Apple continues to tell support reps: do not help with Mac malware

Apple continues to maintain a public silence on the current outbreak of Mac malware, which may have affected more than 60,000 Mac owners. Meanwhile, a leaked document from an Apple call center confirms that the company continues to refuse any help to affected customers.
Written by Ed Bott, Senior Contributing Editor

Update May 24, 4:30PM PDT: Apple has now posted a support article on its website: How to avoid or remove Mac Defender malware. A note at the top of the article says:

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

How is Apple responding to the flood of customer calls about installations of the Mac Defender malware?

According to multiple tech support insiders, the company has doubled down on its policy of denying any help to affected customers. Meanwhile, despite evidence that a large number of customers have been affected by this issue, Apple has made no public statement and did not respond to two requests for comment.

My sources tell me call volume for Mac Defender-related issues continues to be high. One AppleCare support agent told me last week that 50% of calls in the previous week were related to this issue. A rep in a different location confirmed that number but said volume had dropped this week:

In the first days after Intego identified the issue I would say 50-60% of calls were driven by Mac Defender.

Now still within the 20-25% range....I think Google may be getting a handle on the gamed SEO placements and poisoned links that started the whole fiasco.

So how big is the problem? Apple's silence makes it impossible to know for sure. However, I'm told that the division that handles Mac support calls receives between 10,000 and 20,000 calls a day. If 25% of those calls are related to this issue, which has been going on for 25 days, the total number of customers affected could be between 60,000 and 125,000, and growing.

One contractor who works for a third party that handles support calls for Apple in North America sent me a confidential document that had been distributed to all personnel at his location. The document contains detailed instructions from "the client" (Apple) that the firm's employees must follow when dealing with calls from customers asking for help with Mac Defender issues. (I've posted a copy of the document at the end of this post.)

The document, which is labeled "Valid as of May 20th 2011 subject to further revisions," instructs support reps to "Start with an upbeat tone and stay positive." That's followed by two blocks that outline the script the agents are expected to follow:

"I am glad that you decided to call in about this issue today. Based on the symptoms you describe it sounds like you may have malware on your computer. I would be more than happy to send you an article about what malware is and is not. Lets [sic] make sure you have all your software up to date."

"Apple's [sic] doesn't recommend or guarantee any specific third part [sic] anti-virus protection over another. However I can suggest several third party virus protection programs that you may want to consider researching to find the best one for your needs."

At that point the rep is ordered to suggest "at least three or four different programs from anywhere" and direct the customer to the App Store or the Apple Online Store.

In a particularly Orwellian turn of phrase, the anonymous author of the document then notes dryly, "According to the client the point of this is to empower the customers to become more internet and security savvy."

The end of the document includes a list of "Things you must never do according to the client." The list of prohibited actions includes all of the steps required to clean a Mac Defender infection:

- You cannot show the customer how to force quit Safari on a Mac Defender call

- You cannot show the customer how to remove from the Login items.

- You cannot show the customer how to stop the process of Mac Defender in their Activity Monitor.

- You cannot refer the customer to ANY forums or discussions [sic] boards for resolution (this includes the Apple.com forums)

The final item on the list contains instructions that prevent support personnel from indirectly helping clients:

- Once you know that the call is about Mac Defender, and then the customer decides to try and ask you general questions to find a loophole (IE: "OK, then how would you uninstall a third party program in general" or "How do I stop programs from starting upon launch") The point of this is, things that would be considered "general product usage" questions are not allowed to be answered if the customer has already informed you that he potentially has MacDefender and is now asking obvious questions to skirt our policy.

The upshot of this policy is to explicitly prohibit any action that could help customers. For tech support personnel, that's a bitter pill to swallow.

One rep who contacted me via e-mail describes the current mood among fellow support reps as "horrid," adding, "We are now under strict orders, of course without distinctly saying it, to help NO ONE with Mac Defender under threat of our jobs ... All I heard all day today from other advisors was how Apple doesn't want to take care of its customers and how this new policy constrained our ability to do our job and directly affects our pay."

A second rep told me, "The shit has hit the fan."

You can see a copy of the entire document here:

Editorial standards