So, what happens when your Mac gets a dose of malware and you phone up Apple tech support?
Earlier today my ZDNet blogging colleague Ed Bott posted up an Apple internal policy document outlining how Apple advises support staff to deal with Mac owners phoning in with malware issues.
But how does this translate into the real world? What kind of help does Apple actually offer those in need? Is it useful? Does it work? Does it make Mac users safer?
That's what I set out to discover.
Note: I'm in the UK, and the support call was made to UK Apple Support, which seems to go through to Apple's Support Center in Cork, Ireland.
Also, at no point during this conversation did I give the support rep any indication that I was anything more than someone with Mac Defender on their computer.
While on the face of it Apple's internal guidelines might seem harsh, in reality the steps offered up are more than adequate and would get the problem solved. Also, Mac owners would be protected from future malware, whereas just helping them remove Mac Defender would leave them open to future problems.Mac Defender, the Mac OS X Trojan malware currently in the news is a pretty benign thing. It wouldn't really bother me installing this onto any of my Mac systems but I'd first have to disable my antivirus protection (Sophos Anti-Virus for Mac Home Edition), install the beastie, then clean up afterwards. Not worth the trouble when the symptoms of Mac Defender are so easy to fake. It brings up a screenshot.
It also helped that I have a Mac that's still eligible for free phone support (90 days in the US, a whole year here in the UK ... ;), otherwise I'd have had to pay for either AppleCare or for a one-off incident ($49 in the US, £35 in the UK).
So I dialed the number, went through the whole "press this, press that, press the other" rigmarole and was quickly put through to a cheery support technician. Since this was the first time that I'd contacted Apple about this Mac (in fact, this is the first time that I'd contacted Apple Support about anything Mac related) they needed a bunch of details from me.
With that out of the way, we get down to business ...
"So, what's the problem?"
I explain the "fake" situation ... and very convincingly I might add.
"What you have there is a fake. It's a program that tries to scam people."
BINGO! This guy knows his stuff.
"It's something that you have installed on the computer."
Another hit. I've not seen an example of a drive-by Mac Defender infection, so it's true that it has been installed on the system.
"You get it from searching for images on Google and clicking on a bad link - called a poisoned result."
Another direct hit. I'm not sure how much this would mean to the average user (I did my best to sound like this was new to me) but it sounds (and is for that matter) a reasonably knowledgeable answer.
"The best thing for you to do is to invest in an antivirus program."
At this point I was going to start making noises about the word "investing" and how I wasn't keen on "investing" any cash on the problem but the tech support guy had more to say ...
"To put your mind at ease there, I know I've used the word antivirus there this is not a virus. It doesn't actually cause any damage to your computer. What it does is tell you that you have viruses when you don't."
The tech support guy then goes on to list a number of companies that offer antivirus for the Mac - McAfee, Kaspersky, Norton, Intego, Sophos - and that I could find software by searching for the word "virus" in the Mac App Store(!).
I pointed out that I wasn't feeling all that flush with cash (what with having bought a Mac mini and all), and asked if there was any way to get rid of "this Mac Defender thing" without paying.
"Some of them are free."
He then goes on to list a number of free antivirus solutions - Intego VirusBarrier Express (available from the Mac App Store), Sophos, ClamXav. He then admits to running free antivirus on his Mac at home but points out to me that one of the advantages of a paid-for solution is that you get technical support with the purchase.
"I'd give one of the free products a go."
Again, sound advice. All the products he mentioned are capable of dealing with Mac Defender.
But why can't Apple help me remove this malware?
"Because there's no guarantee of removing it completely from the applications. It won't damage the system but it could come back."
Now, it is possible to manually remove Mac Defender from a system without the help of antivirus program, but it's not a one-click thing. While I (and I'm sure most of you out there reading this) wouldn't have a problem removing Mac Defender, I can in some way understand why Apple doesn't want to start hand-holding people through the process. People know how to install a program (after all, it's what got them into trouble in the first place), so the easiest solution is to tell them to install something else.
I then raised the point ... as delicately as I could ... of Macs having viruses.
"It's not that they don't have viruses, it's just that they are rare. It's nearly impossible to get one. There aren't viruses, they're Trojans, programs that say they do one thing and do something else."
"We do urge people to try to maintain some for of antivirus on their computer. While with Mac you're far less likely to get a virus than on Windows it's a good idea."
Another good point. Shame Apple makes this sort of info hard to find.
So, this Mac malware stuff, is it common?
"We've only started hearing about it over the past few weeks. We've not been inundated by it or anything but we were made aware of it and we've been urging people to get antivirus installed for their own piece of mind. I do agree with the statement that Mac is more secure than Windows. The way the operating system does often require your password to do a lot. Sometimes with earlier versions of Windows things would just install."
He's now on a roll ...
"There's also no real known viruses for Mac ... what a virus is a program that installs itself, replicates itself and does damage."
And then the close ...
"Get an antivirus program. Install it. Get rid of this thing and then keep the antivirus program installed and just for your own benefit give the system a scan every so often."
I really can't argue with that.
Note: I didn't have to press the tech support rep for any of this information - all of it was offered up freely. I didn't get the feeling that there was any pressure on the technician not to speak freely about the problem.
Bottom line, I have to say that if I'd phone up Apple with a genuine Mac Defender problem I would have come away there with both a solution to the problem and a prophylaxis to help prevent future problems. While on the face of it Apple's internal guidelines might seem harsh, in reality the steps offered up are more than adequate and would get the problem solved. Also, Mac owners would be protected from future malware, whereas just helping them remove Mac Defender would leave them open to future problems.