iPods Come Complete With Windows Virus

kaufmanmoore writes "Cnet is reporting that some video Ipods made after September 12th have the RavMonE virus loaded onto it. In Apple's announcement they take a swipe at Windows security and encourage Windows users to install anti virus applications."

Just goes to show.

[Ayanami Rei]

Apple's products are made (and to some degree, designed) in China just like everybody else's. I wonder how many other memory products (that is, USB mass storage devices) have similar issues.

Also shows...

[Anonymous Coward]

The class of Apple to complain about Windows being susceptible to viruses that Apple Quality Control fails to catch. Maybe Apple QC should install AV as well when they develop for windows?

Re:Also shows...

[udderly]

Why is this a troll? I'm a serious Mac fan, but that little "jab at Microsoft" *was* pretty classless.

WARNING: OBLIGATORY CAR ANALOGY!!!
When I was a kid we were firing a golf ball out of homemade cannon and broke the neighbor's windshield. Crap, what was I thinking? I should have blamed Ford for not making their windshields stronger!

Re:

[Nataku564]

Things coming over the wire, yeah - be very paranoid about. Generally you do trust the devices that plug into the box, though. Otherwise we would constantly be scanning the keyboard for possible viruses, what with all those interrupts it keeps triggering.

Heck, lets go one step further. Lets not trust the SATA drive - who knows where that thing has been.

Re:

[NoodleSlayer]

Heck, lets go one step further. Lets not trust the SATA drive - who knows where that thing has been.

If you've ever tried installing Windows XP or 2000 onto a SATA drive using the generic retail box CD you'd realize how close to reality this is ;)

Re:

[shellbeach]

If you'd aimed your cannon randomly into the air, you'd be a little closer to an internet analogy. On the internet the assailant can be anywhere in the world, and the attack can be completely automated. You have to treat a barrage of golf balls in the same way you would treat a barrage of hail stones.

Yes, but we're not talking about the internet at large here, we're talking about a major manufacturer of electronics, and one which is supposedly reputable. Having a virus on your marketed product is extremely

Re:

[pyite]

Or has the default FS on the iPod changed?

Yes, I believe so. My nano (from December 2005) has never been plugged into anything but my Mac and it is Windows formatted. On the other hand, my original 3rd Gen is HFS+. That was real fun when I ran Linux on my PowerBook. Worked better than expected, actually.

Re:

[Shawn is an Asshole]

My 4th gen 60gb iPod came HFS+ formatted and I've kept it that way, even though I rarely use it on my Mac. The only thing I had to do to get Linux to work properly with it was disable journaling on it. No problems at all. I also use it as a USB drive for transferring stuff to/from work or to/from my PowerBook.

Did you disable journaling? It should work fine after that.

Re:Also shows...

[Anonymous Coward]

"Maybe Apple QC should install AV as well when they develop for windows?"

I heard (from a reliable source inside Apple) that the virus was preinstalled from the disk manufacturer when they formatted the drives. *shudder* You can see where this can go.

Re:Also shows...

[Trillan]

If it really did come on just a few of the blank hard drives, in order to catch this with testing they'd have to test every single freshly formatted drive. Granted, I'm sure they'll do that now, but not doing a virus scan on freshly formatted disks hardly qualifies as "no testing."

Re:Also shows...

[Trillan]

Their response was to fix their procedure so the problem could never repeat. What's so meager?

Re:Also shows...

[mrchaotica]

OS X viruses... exist as well

Do they? Last I heard there was a "proof of concept," but IIRC even it required user interaction to propagate. I've never heard of a real, self-propagating, OS X virus in the wild.

Microsoft would love to copycat.

[DrYak]

I've never heard of a real, self-propagating, OS X virus in the wild.

Yeah, it's a real shame that Microsoft's Zune Player is windows-only.

Re:

[LKM]

Well, if you're connecting your iPod for the first time to your mac, and some official looking popup would ask you for user interaction

Except that Macs don't auto-run anything, unlike Windows boxes.

Re:

[Greyfox]

Why would you even assume you had to? You'd expect the hard drive manufacturer's QC to catch bad sectors and things and wouldn't even think that there'd be a virus on a pre-formatted drive. I don't know a company on the planet that would even think to check for something like that. I do remember the occasional problem of the same nature with pre-formatted floppies back in the day.

Re:Also shows...

[spectral]

I thought the same thing. Guess what happened when I first plugged in my SanDisk micro thumb drive? Shit got installed on my computer, that I had to specifically uninstall and then format the thumb drive (Conveniently available from the menu it installed, but still).

NOTHING in the manual about "Oh yeah, if you plug this in to a windows PC we're running shit without telling you."

I no longer trust "blank" media, but what can one do? Plug the hard drive in to a windows machine and format it? Woops, already fucked your computer over, since Windows will helpfully immediately run and install anything on the disk. This is a failure of Windows with autorun being on by default.

Re:Also shows...

[PitaBred]

Pisses me off too. That's why I use TweakUI on every install of Windows I have to use and I disable AutoPlay completely. Optical discs, removable media, anything.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Also shows...

[Trillan]

Honestly, it probably should be an embedded system (running Linux, if you like) without a GUI or any other possible way for people on the line to wreck it.

Re:Also shows...

[fatphil]

That's not how manufacturing works at all in the real world. Most initialisation of such devices is done using Windows machines.

However, they shouldn't be writing files to a filesystem to initialise the devices, they should be writing a version-controlled quality-controlled filesystem itself. And there's no point blaming the Chinese contractor, I'm sure they were just following the Apple procedure, sloppy as it is.

Re:Also shows...

[NixLuver]

"And there's no point blaming the Chinese contractor, I'm sure they were just following the Apple procedure, sloppy as it is."

What do you base this assertion on? How do you know how 'sloppy' the Apple procedure is?

Many are lambasting Apple because they didn't test every vendor-supplied microdrive for *windows* viruses/virii. They sold 7.7 million ipods, as I understand it. If we grant 'em 10 seconds to hook the drive up and test it - even automated; remember, these drives aren't exactly fast - that's 891 additional days added to that manufacturing model.

I'm not sure I believe that Apple should necessarily be responsible for a chinese manufacturer's choice of operating system for their production line.

In fact, in response to the many assertions that Windows is the pre-eminent choice in production line systems... I find it difficult to believe; in my direct experience with seven major production systems and indirect with ten or twelve, only two used Windows, and of them had as their purpose was directly testing production of Windows based computers. A pharmaceutical company I'm familiar with uses HP clusters; a local utility recently switched from SCO to Linux ( I love saying that! ); A PCB assembly machine I dealt with had embedded a BSD variant. A plastics manufacturer I'm familiar with uses Linux and DOS (!) because the hardware manufacturer doesn't want to fix something that's "not broken". I've never even *heard* of Windows being used in production systems anywhere but plants that produce Windows computers.

Re:Also shows...

[CaymanIslandCarpedie]

But then they'd get sued by security vendors for ruining thier market.

Re:

[Savage-Rabbit]

Or Microsoft should just fix their OS so that the file is just a dangerous as a README.txt file.

You overestimate the harmlessness of Readme files.

Re:Also shows...

[billsoxs]

You overestimate the harmlessness of Readme files.

Yes except you need to READ the readme files for them to be an issue.

Re:Also shows...

[Anonymous Coward]

I once worked on a product, where we had a file on disk called IGNORE.ME. I can't for the life of me remember why.

Re:Also shows...

[Mike Peel]

Odds are that more people read it than would have read a READ.ME file in the same folder.

Re:

[cowbutt]

...or even Wordpad [google.com]!

Re:Also shows...

[Jack Pallance]

'develop on the platform you are releasing for'

They would have, but the developers complained about having to use the IPod's scroll wheel to type all of their code.

Re:

[pilgrim23]

Mac Windows blah blah... the REAL question to me is how did it get there? as you point out, made in China. Think this one through in terms of balance of trade, marketing and manufacturing clout, and future product deals. Could this have been a feeler on how to inject another and even more disturbing piece of code into the infustructure? Or, mayhaps I am just too cynical...

Re:

[theshowmecanuck]

If America and China are in serious economic competition, why wouldn't China try to quietly sabotage a leading American company? Especially as they now own one of the largest PC building companies in the world now... and which is in direct competition with Apple. And also since they are on the verge of being an independent economic power (meaning they can market anywhere and not rely on North America being happy with what they do). We forget that they are still a totalitarian government. I know this may

Good job, Jobs!

[eebra82]

Now I come to think about the PC guy in the Mac commercials who whines about viruses on Windows systems. Steve Jobs is so keen on pointing out that Mac is free from viruses (and Windows is not), but this blunder has got to shut him up about that for a while.

Re:

[sl3xd]

You realize that the virus does nothing on a Mac, right? To a mac, it's just a file.

To Windows, it's a virus.

Re:

[Vexorian]

I would worry still cause this also means that they have a really low quality control.

Re:

[Darundal]

How should this shut him up? Did you even RTFM? The virus was due to the iPods being processed through a single machine running Windows...nothing about a mac being infected at all, or any flaws in mac security...

Re:Good job, Jobs!

[eebra82]

I never stated that either. My point was that he can't complain about viruses on Windows computers now that he's helped spreading it. Excuse me for not being clear enough.

Re:Good job, Jobs!

[Salvance]

So now Apple needs a commercial where the Mac guy is picking up biohazardous waste while wearing a virus-proof bunny suit and "accidentally" spilling it on the PC guy who's just laying there in his beach clothes enjoying himself.

Re:Good job, Jobs!

[Odin's Raven]

Next PC vs Mac commercial, the Apple version:

PC is wearing a "boy in the plastic bubble" suit, wandering around with a bottle of Formula 409, obsessively wiping down everything he sees. Mac casually strolls up from behind and taps PC on the shoulder of his bubble suit. PC shrieks and starts spraying and wiping the suit. Mac asks what's up, PC starts babbling "Viruses...viruses are everywhere. Anything I touch might kill me. Never clean enough...never...clean...enough". Mac sadly shakes his head and wanders off.

Next PC vs Mac commercial, the Microsoft version:

Mac walks over to PC and offers to let PC listen to Mac's iPod. PC puts on the headset, starts tapping his feet and snapping his fingers, then suddenly flops onto his back, goes into convulsions, and dies. Mac slinks off the stage, looking embarassed and guilty. James Earl Jones voiceover grimly intones "iPods kill - buy a Zune".

Come again??

[bladesjester]

Apple is selling ipods with a virus on them and they're taking it as an opportunity to bash Microsoft??

I'm sorry, but that just seems ass backwards to me. This one is not Microsoft's fault, and I hope people realize that.

Re:Come again??

[denebian devil]

Not only that, since the problem was "traced to a particular Windows machine in the manufacturing lines of a contract manufacturer that builds the iPods for Apple," I would think that if they're going to talk so high-and-mighty against Windows that they would be smart enough not to use Windows as part of their manufacturing process.

Seems like just another bad attempt at deflection.

Re:

[QuantumG]

Yeah, it's kinda funny that Macs are still not certified for use in manufacturing processes.

Re:Come again??

[QuantumG]

Not one that's ISO 9000 certified you havn't. Apple has never done the necessary paperwork to get Macs into this market. They don't care about this market. Now they've been bitten on the ass by this stance. That's the irony, aint it sweet.

Re:Come again??

[Mr2001]

My guess is that the factory uses Windows because PCs are less expensive than Macs. That and the applications being run not supporting OSX (or Linux, for that matter).

Less expensive, maybe a little bit, but a Yugo is less expensive than a Ferrari too! Just look at how much more you get: FireWire! Magnetic power cords! Genius bars! And isn't it worth a few more bucks to make your factory snappier?

Besides, there are plenty of factory applications for Mac! There's AssemblyLine...

Super AssemblyLine...

*whisper* Photoshop...

</fanboy>

Re:Come again??

[QuantumG]

The rules were made up by those lovely people at the International Standards Organisation. Apple has never gone through the process to get Macs certified as ISO 9000 approved manufacturing components. They focus on the home and small office market, they don't care about this stuff.

Re:Come again??

[mr_matticus]

They didn't blame Microsoft for their failure to stop the iPods from shipping, but there is a certain element to truth to the statement. If you take away the fact that Apple is involved and look at it--a technology product was infected with malware because a Windows PC on the production line was infected and it wasn't caught in time.

The number of Windows machines on production lines in China is staggering--and if Windows had better security, the spread of viruses and malware wouldn't represent such a massive threat. Simple acts like requesting permission to install new software, etc. would go a long way toward cutting this off. Windows, left to its own devices, happily installs crapware without user intervention or notification, and that makes it harder to KNOW when your computer has been compromised.

So yeah, Microsoft is dumb in this capacity, but it's still Apple's responsibility.

Re:

[CastrTroy]

Windows can be pretty secure when you take the proper precautions. When you're running it in a production environment, producing media that will be put into the computers of others, then you have to make sure you take the proper precautions. The proper precautions here doesn't even need to be install antivirus. What it needs to be, is don't have the machines hooked up to the internet, and don't hook them up unguarded to the company intranet. Don't turn autorun on, and don't have employees checking their

Re:Come again??

[flithm]

I agree with you, although... I have to wonder, how did it get on the iPod in the first place? If you look at the W32/Rjump worm [nai.com] you can see that it spreads itself by copying itself to mounted removeable storage drives.

Perhaps someone tested a prototype on an infected windows machine, to make sure some minor manufacturing change didn't bork the device. Then after working on it a bit they got it to work, copied the image over, and all of a sudden you have iPods being pumped out of the factor with a virus on them. Clearly just a guess, but if something similar to that happened and I was Apple I'd sure as hell be pissed that Windows lack of security caused my hardware devices to get factory shipped with a virus on them.

Note that this scenario is supported by TFA: "Joswiak said it was traced to a particular Windows machine in the manufacturing lines of a contract manufacturer that builds the iPods for Apple."

In that context, Apple has every right to be irritated. Either way though you're right, it's a pretty stupid PR move to make a comment like that. They should just apologize, fix the problem, and move on.

Re:

[ben there...]

Imagine a bank saying "Whoops! We lost all your money. It's the Windows ATMs we use. They're to blame for this." Rather than accepting responsibility for their processes and systems being faulty.

You wouldn't think very highly of that bank that chose an OS that probably wasn't best suited to the job, didn't bother to secure it, then didn't even bother to have the QA processes in place to catch it when something seriously goes wrong. And yet they're blaming the supplier of the OS they chose to use on the prod

Uhh, What?

[aweraw]

I'm not one to try and defend Windows security with a straight face, but this is apples fault for shipping infected ipods. They failed to protect their customers, regardless of windows lack-lustre security

Re:Uhh, What?

[linuxmop]

Infected is right. These iPods are Apple's smallpox blankets to Microsoft's American Indians.

Re:Uhh, What?

[Pharmboy]

Nice example. And Apple is laying partial blame on the Indians for not having an immune system capable of fending off smallpox.

Windows Security?

[AvitarX]

If I just distributed a device with a virus on it I would not be throwing stones at the security practices of another company.

Holy appropriate analogies Batman!

[Lactoso]

"If I just distributed a device with a virus on it I would not be throwing stones at the security practices of another company."

Especially not when you live here [com.com]...

Trying to push the blame to Microsoft

[Duk]

From the site (emphasis mine):

As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

Wow...trying to deflect some of the blame, huh?

Re:Trying to push the blame to Microsoft

[Skippy_kangaroo]

From the site (emphasis mine):

As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

Hardly a whitewash.

secret weapon

[wardk]

and this is why in the long run, apple wins? Simply because MS can't do anything like this back to Apple.

those apple people are genius'

Re:secret weapon

[nwbvt]

"Simply because MS can't do anything like this back to Apple."

Sure they can. Ship a version of MS Word with a virus embedded that targets Macs (yes they do exist, though the small market share makes them much less common). And if they are willing to bring back the Mac Internet Explorer, they can 'accidentally' leave open a security flaw that allows even more viruses in.

I think MS wins hands down as one of Apple's main selling points is that fewer viruses are written for Macs than for Windows. But the more stories that break that include the words "Apple" and "Virus" in the headline, fewer people will believe that and just stick with Windows (yes we can hold out hope that they will move to Linux, but I wouldn't bet on it).

The conspiracy theorist in me suggests....

[Hamster Lover]

The conspiracy theorist in me suggests that this was not "accidental" and is simply Apple's way of grandstanding on the topic of Windows security.

While I realize this was just an accident, there are probably conspiracy theorist wack jobs out there that are formulating a hypothesis that the second gunman in the grassy knoll was programed to kill JFK through a virus implanted on his iPod that induces hypnontic suggestion and time travel.

This sounds a bit suspicious...

[msauve]

"it was traced to a particular Windows machine in the manufacturing lines of a contract manufacturer " and "Very few units actually went through that particular station"

Why is a Windows machine ever connected to an iPod during manufacturing? I'd think for a high volume product like the iPod, there would be dedicated disk duplicators to format/populate the drives, and testing would likewise be done with purpose-designed hardware. Using a Windows PC to do either seems like a crude, inefficient way to do things.

Re:

[The Warlock]

Some Windows PC needs to make the initial disk image for Windows-formatted iPods. This one was either compromized or deliberately planted the virus. I'm betting on the former, but this is in China, after all.

Re:

[kilgortrout]

Labor saving devices like you describe mean nothing in a country where you can pay someone 5 cents an hour to do the grunt work of duplicating and checking disks.

Re:This sounds a bit suspicious...

[Adam9]

QA?

Re:This sounds a bit suspicious...

[wetpantsclub]

They would use Macs but they are too expensive. ;)

Re:

[UnderCoverPenguin]

Some of my clients are manufacturers of electronic control devices. Nearly all of the testing machines are run by commodity PCs, either Windows or Linux - usually Windows. Years ago, they did use purpose built computers, however, the price of PCs has plunged relative to the alternatives.

Disk images, that's why

[Moraelin]

Dunno about Apple, but if I were mass producing those things, I would _not_ build the thing empty, connect it to a Mac by hand, transfer the stuff to it slowly via Firewire, etc. That kind of "let's connect a cable, launch this handy application and click here to transfer the files" is ok for a mom-and-pop shop, but when you're mass producing stuff you just want to shave the last penny off the manufacturing costs.

So the way it's done is you take the working prototype, make an image of its hard drive, and wr

Upset with Windows?

[entrylevel]

As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

I own an iBook. The Apple IIe was my first computer (unless you count a breadboard, some dip switches, and two numeric LED displays). I own Apple stock. I think Mac OS X is the bees knees.

That said, Apple needs to take their collective heads out of their asses. If an executable shell script was "accidentally" included as simple as:

#!/bin/sh
rm -rf /

You need to ma

Re:Upset with Windows?

[Anonymous Coward]

There is no such thing as autorun on OS X. If you really have managed to get a script to run automatically as soon as the volume that contains it is mounted, you are exploting a bug somewhere. Please file a bug report.

Re:

[entrylevel]

I'm sorry, you are absolutely correct. I had this set up for so long I forgot what I did: Folder Actions. My face is red!

I still think the thinly-veiled insult is uncalled for when Apple directly creates a security risk.

Re:Upset with Windows?

[mincognito]

Your script will not propogate itself; will not use up my computer's resources; will not open a backdoor to allow others access to my information, bandwidth and/or processor cycles. How come people always cite an unintended "rm -rf /" as the most terrifying and catostrophic event ever? I backup my data. I'd rather suffer your script than have an undetected MS virus, worm or rootkit.

Re:

[prockcore]

Your script will not propogate itself

His wont, but there's nothing special about the MachO file format that prevents viruses from hooking themselves onto the front of an application.

Let me put it this way, every single application inside your Applications folder can be modified by the primary user without any password dialogs or anything.

It is very possible to write a virus, attach to some shareware program, and when you ran it, it would infect every OSX application you have installed. Then everytime you r

Worst...apology...ever

[BeeBeard]

From the article:

"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it," Apple said on its site.

(emphasis added)

It's nice that they're "upset with themselves for not catching it" in the last part of that statement, but what's that first part in bold all about? Oh yeah, it's the part where they shirk complete responsibility for this by half-blaming Microsoft for the virus Apple introduced in its own hardware. It's the most half-assed way of apologizing imaginable.

In other news, rapists who blame their victims will now be in charge of issuing Apple's PR statements on their website.

Exploiting process weaknesses...

[mithran8]

What I find interesting is the potential for this type of distribution to be the vector for a zero-day exploit.

Imagine the scenario: an unscrupulous individual happens across an unannounced vulnerability, and develops an exploit. Rather than building it into a worm/botnet replication mechanism, he finds a way to load it onto a consumer electronics device (mp3 player, flash drive, camera, etc) and lets the well-established merchandise distribution network take it from there. Weeks/months later, at a predetermined time, an attack can be launched simultaneously from hundreds/thousands of locations, and we have a nasty problem on our hands.

load of crap

[Bonewalker]

Jeez, Apple does things so much better and so much more secure than Windows.

Cue the wavy-dream-sequence-announcing-television animation....

Somehow, in an economic fluke, the Apple II flourishes and paves the way for a GUI operating system code-named..OS I. Incredibly, as years go by, Microsoft remains a niche player in the market, known mostly for its creative pieces of software, and Apple owns 98% of the desktop scene.

Even more incredible is how much smarter the Apple devs are than any alternate univ

Re:

[Bonewalker]

Of course its about designing security into the system, but if you don't think that Windows gets hacked the most because of marketshare, you are naive. There is a reason that Macs and Linux have little to no virus activity and it ain't because their developers are so superior. They have had the example of Microsoft's experience to learn from and attempt to prevent. But, I guarantee you if some judge forced Microsoft to shut it doors, and the world turned wholesale to Macs or whatever else, those new operati

Re:

[Grishnakh]

Well, considering that Linux has the majority of web sites according to Netcraft, it's certainly not a "minor player".

But even so, you and your cohorts still haven't addressed the fact that there are NO viable viruses or other serious malware for the Linux or Mac platforms. With 10% marketshare between them, you'd think someone would bother to make one, just to prove it can be done. I haven't seen it yet. Your argument is all about "marketshare", but you have yet to name a single attack vector that can b

If they're making products for use with Windows...

[ChodeMaster]

If apple are going to make products for use with windows, then it is their responsibility to ensure that those products don't contain virii for windows systems. Suggesting that the virus being present in their product that they're shipping (regardless of the susceptibility of Windows to that virus) is the fault of Microsoft is passing the buck in a most horrible way.

The simple fact is that they choose to make their device work with Microsoft Windows systems, and they are damned sure responsible for ensuring that their device will not cause problems with those systems, regardless of the flaws or vulnerabilities of Microsoft systems.

I quite like Mac hardware and software, and have previously been glad that they may be gaining market share, but frankly if they are going to continue to market themselves by making stabs at Microsoft (and no I'm not suggesting the virus was placed intentionally), rather than by marketing their products' strengths and features, I'm not so sure I will continue to feel the same way.

maybe that's why they blame themselves...

[YesIAmAScript]

"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."

They blame Windows, but they blame themselves more.

How is this passing the buck?

Fair's fair

[Weaselmancer]

Microsoft should ship each Zune with a Mac virus.

iTunes

[Jeebos]

I know iTunes is a crappy application (on Windows), but I don't know if I'd go so far as to call it a virus...

Re:

[voice_of_all_reason]

...like, that puzzle game with the apple logo! I beat it, but it's still fun...

And also cue the...

[twoallbeefpatties]

...anti-Apple hateboys taking preemptive strikes at Apple apologists that haven't even spoken up yet. Welcome to another fun-filled Apple thread at Slashdot.

Re:

[kalidasa]

It's a Windows virus, and Apple eats their own dogfood; and the article says it happened at a subcontractor.

Re:Cue the...

[bcat24]

But in the end, it's an Apple product and Apple is responsible. Sure, mistakes happen, and they did apologize, I'll give you that. The little jab at Microsoft was completely uncalled for, though. It makes Apple look far worse in my eyes than the accident did in the first place.

Re:Cue the...

[sl3xd]

I'd prefer to think along the lines of "why you can't get anybody at Apple to care." It doesn't affect Macs, after all.

Still, it does give food for thought. I can easily see it as an act of malice as much as a QA failure.

I recall a *brand new* Sandisk flash drive that loaded & installed its own software (including Skype, its own little menu system, utilities, etc.) onto my computer the moment I plugged it in.

How much would it be worth to a spammer/botnet group to infect the image that gets copied to all these devices? Enough to pay sufficiently large sums of money to subvert employees at the manufacturing plant?

It's still inexcusably sloppy of Apple, but my real concern isn't in the companies involved: It's that it will likely happen elsewhere as well. Flash drives, DVD's with 'extended' PC content... stuff like that.

Anywhere media with readable content is replicated can be a vector for viruses.

Re:Cue the...

[Sancho]

Inexcusable? Hardly. It would certainly be inexcusable if they didn't take action here, but for a simple mistake? I think everyone is overstating how big a problem this is.

And before people start saying, "Well if it was Microsoft, we'd be jumping down their throats about this!" consider that Apple isn't exactly a company with a long history of security flaws [microsoft.com].

I do think that the statement "As you might imagine, we are upset at Windows for not being more hardy against such viruses" is absurd. If there /were/ widespread viruses for Apple, they'd likely be just as problematic. The only thing that 'hardens' Apple against viruses, other than obscurity, is the fact that users don't run as Admin by default, so they have to type in their password for the virus to do any significant damage. Since we're training users to do this, it seems likely that a virus would still be able to wreak havoc on a Mac. We'd just call it a trojan, first.

I guess Autorun on by default is another flaw in Windows, but I wasn't aware that USB devices would autorun by default. Are iPods presenting themselves as CDRoms now?

Seriously. People look at a company like Apple and they imagine that there's some middle-aged guy in a turtleneck personally checking every iPod and somehow he slipped up and missed this. Nope. It's some grunt in a factory somewhere trying to meet a quota, and of course they're going to cut corners. Apple hasn't screwed up yet--we'll have to see how they handle this situation to find out whether their actions are "inexcusable."

Getting people to care

[caitsith01]

I'd prefer to think along the lines of "why you can't get anybody at Apple to care." It doesn't affect Macs, after all.

True enough. They should care though, they like to pitch themselves as the 'good' computer company and this little effort is hardly better than the Sony rootkit debacle writ small.

I am just wondering how things would go around here if the situation were reversed - like if a Microsoft product came preinstalled with some software that caused damage to OSX systems. Something tells me that th

Re:

[AmberBlackCat]

Because this is Slashdot and everything is China's fault.

nah, this has happened before

[User 956]

iPods Come Complete With Windows Virus

It's not an outsourcing problem, because a lot of people are also reporting this "Windows" virus showing up on their mac when they run the BootCamp installer.

Re:nah, this has happened before

[buswolley]

ITs great. Apple blames Windows for the Virus...but who put it on th ipod?

Re:

[Barny]

Yes, much of the problems associated with protecting a windows machine can be fixed by "trusting" and "not trusting" (well duh), firewall and not running any old downloaded code or plugging anyones storage in negates the need for a virus scanner, the problem here is that apple, a "trusted" source, has failed to protect themselves and us.

I say buy one, find the virus, install it on all your PCs (make sure you have lots of "important documents"... read: porn) and then sue sue sue their excuse makeing arses of

Re:

[dknj]

please note it was a contract manufacturer. which means apple probably didn't regularly (if they even did) audit them. which means this COULD have been deliberate along with the possible theory of a random infection

Re:

[Fordiman]

Still, this is a case in which the use of a non Microsoft system for pre-loading the iPods would be the appropriate solution at the manufacturing end. Since all that's needed is the ability to create and write to a FAT32 filesystem, I don't see why Linux isn't used; it can even be done automatically on a headless machine that does the loading upon USB insertion.

Re:twitter, please read this

[skarphace]

Still, this is a case in which the use of a non Microsoft system for pre-loading the iPods would be the appropriate solution at the manufacturing end. Since all that's needed is the ability to create and write to a FAT32 filesystem, I don't see why Linux isn't used; it can even be done automatically on a headless machine that does the loading upon USB insertion.

How do you know this is what the machine was used for? Maybe it was used as a QA/Testing machine to make sure the iPod works with all systems. Fact is, you don't know.

Re:

[Em Adespoton]

Personally, I think the main suspect would be a platypus in a devil suit. Someone like that is _bound_ to be up to no good....

Re:

[Lemmy Caution]

No. There is no defense against an executable installed by a trusted vendor. If a virus gets installed due to user action - connecting an iPod, for example - and the user agrees to whatever official-looking prompts the installation creates, there is no reasonable security model on earth that can prevent the malicious code from running.

The "rm -rf /" example above is a straightfoward example.

Apple is completely, unilaterally responsible, just like Sony was responsible for the CD rootkit cock-up.

Re:

[mlwmohawk]

AFAIK, We are not talking about an install procedure, but the disasterous "autorun" with the ever so common "Administrator" privilages.

Umm...

[Poromenos1]

*Guy 1 sends letter with anthrax*
*Guy 2 opens said letter*
Guy 2: Oh no! Now I have anthrax!
Guy 1: HAHA IF U WERE A ROBOT THIS WULDNT HAPPEN. UR LAME.

Re:

[brkello]

Then why is Apple using it? Your OS is as secure or insecure as you make it. If Apple knows what they are doing, why weren't they more secure? They are just trying to spin it. Just like Republicans trying to spin Foley's attraction to pages as something the Democrats kept secret to release during election time....only people with heavy bias will fall for it. If you make a mistake, admit it and do what you can to rectify the situation.

Re:

[Toby_Tyke]

Congratulations. That's the most ignorant comment I've read in this thread so far, and let me tell you, it's up against some pretty stiff competition.

From the McAfee site linked to in TFA:

Infection occurs when a removable storage device or a mapped drive hosting a copy of W32/Rjump.worm is accessed and the user agrees to the auto run prompt for execution of the worm.

Yes, that's right, you have to agree to install the dammed thing. Now, if you plug an MP3 player into your computer and it prompts you

Re:How is it Possible to be Elitest AND Stupid?

[Grishnakh]

That's like MacDonald's importing meat infected with Mad Cow Diease, then blaming the FDA for not catching it.

Bad analogy. It's like McDonald's (no a) selling burgers infected with MCD, and then blaming the humans for being vulnerable to it. Except that unlike humans in the real world (who are all susceptible to MCD), the humans in this crazy analogy universe have a choice between different bodies: one that's not only vulnerable to MCD, but every other disease out there, and has to be constantly immunized against them, and even then performs terribly, stops breathing and loses conscienceness occasionally, and is ugly to boot; and a few other bodies that are naturally immune to every known disease, are stronger and live much longer, don't need sleep, and are very attractive. Only the idiots who chose the ugly, disease-infested bodies get MCD so McDonald's justifiably tries to assign them some of the blame for making a bad choice.

Re:

[astrosmash]

So it's really not about platform security but about platform popularity. If Mac had the same market share as Windows we'd see a Mac worm in this case now.

Well, not really. OS X doesn't have any sort of Autorun functionality like Windows, so it's far, far easier to write a simple worm like this one on Windows and have it be effective. You could write one for OS X, but it would never get executed automatically; hardly a worm.

Also, that fact that it's a python script doesn't say anything about its portab