Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

iPods Come Complete With Windows Virus

Posted by ScuttleMonkey on Tue Oct 17, 2006 06:29 PM
from the nyah-nyah dept.
Businesses Security Apple
kaufmanmoore writes "Cnet is reporting that some video Ipods made after September 12th have the RavMonE virus loaded onto it. In Apple's announcement they take a swipe at Windows security and encourage Windows users to install anti virus applications."
+ -
story

Related Stories

[+] IT: Malware Distribution Through Physical Media a Growing Concern 141 comments
twitter brings us a story about the increasing number of digital devices reaching consumers with malware already installed. In this case, digital photo frames from three different Sam's Club stores were found to contain the same type of malicious code. We discussed a similar problem with iPods a while back, as well as a more recent situation with Maxtor hard drives. Quoting the Register: "While a compromise at the manufacturer is the most likely scenario, ISC's Sachs also pointed to retailers as a possible point of infection. Returned products, which could have been infected by the consumer, are frequently put back on the shelf, if they are in sale-able condition, and attackers could take advantage of a store's poor digital hygiene, he said. 'Trying to (infect a product) all the way back at the factory — getting it through all the checks and balances — would be pretty hard to do,' he said. 'But doing it at the store, where there might be loose return policies, and (where) they put it back on the shelf - you are not going to get a million infections, but you might get a person from an investment bank next door.'"
[+] Hardware: Digital Picture Frames Infected by Trojan Viruses 174 comments
CR0WTR0B0T writes "The San Francisco Chronicle is running a story on viruses loaded into digital picture frames, similar to the ones we discussed at the end of last year. The difference is in the virus used: 'The authors of the new Trojan Horse are well-funded professionals whose malware has 'specific designs to capture something and not leave traces ... This would be a nuclear bomb of malware.' Apparently, a number of regular folks have hooked them up to their home computer and loaded the virus. And if you think you're too smart to be fooled, apparently the Anti-Virus software makers have not caught up to the threat quite yet."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

iPods Come Complete With Windows Virus 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • Apple's products are made (and to some degree, designed) in China just like everybody else's. I wonder how many other memory products (that is, USB mass storage devices) have similar issues.

    • Also shows... (Score:5, Insightful)

      by Anonymous Coward on Tuesday October 17 2006, @06:37PM (#16478063)
      The class of Apple to complain about Windows being susceptible to viruses that Apple Quality Control fails to catch. Maybe Apple QC should install AV as well when they develop for windows?

      • Re:Also shows... (Score:5, Insightful)

        by udderly (890305) * on Tuesday October 17 2006, @06:52PM (#16478285)
        Why is this a troll? I'm a serious Mac fan, but that little "jab at Microsoft" *was* pretty classless.

        WARNING: OBLIGATORY CAR ANALOGY!!!
        When I was a kid we were firing a golf ball out of homemade cannon and broke the neighbor's windshield. Crap, what was I thinking? I should have blamed Ford for not making their windshields stronger!

      • Re:Also shows... (Score:5, Informative)

        by Anonymous Coward on Tuesday October 17 2006, @07:05PM (#16478461)
        "Maybe Apple QC should install AV as well when they develop for windows?"

        I heard (from a reliable source inside Apple) that the virus was preinstalled from the disk manufacturer when they formatted the drives. *shudder* You can see where this can go.

          • Re:Also shows... (Score:5, Insightful)

            by Trillan (597339) on Tuesday October 17 2006, @07:43PM (#16478929) Homepage Journal
            If it really did come on just a few of the blank hard drives, in order to catch this with testing they'd have to test every single freshly formatted drive. Granted, I'm sure they'll do that now, but not doing a virus scan on freshly formatted disks hardly qualifies as "no testing."

            • Re:Also shows... (Score:5, Informative)

              by spectral (158121) on Tuesday October 17 2006, @11:56PM (#16481009)
              I thought the same thing. Guess what happened when I first plugged in my SanDisk micro thumb drive? Shit got installed on my computer, that I had to specifically uninstall and then format the thumb drive (Conveniently available from the menu it installed, but still).

              NOTHING in the manual about "Oh yeah, if you plug this in to a windows PC we're running shit without telling you."

              I no longer trust "blank" media, but what can one do? Plug the hard drive in to a windows machine and format it? Woops, already fucked your computer over, since Windows will helpfully immediately run and install anything on the disk. This is a failure of Windows with autorun being on by default.

      • Re:Also shows... (Score:4, Insightful)

        by jcr (53032) <jcr@ma[ ]om ['c.c' in gap]> on Tuesday October 17 2006, @07:20PM (#16478637) Journal
        The problem happened, because Apple's assembly contractors used Windows machines in their production process. Clearly, this is not a wise choice from a security standpoint, and I would expect Apple to insist on replacing those machines with Macs or Linux hosts.

        -jcr

        • Re:Also shows... (Score:5, Insightful)

          by Trillan (597339) on Tuesday October 17 2006, @08:02PM (#16479141) Homepage Journal
          Honestly, it probably should be an embedded system (running Linux, if you like) without a GUI or any other possible way for people on the line to wreck it.

          • Re:Also shows... (Score:4, Informative)

            by fatphil (181876) on Tuesday October 17 2006, @08:32PM (#16479455) Homepage
            That's not how manufacturing works at all in the real world. Most initialisation of such devices is done using Windows machines.

            However, they shouldn't be writing files to a filesystem to initialise the devices, they should be writing a version-controlled quality-controlled filesystem itself. And there's no point blaming the Chinese contractor, I'm sure they were just following the Apple procedure, sloppy as it is.
            • "And there's no point blaming the Chinese contractor, I'm sure they were just following the Apple procedure, sloppy as it is."

              What do you base this assertion on? How do you know how 'sloppy' the Apple procedure is?

              Many are lambasting Apple because they didn't test every vendor-supplied microdrive for *windows* viruses/virii. They sold 7.7 million ipods, as I understand it. If we grant 'em 10 seconds to hook the drive up and test it - even automated; remember, these drives aren't exactly fast - that's 891 additional days added to that manufacturing model.

              I'm not sure I believe that Apple should necessarily be responsible for a chinese manufacturer's choice of operating system for their production line.

              In fact, in response to the many assertions that Windows is the pre-eminent choice in production line systems... I find it difficult to believe; in my direct experience with seven major production systems and indirect with ten or twelve, only two used Windows, and of them had as their purpose was directly testing production of Windows based computers. A pharmaceutical company I'm familiar with uses HP clusters; a local utility recently switched from SCO to Linux ( I love saying that! ); A PCB assembly machine I dealt with had embedded a BSD variant. A plastics manufacturer I'm familiar with uses Linux and DOS (!) because the hardware manufacturer doesn't want to fix something that's "not broken". I've never even *heard* of Windows being used in production systems anywhere but plants that produce Windows computers.

  • Uhh, What? (Score:5, Insightful)

    by aweraw (557447) * on Tuesday October 17 2006, @06:33PM (#16477997) Homepage Journal
    I'm not one to try and defend Windows security with a straight face, but this is apples fault for shipping infected ipods. They failed to protect their customers, regardless of windows lack-lustre security

  • Windows Security? (Score:5, Insightful)

    by AvitarX (172628) <me@@@brandywinehundred...org> on Tuesday October 17 2006, @06:33PM (#16478001) Journal
    If I just distributed a device with a virus on it I would not be throwing stones at the security practices of another company.

  • Trying to push the blame to Microsoft (Score:4, Insightful)

    by Duk (26306) on Tuesday October 17 2006, @06:33PM (#16478009) Journal
    From the site (emphasis mine):
    As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

    Wow...trying to deflect some of the blame, huh?

  • secret weapon (Score:4, Insightful)

    by wardk (3037) on Tuesday October 17 2006, @06:34PM (#16478031) Journal
    and this is why in the long run, apple wins? Simply because MS can't do anything like this back to Apple.

    those apple people are genius'

    • Re:secret weapon (Score:4, Informative)

      by nwbvt (768631) on Tuesday October 17 2006, @07:05PM (#16478453)

      "Simply because MS can't do anything like this back to Apple."

      Sure they can. Ship a version of MS Word with a virus embedded that targets Macs (yes they do exist, though the small market share makes them much less common). And if they are willing to bring back the Mac Internet Explorer, they can 'accidentally' leave open a security flaw that allows even more viruses in.

      I think MS wins hands down as one of Apple's main selling points is that fewer viruses are written for Macs than for Windows. But the more stories that break that include the words "Apple" and "Virus" in the headline, fewer people will believe that and just stick with Windows (yes we can hold out hope that they will move to Linux, but I wouldn't bet on it).

  • This sounds a bit suspicious... (Score:5, Interesting)

    by msauve (701917) on Tuesday October 17 2006, @06:39PM (#16478099)
    "it was traced to a particular Windows machine in the manufacturing lines of a contract manufacturer " and "Very few units actually went through that particular station"

    Why is a Windows machine ever connected to an iPod during manufacturing? I'd think for a high volume product like the iPod, there would be dedicated disk duplicators to format/populate the drives, and testing would likewise be done with purpose-designed hardware. Using a Windows PC to do either seems like a crude, inefficient way to do things.

  • Worst...apology...ever (Score:5, Insightful)

    by BeeBeard (999187) on Tuesday October 17 2006, @06:42PM (#16478129)
    From the article:

    "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it," Apple said on its site.
    (emphasis added)

    It's nice that they're "upset with themselves for not catching it" in the last part of that statement, but what's that first part in bold all about? Oh yeah, it's the part where they shirk complete responsibility for this by half-blaming Microsoft for the virus Apple introduced in its own hardware. It's the most half-assed way of apologizing imaginable.

    In other news, rapists who blame their victims will now be in charge of issuing Apple's PR statements on their website.

  • Exploiting process weaknesses... (Score:4, Interesting)

    by mithran8 (186371) on Tuesday October 17 2006, @06:46PM (#16478205) Homepage
    What I find interesting is the potential for this type of distribution to be the vector for a zero-day exploit.

    Imagine the scenario: an unscrupulous individual happens across an unannounced vulnerability, and develops an exploit. Rather than building it into a worm/botnet replication mechanism, he finds a way to load it onto a consumer electronics device (mp3 player, flash drive, camera, etc) and lets the well-established merchandise distribution network take it from there. Weeks/months later, at a predetermined time, an attack can be launched simultaneously from hundreds/thousands of locations, and we have a nasty problem on our hands.

  • If they're making products for use with Windows... (Score:4, Insightful)

    by ChodeMaster (773739) on Tuesday October 17 2006, @07:01PM (#16478405)
    If apple are going to make products for use with windows, then it is their responsibility to ensure that those products don't contain virii for windows systems. Suggesting that the virus being present in their product that they're shipping (regardless of the susceptibility of Windows to that virus) is the fault of Microsoft is passing the buck in a most horrible way.

    The simple fact is that they choose to make their device work with Microsoft Windows systems, and they are damned sure responsible for ensuring that their device will not cause problems with those systems, regardless of the flaws or vulnerabilities of Microsoft systems.

    I quite like Mac hardware and software, and have previously been glad that they may be gaining market share, but frankly if they are going to continue to market themselves by making stabs at Microsoft (and no I'm not suggesting the virus was placed intentionally), rather than by marketing their products' strengths and features, I'm not so sure I will continue to feel the same way.

    • Re:Come again?? (Score:4, Insightful)

      by denebian devil (944045) on Tuesday October 17 2006, @06:47PM (#16478225)
      Not only that, since the problem was "traced to a particular Windows machine in the manufacturing lines of a contract manufacturer that builds the iPods for Apple," I would think that if they're going to talk so high-and-mighty against Windows that they would be smart enough not to use Windows as part of their manufacturing process.

      Seems like just another bad attempt at deflection.

          • Re:Come again?? (Score:5, Informative)

            by QuantumG (50515) <qg@biodome.org> on Tuesday October 17 2006, @08:06PM (#16479195) Homepage Journal
            Not one that's ISO 9000 certified you havn't. Apple has never done the necessary paperwork to get Macs into this market. They don't care about this market. Now they've been bitten on the ass by this stance. That's the irony, aint it sweet.

          • Re:Come again?? (Score:4, Funny)

            by Mr2001 (90979) on Tuesday October 17 2006, @08:48PM (#16479633) Homepage Journal
            My guess is that the factory uses Windows because PCs are less expensive than Macs. That and the applications being run not supporting OSX (or Linux, for that matter).

            Less expensive, maybe a little bit, but a Yugo is less expensive than a Ferrari too! Just look at how much more you get: FireWire! Magnetic power cords! Genius bars! And isn't it worth a few more bucks to make your factory snappier?

            Besides, there are plenty of factory applications for Mac! There's AssemblyLine...

            Super AssemblyLine...

            *whisper* Photoshop...

            </fanboy>

          • Re:Come again?? (Score:4, Informative)

            by QuantumG (50515) <qg@biodome.org> on Tuesday October 17 2006, @08:09PM (#16479231) Homepage Journal
            The rules were made up by those lovely people at the International Standards Organisation. Apple has never gone through the process to get Macs certified as ISO 9000 approved manufacturing components. They focus on the home and small office market, they don't care about this stuff.

    • Re:Come again?? (Score:5, Insightful)

      by mr_matticus (928346) on Tuesday October 17 2006, @06:49PM (#16478249)
      They didn't blame Microsoft for their failure to stop the iPods from shipping, but there is a certain element to truth to the statement. If you take away the fact that Apple is involved and look at it--a technology product was infected with malware because a Windows PC on the production line was infected and it wasn't caught in time.

      The number of Windows machines on production lines in China is staggering--and if Windows had better security, the spread of viruses and malware wouldn't represent such a massive threat. Simple acts like requesting permission to install new software, etc. would go a long way toward cutting this off. Windows, left to its own devices, happily installs crapware without user intervention or notification, and that makes it harder to KNOW when your computer has been compromised.

      So yeah, Microsoft is dumb in this capacity, but it's still Apple's responsibility.

    • Re:Come again?? (Score:5, Interesting)

      by flithm (756019) on Tuesday October 17 2006, @06:55PM (#16478319) Homepage
      I agree with you, although... I have to wonder, how did it get on the iPod in the first place? If you look at the W32/Rjump worm [nai.com] you can see that it spreads itself by copying itself to mounted removeable storage drives.

      Perhaps someone tested a prototype on an infected windows machine, to make sure some minor manufacturing change didn't bork the device. Then after working on it a bit they got it to work, copied the image over, and all of a sudden you have iPods being pumped out of the factor with a virus on them. Clearly just a guess, but if something similar to that happened and I was Apple I'd sure as hell be pissed that Windows lack of security caused my hardware devices to get factory shipped with a virus on them.

      Note that this scenario is supported by TFA: "Joswiak said it was traced to a particular Windows machine in the manufacturing lines of a contract manufacturer that builds the iPods for Apple."

      In that context, Apple has every right to be irritated. Either way though you're right, it's a pretty stupid PR move to make a comment like that. They should just apologize, fix the problem, and move on.

    • Re:Good job, Jobs! (Score:4, Funny)

      by Salvance (1014001) on Tuesday October 17 2006, @07:07PM (#16478475) Homepage Journal
      So now Apple needs a commercial where the Mac guy is picking up biohazardous waste while wearing a virus-proof bunny suit and "accidentally" spilling it on the PC guy who's just laying there in his beach clothes enjoying himself.

    • Re:Good job, Jobs! (Score:5, Funny)

      by Odin's Raven (145278) on Tuesday October 17 2006, @07:23PM (#16478687)

      Next PC vs Mac commercial, the Apple version:

      PC is wearing a "boy in the plastic bubble" suit, wandering around with a bottle of Formula 409, obsessively wiping down everything he sees. Mac casually strolls up from behind and taps PC on the shoulder of his bubble suit. PC shrieks and starts spraying and wiping the suit. Mac asks what's up, PC starts babbling "Viruses...viruses are everywhere. Anything I touch might kill me. Never clean enough...never...clean...enough". Mac sadly shakes his head and wanders off.

      Next PC vs Mac commercial, the Microsoft version:

      Mac walks over to PC and offers to let PC listen to Mac's iPod. PC puts on the headset, starts tapping his feet and snapping his fingers, then suddenly flops onto his back, goes into convulsions, and dies. Mac slinks off the stage, looking embarassed and guilty. James Earl Jones voiceover grimly intones "iPods kill - buy a Zune".

    • Re:Cue the... (Score:5, Insightful)

      by sl3xd (111641) * on Tuesday October 17 2006, @06:52PM (#16478287)
      I'd prefer to think along the lines of "why you can't get anybody at Apple to care." It doesn't affect Macs, after all.

      Still, it does give food for thought. I can easily see it as an act of malice as much as a QA failure.

      I recall a *brand new* Sandisk flash drive that loaded & installed its own software (including Skype, its own little menu system, utilities, etc.) onto my computer the moment I plugged it in.

      How much would it be worth to a spammer/botnet group to infect the image that gets copied to all these devices? Enough to pay sufficiently large sums of money to subvert employees at the manufacturing plant?

      It's still inexcusably sloppy of Apple, but my real concern isn't in the companies involved: It's that it will likely happen elsewhere as well. Flash drives, DVD's with 'extended' PC content... stuff like that.

      Anywhere media with readable content is replicated can be a vector for viruses.

      • Re:Cue the... (Score:4, Insightful)

        by Sancho (17056) on Tuesday October 17 2006, @07:15PM (#16478565) Homepage
        Inexcusable? Hardly. It would certainly be inexcusable if they didn't take action here, but for a simple mistake? I think everyone is overstating how big a problem this is.

        And before people start saying, "Well if it was Microsoft, we'd be jumping down their throats about this!" consider that Apple isn't exactly a company with a long history of security flaws [microsoft.com].

        I do think that the statement "As you might imagine, we are upset at Windows for not being more hardy against such viruses" is absurd. If there /were/ widespread viruses for Apple, they'd likely be just as problematic. The only thing that 'hardens' Apple against viruses, other than obscurity, is the fact that users don't run as Admin by default, so they have to type in their password for the virus to do any significant damage. Since we're training users to do this, it seems likely that a virus would still be able to wreak havoc on a Mac. We'd just call it a trojan, first.

        I guess Autorun on by default is another flaw in Windows, but I wasn't aware that USB devices would autorun by default. Are iPods presenting themselves as CDRoms now?

        Seriously. People look at a company like Apple and they imagine that there's some middle-aged guy in a turtleneck personally checking every iPod and somehow he slipped up and missed this. Nope. It's some grunt in a factory somewhere trying to meet a quota, and of course they're going to cut corners. Apple hasn't screwed up yet--we'll have to see how they handle this situation to find out whether their actions are "inexcusable."

      • Re:Cue the... (Score:4, Insightful)

        by bcat24 (914105) on Tuesday October 17 2006, @07:37PM (#16478865) Homepage Journal
        But in the end, it's an Apple product and Apple is responsible. Sure, mistakes happen, and they did apologize, I'll give you that. The little jab at Microsoft was completely uncalled for, though. It makes Apple look far worse in my eyes than the accident did in the first place.

    • Re:How is it Possible to be Elitest AND Stupid? (Score:5, Funny)

      by Grishnakh (216268) on Tuesday October 17 2006, @07:03PM (#16478429)
      That's like MacDonald's importing meat infected with Mad Cow Diease, then blaming the FDA for not catching it.

      Bad analogy. It's like McDonald's (no a) selling burgers infected with MCD, and then blaming the humans for being vulnerable to it. Except that unlike humans in the real world (who are all susceptible to MCD), the humans in this crazy analogy universe have a choice between different bodies: one that's not only vulnerable to MCD, but every other disease out there, and has to be constantly immunized against them, and even then performs terribly, stops breathing and loses conscienceness occasionally, and is ugly to boot; and a few other bodies that are naturally immune to every known disease, are stronger and live much longer, don't need sleep, and are very attractive. Only the idiots who chose the ugly, disease-infested bodies get MCD so McDonald's justifiably tries to assign them some of the blame for making a bad choice.

    • Re:Upset with Windows? (Score:5, Informative)

      by Anonymous Coward on Tuesday October 17 2006, @07:06PM (#16478467)
      There is no such thing as autorun on OS X. If you really have managed to get a script to run automatically as soon as the volume that contains it is mounted, you are exploting a bug somewhere. Please file a bug report.

    • Re:Upset with Windows? (Score:5, Insightful)

      by mincognito (839071) on Tuesday October 17 2006, @07:18PM (#16478607)
      Your script will not propogate itself; will not use up my computer's resources; will not open a backdoor to allow others access to my information, bandwidth and/or processor cycles. How come people always cite an unintended "rm -rf /" as the most terrifying and catostrophic event ever? I backup my data. I'd rather suffer your script than have an undetected MS virus, worm or rootkit.

        • Re:nah, this has happened before (Score:5, Funny)

          by buswolley (591500) on Tuesday October 17 2006, @08:11PM (#16479247) Journal
          ITs great. Apple blames Windows for the Virus...but who put it on th ipod?

                • Re:twitter, please read this (Score:5, Insightful)

                  by skarphace (812333) on Wednesday October 18 2006, @08:44AM (#16484013) Homepage
                  Still, this is a case in which the use of a non Microsoft system for pre-loading the iPods would be the appropriate solution at the manufacturing end. Since all that's needed is the ability to create and write to a FAT32 filesystem, I don't see why Linux isn't used; it can even be done automatically on a headless machine that does the loading upon USB insertion.
                  How do you know this is what the machine was used for? Maybe it was used as a QA/Testing machine to make sure the iPod works with all systems. Fact is, you don't know.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.