• Apple to support reps: "Do not attempt to remove malware"

    Apple is actively conducting an internal investigation into the Mac Defender malware attack I wrote about yesterday (here and here). An internal document with a Last Modified date of Monday, May 16, 2011 notes that this is an “Issue/Investigation In Progress.”

    The document (shown below) provides specific instructions for support personnel to follow when dealing with a customer who has called AppleCare to request help with this specific attack.

    There are two different resolution paths, depending on whether the customer says Mac Defender / Mac Security has or has not been installed.
    According to this document, if the caller says he or she has not installed the software, the support rep should “suggest they quit the installer and delete the software immediately.” That is followed by this disclaimer:

    AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer’s Mac is infected or not.

    If the software is already installed, support personnel are instructed to make sure all security updates have been installed using Software Update. They are then to direct the customer to the “What is Malware?” Help document using Finder. The final step is clear:

    Explain that Apple does not make recommendations for specific software to assist in removing malware. The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options.

    Finally, that is followed by these four bullet points.


    • Do not confirm or deny that any such software has been installed.
    • Do not attempt to remove or uninstall any malware software.
    • Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
    • Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.
    Apple has not responded to a request for comment on the ongoing Mac Defender attack or this policy.

    Source: ZDnet
    Comments 5 Comments
    1. duke0102's Avatar
      duke0102 -
      So, they're not allowed to confirm or deny the malware but to tell them to buy some antivirus from themselves anyway?
    1. mjmacky's Avatar
      mjmacky -
      That sounds totally like Apple:
      Raise head, and in a downward arcing motion to the front, impale sand with crown of head.

      Alternative method:
      In a 360-450 degree downward/forward arcing motion impale rectum with crown of head. Apple support should not acknowledge any motions that are less than 360 degrees or more than 450 degrees.
    1. rdtphd's Avatar
      rdtphd -
      the best course of action is to go to amazon and buy the 3 wolf and moon t-shirt. once you receive your t shirt and put it on you will have no more problems.

    1. duke0102's Avatar
      duke0102 -
      I don't understand the reference or are you just advertising some shirts?
    1. mjmacky's Avatar
      mjmacky -
      He's just referencing some random meme