policy but keeping the customer happy.
        Doctor Demento
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @Doctor Demento

        "Experienced reps tend to 'bend' the rules when necessary to help the customer, only the newbies follow the rules to the letter."


        No, experienced reps follow the rules because that's their job. You've obviously never advanced very far in the corporate structure, have you? People like you don't get promoted. They get fired. For not following policies.
        GanjaSoldier
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @Doctor Demento

        [i]only the newbies follow the rules to the letter.[/i]

        And every rep in India. Those guys and gals never deviate from the script. That's why I always request stateside support.



        :)




        :)
        none none
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @none none The worst I have ever dealt with was Intuit's call center based in India. Every time I got to the point that I had reached the end of their script of ideas they would ask if they could put me on hold to discuss the issue with a manager, would go on hold for a few seconds then get disconnected. Would have to call back, start over from the beginning and work to the end of the script and hang up again. This happened at least a half dozen times before I demanded to speak with a rep based in the US.
        non-biased
    • And what are you supposed to be?

      @itguy08
      an MS expert? You post on every MS article he writes, of course all negative to MS and and Ed because he dares to offer proof that contridicts the ABMers.
      Will Pharaoh
      • RE: You have malware on your Mac and you call Apple support ... what happens next?

        @Will Pharaoh Ed posted a recap of his supposed conversations with a support rep and a supposed memo, neither of which are proof of anything at all. Not saying that either one are fake but they aren't proof of anything either. I could post a supposed memo from Google stating they created the trojan found in the Google Image Search to hurt Apple but that doesn't make it true.
        non-biased
    • Why? Sounds exactly like what Ed reported.

      @oncall
      Adrian asks the Apple rep:
      "But why can?t Apple help me remove this malware?"

      The Apple rep says:

      ?Because there?s no guarantee of removing it completely from the applications. It won?t damage the system but it could come back.?

      Ed says Apples policy is:
      "The document contains detailed instructions from ?the client? (Apple) that the firm?s employees must follow when dealing with calls from customers asking for help with Mac Defender issues...

      ...The end of the document includes a list of ?Things you must never do according to the client.? The list of prohibited actions includes all of the steps required to clean a Mac Defender infection"

      Further Ed's report on Apple policy says the rep will advise:

      ?Apple?s [sic] doesn?t recommend or guarantee any specific third part [sic] anti-virus protection over another. However I can suggest several third party virus protection programs that you may want to consider researching to find the best one for your needs.?

      Bottom line is so far Adrians article shows Ed hit the nail right on the head so to speak.

      While you may or may not think that Apples response is sufficient, and its fair comment for sure to put up an argument either way, there certainly isn't a discrepancy between what Ed has reported and what Adrian has reported.

      Adrian seems to be saying that he felt perfectly fine with the Apple reps response and thats great. Eds report seemed to be far more concerned that the Apple reps could be more helpful but were under orders not to be and for Ed thats not the best way. No problem. But I see no need for Ed to look for a new memo from Apple as they appear to be following suit just fine.
      Cayble