Slashdot Mirror
iPods Come Complete With Windows Virus
kaufmanmoore writes "Cnet is reporting that some video Ipods made after September 12th have the RavMonE virus loaded onto it. In Apple's announcement they take a swipe at Windows security and encourage Windows users to install anti virus applications."
Apple's products are made (and to some degree, designed) in China just like everybody else's. I wonder how many other memory products (that is, USB mass storage devices) have similar issues.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Now I come to think about the PC guy in the Mac commercials who whines about viruses on Windows systems. Steve Jobs is so keen on pointing out that Mac is free from viruses (and Windows is not), but this blunder has got to shut him up about that for a while.
Full Tilt
Apple is selling ipods with a virus on them and they're taking it as an opportunity to bash Microsoft??
I'm sorry, but that just seems ass backwards to me. This one is not Microsoft's fault, and I hope people realize that.
Everything I need to know I learned by killing smart people and eating their brains.
I'm not one to try and defend Windows security with a straight face, but this is apples fault for shipping infected ipods. They failed to protect their customers, regardless of windows lack-lustre security
5468652047616D65
If I just distributed a device with a virus on it I would not be throwing stones at the security practices of another company.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Wow...trying to deflect some of the blame, huh?
-Hey! Whatcha lookin' at fool? -The Duk
Could this have been on purpose? No, but a what a great way to get people to switch to Macs.
GENERATION 27: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
and this is why in the long run, apple wins? Simply because MS can't do anything like this back to Apple.
those apple people are genius'
The class of Apple to complain about Windows being susceptible to viruses that Apple Quality Control fails to catch. Maybe Apple QC should install AV as well when they develop for windows?
...like, that puzzle game with the apple logo! I beat it, but it's still fun...
The conspiracy theorist in me suggests that this was not "accidental" and is simply Apple's way of grandstanding on the topic of Windows security.
While I realize this was just an accident, there are probably conspiracy theorist wack jobs out there that are formulating a hypothesis that the second gunman in the grassy knoll was programed to kill JFK through a virus implanted on his iPod that induces hypnontic suggestion and time travel.
I personally think companies should be liable if they release a product with a virus on it. Virus are so common these days that you'd think one of the final checks on any device with a FS is a virus scan.
Seems rather cheap of Apple to use their blunder as an 'opportunity' to throw stones at Microsoft. Their quote was "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."
... but then, I've been accused of being a conspiracy theorist before.
Wouldn't someone at Apple have at least run a quick MS virus scan for a device that is intended for use by PCs as well? I wouldn't be surprised if an engineer or two 'overlooked' the virus before shipping
Crack - Free with every butt and set of boobs
"it was traced to a particular Windows machine in the manufacturing lines of a contract manufacturer " and "Very few units actually went through that particular station"
Why is a Windows machine ever connected to an iPod during manufacturing? I'd think for a high volume product like the iPod, there would be dedicated disk duplicators to format/populate the drives, and testing would likewise be done with purpose-designed hardware. Using a Windows PC to do either seems like a crude, inefficient way to do things.
"National Security is the chief cause of national insecurity." - Celine's First Law
As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.
I own an iBook. The Apple IIe was my first computer (unless you count a breadboard, some dip switches, and two numeric LED displays). I own Apple stock. I think Mac OS X is the bees knees.
That said, Apple needs to take their collective heads out of their asses. If an executable shell script was "accidentally" included as simple as:
#!/bin/sh
rm -rf /
You need to make it autorun (I won't tell you how, but it can be done, and is quite handy for non-malicious uses). No antivirus software would detect this, no Windows machines would be affected, and every Mac you plugged that iPod into would be royally fucked, even if not run as root.
Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
...anti-Apple hateboys taking preemptive strikes at Apple apologists that haven't even spoken up yet. Welcome to another fun-filled Apple thread at Slashdot.
Libertarians somehow believe that private businesses should be stronger than governments but weaker than individuals.
(emphasis added)
It's nice that they're "upset with themselves for not catching it" in the last part of that statement, but what's that first part in bold all about? Oh yeah, it's the part where they shirk complete responsibility for this by half-blaming Microsoft for the virus Apple introduced in its own hardware. It's the most half-assed way of apologizing imaginable.
In other news, rapists who blame their victims will now be in charge of issuing Apple's PR statements on their website.
It's a Windows virus, and Apple eats their own dogfood; and the article says it happened at a subcontractor.
I'm amazed that Apple doesn't have more of a hand in the manufacturing of iPods, even by third party vendors. I'd think they'd provide Macs for them to use for whatever steps require home computers (of the type that might be susceptible to viruses), rather than let them use Windows machines. If only for the reason that Macs are less likely to transmit HIV (Hidden iPod Visuses) to their customers.
"Even pirates like chocolate chip cookies." www.youtube.com/musecast5
What I find interesting is the potential for this type of distribution to be the vector for a zero-day exploit.
Imagine the scenario: an unscrupulous individual happens across an unannounced vulnerability, and develops an exploit. Rather than building it into a worm/botnet replication mechanism, he finds a way to load it onto a consumer electronics device (mp3 player, flash drive, camera, etc) and lets the well-established merchandise distribution network take it from there. Weeks/months later, at a predetermined time, an attack can be launched simultaneously from hundreds/thousands of locations, and we have a nasty problem on our hands.
An object at rest cannot be stopped!
Cue the wavy-dream-sequence-announcing-television animation....
Somehow, in an economic fluke, the Apple II flourishes and paves the way for a GUI operating system code-named..OS I. Incredibly, as years go by, Microsoft remains a niche player in the market, known mostly for its creative pieces of software, and Apple owns 98% of the desktop scene.
Even more incredible is how much smarter the Apple devs are than any alternate universe where, say, Microsoft would be in their position, and despite the efforts of all the l33t haxxors out there, Apple's products, now up to OS X, remain completely virus free. Who'd a thunk it?
I'd like to see Apple own even 75% of the market share and not have major issues with viruses and those who write them. It is easy to sit back and take pot shots at the leader when you are a very distant, distant second place runner in the game. If only those devs at Apple had been smart enough to create something better than Windoze back in the early 90's, they might find themselves in a similar situation.
Bad form, Apple, or should we change your name to Sour Grapes?
That's like MacDonald's importing meat infected with Mad Cow Diease, then blaming the FDA for not catching it.
So Apple tells us that Wiindows isn't safe enough for basic home users to run, but they use it on a computer that's responsible for mass producing their products? You can't be serious.
iPods Come Complete With Windows Virus
It's not an outsourcing problem, because a lot of people are also reporting this "Windows" virus showing up on their mac when they run the BootCamp installer.
The theory of relativity doesn't work right in Arkansas.
The last line in their official announcement takes the swipe, and I agree it's wholly inappropriate when this is their fault.
"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it." http://www.apple.com/support/windowsvirus/
DRM = Digitally Restricted Media. This is a viral sig, pass it on.
No. There is no defense against an executable installed by a trusted vendor. If a virus gets installed due to user action - connecting an iPod, for example - and the user agrees to whatever official-looking prompts the installation creates, there is no reasonable security model on earth that can prevent the malicious code from running.
/" example above is a straightfoward example.
The "rm -rf
Apple is completely, unilaterally responsible, just like Sony was responsible for the CD rootkit cock-up.
*Guy 1 sends letter with anthrax*
*Guy 2 opens said letter*
Guy 2: Oh no! Now I have anthrax!
Guy 1: HAHA IF U WERE A ROBOT THIS WULDNT HAPPEN. UR LAME.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
I'd prefer to think along the lines of "why you can't get anybody at Apple to care." It doesn't affect Macs, after all.
Still, it does give food for thought. I can easily see it as an act of malice as much as a QA failure.
I recall a *brand new* Sandisk flash drive that loaded & installed its own software (including Skype, its own little menu system, utilities, etc.) onto my computer the moment I plugged it in.
How much would it be worth to a spammer/botnet group to infect the image that gets copied to all these devices? Enough to pay sufficiently large sums of money to subvert employees at the manufacturing plant?
It's still inexcusably sloppy of Apple, but my real concern isn't in the companies involved: It's that it will likely happen elsewhere as well. Flash drives, DVD's with 'extended' PC content... stuff like that.
Anywhere media with readable content is replicated can be a vector for viruses.
-- Sometimes you have to turn the lights off in order to see.
.... ... }
int main (void) {
AFAIK, We are not talking about an install procedure, but the disasterous "autorun" with the ever so common "Administrator" privilages.
Then why is Apple using it? Your OS is as secure or insecure as you make it. If Apple knows what they are doing, why weren't they more secure? They are just trying to spin it. Just like Republicans trying to spin Foley's attraction to pages as something the Democrats kept secret to release during election time....only people with heavy bias will fall for it. If you make a mistake, admit it and do what you can to rectify the situation.
Support a great indie game: http://www.abaddon360.com
Because this is Slashdot and everything is China's fault.
Wow, hes taking a shot at windows security? Microsoft may have released some pretty insecure code in the past, but it looks like Apple is the first to actually ship a product with a virus preinstalled.
Mac OS X does not have a straightfoward AutoRun function, but that is beside the point. (Safari does, and apparently there are ways to do the equivalent of Autorun in Mac OS X, but I don't know what it is, so we'll leave that aside.)
The distinction is irrelevant. If, on a Mac, you get an application on a CD from a trusted vendor and that application asks for administrative rights, you'll do it - just like a Windows user will trust the AutoRun (or at least the Setup.exe) from a trusted vendor. If that vendor screws the pooch, it is not the OS' fault.
Ludwig Wittgenstein
The iPod is probably tested at Apple, using Apples, how could they know that a Windows box would be at risk?
If Windows wasn't so brain dead, this wouldn't even be a problem.
if it made sense. The article specifically stated, and I quoted: "Very few units actually went through that particular station"
If the virus were on a PC used to make a master image, one would expect very many units to be affected.
"National Security is the chief cause of national insecurity." - Celine's First Law
Even apple needs windows to make their products. Appearently they are using windows machines to image their ipod OS. L O (freaking) L!!!!
"Joswiak said it was traced to a particular Windows machine in the manufacturing lines of a contract manufacturer that builds the iPods for Apple. The company declined to name the maker. "
Seriosuly, what a bunch of crap they are not taking full responsibility. This is MS's fault.
""As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it," Apple said on its site. "
If apple are going to make products for use with windows, then it is their responsibility to ensure that those products don't contain virii for windows systems. Suggesting that the virus being present in their product that they're shipping (regardless of the susceptibility of Windows to that virus) is the fault of Microsoft is passing the buck in a most horrible way.
The simple fact is that they choose to make their device work with Microsoft Windows systems, and they are damned sure responsible for ensuring that their device will not cause problems with those systems, regardless of the flaws or vulnerabilities of Microsoft systems.
I quite like Mac hardware and software, and have previously been glad that they may be gaining market share, but frankly if they are going to continue to market themselves by making stabs at Microsoft (and no I'm not suggesting the virus was placed intentionally), rather than by marketing their products' strengths and features, I'm not so sure I will continue to feel the same way.
The FDA is reporting that some of Apple's produce shipped after September 12th as having the E. coli bacteria. In Apple's announcement they take a swipe at Intelligent Design, "As you might imagine, we are upset at God for not making human beings more hardy against such bacteria and viruses, and even more upset with ourselves for not catching it."
If I run into a customer who gets this virus from their new iPod, I look forward to making $75 per hour as an expert witness when they sue Apple.
Especially not when you live here...
You are wrong, it is not on the install CD, it is on the memory system of the unit. Which should not be a "trusted" source of binary programs.
Windows is STUPID in that (1) It autoruns any new storage device and (2) To use Windows effectively you have to have administrator privilages. This is the biggest and most bogus security lapse in the history of computers.
Apple probably didn't even know this virus was there because they probably do QA on Macintoshes and not Windoze machines.
Will the virus reinfect the Windows PC each & every time the IPod is connected
to the PC?
i.e. if the first time I connect the IPod to the PC, I get infected & then I clean
the PC with some antivirus - is that good enough? Or will that happen everytime?
How about you check your stuff too? Look at the subject line. Yes, there are two periods there. Is that supposed to be a period or an ellipsis (dot-dot-dot)? Turn on your auto-correction, dammit!
Inexcusable? Hardly. It would certainly be inexcusable if they didn't take action here, but for a simple mistake? I think everyone is overstating how big a problem this is.
/were/ widespread viruses for Apple, they'd likely be just as problematic. The only thing that 'hardens' Apple against viruses, other than obscurity, is the fact that users don't run as Admin by default, so they have to type in their password for the virus to do any significant damage. Since we're training users to do this, it seems likely that a virus would still be able to wreak havoc on a Mac. We'd just call it a trojan, first.
And before people start saying, "Well if it was Microsoft, we'd be jumping down their throats about this!" consider that Apple isn't exactly a company with a long history of security flaws.
I do think that the statement "As you might imagine, we are upset at Windows for not being more hardy against such viruses" is absurd. If there
I guess Autorun on by default is another flaw in Windows, but I wasn't aware that USB devices would autorun by default. Are iPods presenting themselves as CDRoms now?
Seriously. People look at a company like Apple and they imagine that there's some middle-aged guy in a turtleneck personally checking every iPod and somehow he slipped up and missed this. Nope. It's some grunt in a factory somewhere trying to meet a quota, and of course they're going to cut corners. Apple hasn't screwed up yet--we'll have to see how they handle this situation to find out whether their actions are "inexcusable."
So now you can get a free McVirus when you buy an iPod or a Big Mac Menu?
As article mentioned, both come from Asia, due to an infected assembly machine running Windows (probably the one that formats the keepers of the data)
Custom electronics and digital signage for your business: www.evcircuits.com
It doesn't sound so difficult to get it right.
Covering for one's incompetence by blaming the competition is a way of life in business. It's just that in this particular case this widely-accepted practice is likely to backfire. Apple's attempt to blame its lack of quality control and questionable production practices on Microsoft is as hollow as it is ridiculous. I never owned an Apple computer or any other Apple gadgets. They do look nice at the local Microcenter, though. My poor student days are a distant past now, so the issue here is not the cost of Apple toys. I know Apple enjoys a near-religious following from its user base. I see no objective, technical reasons for that. I find Apple users glorifying their overpriced hardware more disturbing then Scientology nuts knocking on my door at ten o'clock at night. It seems that this kind of insanity permeated to the very top of Apple's corporate structure, causing the kind of imbecilic damage control efforts we see today.
Even ignoring the fact that farmers are directly responsible, it' still insane to blame the FDA. Agencies like the FDA are used as a fail safe - the final safety net to catch problems. The farm that breeds the cows could easily test for illnesses and disease. The slaughter houses or manufacturing plant can catch diseases. McDonald's being the multi-billion corporation that is could easily have the meat inspected when it arrives in the country. The meat passes through all these checkpoints, giving companies like McDonald's several opportunities to catch the problem. Instead, you chose to blame an agency that's responsible for millions of tasks and millions of companies. I really don't see the logic there.
Did anyone else read the headline as a Ramone virus and imagine some kind of virus that either deletes all iTunes songs by The Ramones (eep) or brings up a BSOD reading
I wanna be sedated
I wanna be sedated
I wanna be sedated
I wanna be sedated
I wanna be sedated
I wanna be sedated
I wanna be sedated.................
Every time you launch iTunes
When the posters fear their moderators, there is tyranny; when the moderators fears the posters, there is liberty.
You keep using that word. I do not think it means what you think it means.
Integrate Keynote and LaTeX
Isn't this virtually the same thing as what we'd call an asymptomatic virus carrier in biology? If so, it furthers the notion of computers as an analogy for biological systems and vice-versa.
It's utterly inexcusable for Apple to take potshots at Microsoft when Apple is the one who is completely at fault.
And regardless of who's fault it is that Windows isn't secure, the question is who's in charge of IT at this factory? Is it normal to allow foreign machines on a production network? I hope not. So how did this virus even get on the network?
And if Windows isn't secure, then why is Apple using equipment that runs Windows. The last time I checked, they have a fairly decent OS of their own.
And one last thing, if all that you are doing is uploading an image to flash, then a frickin Sinclair would do the trick. Apple need not rely on Microsoft products at all.
Apple is coming off as not giving two shits about spreading a virus to their competitors equipment, and that's just wrong.
And before I get called a Windows whoreboy, I'd like it be known that in actuality I'm a linux whoreboy. I just wanted to clear that up.
"I'm sorry I ran into that guy back there officer, but this car is brain dead. Can you believe it? Wow. Can I go now?"
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Mistakes happen in commercial software, everyone knows that. I think what galls people on here isnt the mistake so much as it is their attempt to blame it on Microsoft.
You know that guy who screws something up on his computer and then starts swearing about Microsoft when it was clearly his own fault? Apple is being that guy right now.
Apparently this particular virus makes it impossible to safely remove the iPod. That ought to make it easier to identify -- or would if people didn't just unplug it, anyway.
But in the end, it's an Apple product and Apple is responsible. Sure, mistakes happen, and they did apologize, I'll give you that. The little jab at Microsoft was completely uncalled for, though. It makes Apple look far worse in my eyes than the accident did in the first place.
As stupid as Windows is(I'm not a fanboy by any means), most of the semi-smart users will simply turn autorun off and that solves that dilemma. And last I recall, it will ask you the first time you insert a disk if you want Windows to autorun it.
0x09F911029D74E35BD84156C5635688C0
"If Windows wasn't so brain dead, this wouldn't even be a problem."
The same could be said of Apple in this situation, don't you think.
0x09F911029D74E35BD84156C5635688C0
Microsoft should ship each Zune with a Mac virus.
Weaselmancer
rediculous.
First, let your customers know there is an issue.
Then, reach out to the affected customers. Do what's necessary to help them out. Even if that means giving them free AV software (in this case).
Then, reach out to all your current and future customers. Help them feel assured that the issue is well in hand, and that real processes are in place to prevent future/similar subsequent events.
While doing the above, carefully analyze the process, fix it, do a post-mortem on the issue, then test, test, test, test.
Then, worry about marketing.
A Passionate Independent Musician
This is still Apple neglecting to take FULL responsibility for their actions. Jobs knew that grouping Windows in with themselves it would initiate this kind of debate. It's the same as a back-handed compliment. It's you apologizing for stealing money I left out in the open and following with, "but you should have hidden it". One shouldn't leave valuables exposed, and Windows should be more resilient, but the real cause of this is some problem(s) along the way in Apple's development process. I don't care if the virus got there from an assembly plant in China or the PC next door. When I purchased my Ipod I was purchasing from Apple and it's their brand to protect. I'm responsible for the product after it gets on my doorstep but they're responsible for everything in between. That should be my privilege for spending $299.
The virus is written in Python and converted to Windows executable by standard python tool. I'd imagine it is easy to convert it to a Mac executable as well.
So it's really not about platform security but about platform popularity. If Mac had the same market share as Windows we'd see a Mac worm in this case now.
I think that what you meant to say "If they're making products using Windows...", then they better god damn well police thier Chinese subcontractors every day of every year to make sure that thier test technichans do not have administrator accounts on the production line machines with email access.
Exactly. It's a fundamental aspect of manufacturing with PC's and many, many companies do it successfully every day.
Had it been Dell, they would have been laughed at for the virus and ridiculed for passing the blame (and rightfully so). Apple should be treated no different.
``If apple are going to make products for use with windows, then it is their responsibility to ensure that those products don't contain virii for windows systems''
Tell that to all the companies that include malware in their software for Windows.
Please correct me if I got my facts wrong.
Don't get me wrong, I'm a Windows fan but I would argue to Microsoft that they should seriously take viruses and security into strong consideration, you can't really blame Apple for this because they don't have viruses hence they don't have anti-viruses, it's just ironic.
Here is the best part from Apple's response:
"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."
LOL
I wish such companies would do so, but it's no defence for Apple.
Sure, the other companies intend to spread the malware, whereas Apple did not intend to spread the virus, but the other companies don't try and defend their actions by saying 'its not our fault, blame Microsoft for letting us do it' which is what Apple appears to be doing.
...that Apple adopted the Intel platform; But to now start supporting functionality in Windows without supporting those same features in Mac OS X, is just unacceptable! :-(
Actually it was a Small Number of them and it is a trojan http://gavilan1010.wordpress.com/2006/10/17/small- number-of-ipods-shipped-with-windows-trojan/
I'd prefer to think along the lines of "why you can't get anybody at Apple to care." It doesn't affect Macs, after all.
So would you say that the majority of iPod sales are for Mac users? That the amount of iPods sold to be used on Windows represents such an insignificant amount of income to Apple that they don't care?
Sometimes my arms bend back.
Now I don't know what I think about them installing the virus on there if they did it knowingly. (Which I'll entertain bets that it was.)
But I have to give them cudos for managing to appologize AND make an insult all in one go. From their support page:
"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."
PS: I don't reply to ACs.
I'd prefer to think along the lines of "why you can't get anybody at Apple to care." It doesn't affect Macs, after all.
True enough. They should care though, they like to pitch themselves as the 'good' computer company and this little effort is hardly better than the Sony rootkit debacle writ small.
I am just wondering how things would go around here if the situation were reversed - like if a Microsoft product came preinstalled with some software that caused damage to OSX systems. Something tells me that the mob with torches, pitchforks and turtlenecks wouldn't be storming Apple's headquarters...
Read Pynchon.
at least two are listed here, neglecting the worms.
don't iPods usually come either formatted for Mac? or 'blank? or have those days gone? if not it'll be a manufacturer error, which Apple should be monitoring.
There was an unknown error in the submission.
Uhh. Maybe they should do QA on Windows (in addition to Macs) since the majority of iPod owners run it? If they want to instill the image that the iPod is for Macs only, then their marketshare will take a serious hit.
---- "XML is like violence. If it doesn't fix the problem, you aren't using enough."
The description of OSX.Leap.A.:
The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.
This is not a real virus. It's a hybrid between Trojan horse and a worm. The victim must un-tar the software to find an application disguised as a JPG file with the Preview icon. Then it used iChat to try to spread itself. Though Sophos categorized it as a worm on the account that it tried to spread itself, you actually needed to consciously un-tar and double-click the app. Sophos is selling security solution for OS X and it makes less impact to call this a Trojan horse.
Obviously you have never heard of a 'waiver of liability'. I think that in actual fact Apple are legally responsible for very little.
It's not really acceptable to just say 'hey, go out and buy some antivirus software because the products we sell have viruses'. If I buy a bloody ipod it shouldn't ruin my computer. Though I imagine they have some legal agreement stating that I can't sue for lost data if my ipod destroys my computer...
Autorun is on by default for any drive (floppy disks, cd-rom, dvd-rom, hard drive, Zip or Jaz disks, USB memory sticks, SD cards, CompactFlash, xD) on any interface that supports removable media (IDE/ATAPI, SCSI, USB, Firewire, PCMCIA). That includes iPods, which show up as a disk drive. It's a good idea to turn off Autorun globally.
My other first post is car post.
or is this their revenge
-- I am the NRA, enough said...
Congratulations. That's the most ignorant comment I've read in this thread so far, and let me tell you, it's up against some pretty stiff competition.
From the McAfee site linked to in TFA:
Infection occurs when a removable storage device or a mapped drive hosting a copy of W32/Rjump.worm is accessed and the user agrees to the auto run prompt for execution of the worm.
Yes, that's right, you have to agree to install the dammed thing. Now, if you plug an MP3 player into your computer and it prompts you to ok a software installation, there are only two reasons to agree to do it:
1) You trust the vendor in question, and are happy to install their software, even if you aren't too sure exactly what it is.
2)You really have no idea what this prompt is, you're not too interested either, and you just blindly click ok because you think if you don't you're new toy won't work.
Now, just supposing you were using Linux, and the phrase "click ok" was replaced with "enter root password", what would happen? I'll tell you what would happen. The same people who clicked OK would just tap in their passwords.
The problem here is not windows insecurity. The problem is that a trusted vendor was shipping infected hardware. End of story.
"I realise this is not a very popular opinion but it's the truth, and there for needs to be said" -Bill Hicks
For years my systems have been virus free. Now I plug in my NEW Ipod and I looked into the file system on it and yup there is the virus and yup it has installed itself on one of the non development boxes. Now im forced to check the other boxes to see if damage has been done. It looks like a host of multiple visrses took over the box i hooked up to on the first night when i installed i-tunes and transfered over my old IPod files.
Way to go apple
Who do I send the bill for the clean up to ? Please post it in this thread I'll be happy to send the serial number of my ipod to you for proof.
http://www.microsoft.com/whdc/device/storage/usbfa q.mspx seems to disagree with you.
--- QUOTE ---
Q: What must I do to trigger Autorun on my USB storage device?
The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.
The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request."
--- END QUOTE ---
The content of a number of hits on http://www.google.com/search?q=autorun+usb also imply that USB does not Autorun.
I always configure windows boxes as part of my job and I can ensure you that it does ask you the first time.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
Heh, the last post listed at my threshold, and it's the first one to clearly explain the situation. gj
Im sorry, but 'knowing to run a virus scan' isn't a qualification I would look for when hiring, well, anyone. I would instead look for 'knows to use an OS/platform that isn't inherently vulnerable to these "viruses" you refer to'. Why would anyone using an OSX machine (or in fact anything not made by MS) consider 'viruses' to be a signifigant concern?
And if you think that 'recognizing that a particular OS/platform is an insecure piece of shit, but thinking that the proper solution is that they need to pay for extra "security" software just to keep it from imploding, instead of CHOOSING A DIFFERENT PLATFORM', well, I've got this bridge for sale, cheap. And I would seriously doubt that a majority of Windows users recognize that in the first place.
Personally, I think Windows viruses are evolution in action. The weak getting taken down by disease, while the strong continue on. The more Windows viruses there are the better! And while I would seriously doubt it, I wouldnt blame them a bit if it was intentional.
I would think that Apple would be the absolute last group of people on earth to be pissed about Microsoft's shoddy security model. If Apple is upset about it, I guess that means we've finally reached totality.
I have been looking for the malicious file for quite a while and haven't found it, so I'm still left wondering: .jpg extension? .app file extension. Anyone who actually looked at more than the icon would know it was code, not data.
Does it actually have a
The last "mac virus" I saw discussed on slashdot "pretended to be an mp3, but actually ran code." This pretending meant it was called foo.mp3, but it had the
"The use-mention distinction" is not "enforced here."
I don't know for sure since this wasn't really spreading. However, I'd not be surprised if it has a .jpg name extension. Mac OS X hides .app name extension from users, so foo.jpg.app will be seen as foo.jpg by users and masking it with a Preview icon is simply a matter of copy and paste in the Get Info window. However, most of Mac OS X applications are in the form of bundles/packages, i.e. directories - where the executables and all resource files are kept - that are represented as single files (that's why it was tar-red and gzip-ped). A right click (or control-click) will show "Show Package Content" option, and an ls -l in the Terminal shows drwxr-xr-x. The final damning evidence is that Finder will identify them as Kind: Application.
The mp3 trojan was more sophisticated, IIRC. It played fine using MP3 players (no infection), but it hid the payload in the resource fork which got executed when double-clicked. It was a proof of concept, so there was no major infection.
The plural of 'virus' is 'viruses'. 'virus' is a neuter noun, so its plural is 'vira', not 'viri'. Besides, 'viri' is already taken. It's the plural of 'man', 'vir'.
Go buy a sandisk thumb drive and tell me it doesn't autorun. Oh wait, two people in this thread (ok, i was one of them) have already pointed at this example.. perhaps sandisk isn't marking itself as removable, maybe the ipod isn't either, I have no idea. all I know is that I plugged a sandisk thing in my computer, and random shit got installed on to the computer.
"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."
They blame Windows, but they blame themselves more.
How is this passing the buck?
http://lkml.org/lkml/2005/8/20/95
Sandisk is currently promoting technology called "U3" which is intended to act this way. It /should/ say so on the packaging--if it doesn't, blame Sandisk for changing things.
If the machine has a virus that writes itself to every mounted device, then the damage might have been done after the initialization.
A production machine that's doing the same thing indefinitely doesn't have much reason to go any place it could catch a virus.
please note it was a contract manufacturer. which means apple probably didn't regularly (if they even did) audit them. which means this COULD have been deliberate along with the possible theory of a random infection
I had no idea what U3 was when I bought it, I certainly would have thought it would be opt-in. There was no information I could find that said "OMG We're installing stuff immediately!!eleven", and I went and looked after it did it. I see the U3 logo all over the place, but no information about its nasty behavior. Anyway, is this why the thumb drive doesn't get the proper removable usb icon when I plug it in to the mac? grr. So, in attempts to intentionally screw over (sorry, "help") the windows users, they screwed up the standards that say they really should be broadcasting this bit saying they're removable, and made it not as pleasant on the mac.
I've learned something here, it was bothering me why it didn't have the proper icon, now I know.
>How much would it be worth to a spammer/botnet group to infect the image that gets copied to all these devices? Enough to pay sufficiently large sums of money to subvert employees at the manufacturing plant?
Or maybe even executives. One of my pet nightmares is that some anonymous OEM with microtome-thin margins discovers how much money they can make "bundling" "adware".
Dunno about Apple, but if I were mass producing those things, I would _not_ build the thing empty, connect it to a Mac by hand, transfer the stuff to it slowly via Firewire, etc. That kind of "let's connect a cable, launch this handy application and click here to transfer the files" is ok for a mom-and-pop shop, but when you're mass producing stuff you just want to shave the last penny off the manufacturing costs.
So the way it's done is you take the working prototype, make an image of its hard drive, and write that on every hard drive before it's even assembled into the iPods.
Think, basically, how your IT department doesn't come with a suicase full of install CDs for Windows, Word, etc, for each PC. They just make an image off one workstation and then install that on all others. Much faster.
Same thing here, only more automated.
So if that image was made from a HDD with the virus on it, the assembly line will mindlessly churn thousands of copies of that.
A polar bear is a cartesian bear after a coordinate transform.
I thought it was silly of Apple to poke at Microsoft on this one - until I read that a Windows computer in manufacturing was the cause.
Open season as far as I'm concerned when a computer in a manufacturing plant can get corrupted and then spread a virus via hard drives it is manufacturing. Shouldn't the reaction be to pull all Windows computer from hard drive manufacturing anywhere? Apple is being gentle as far as I can tell.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Hmmm.... I gave you less credit than due. Seems you searched my name amongst the threads. Slashdotters (sp?) are on top of thingst compare to most forums I've visited. I should clarify I'm a n00b compared to youse guys.
You want to know how n00b I am read my slash dot profile I'm updating it after posting this.
Since you were honestly being nice I apologise but the comment was a purposeful dumbass comment with humourous intent. Really who the hell reads the readme files I couldn't care what billion fixes they've done as long as it works.
(Did I spell humour wrong? NO! Wikipedia spells it wrong. it's the canadian way or the highway!)
Hee Hee The drinking bird does all the work!
2006... It's Windows... "My God, it's full of holes!"
There are two rules for success:
1. Never tell everything you know.
No no no, it's like McDonald's giving out USB devices with a trojan on them and... wait a second.
Well to start with...
They didn't blame Microsoft for their failure ....
Aaah yes they did, to quote their statement...
As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.
As for the rest of what you said I suppose you'll back flip and rant about DRM when the next article comes out about how evil Microsoft has been for locking down Vista. What the majority of linux community fail to understand is the ability of the average person to administrate a PC.
System security is always going to be at the expense of useability and openness. If you have a highly secure, easy to use system, is likely you are going to sacrifice openess. Conversely if you have an a very open, highly secure system it is likely you are going to sacrifice useability. In the case of windows, it's extremely easy to use, with a very open development architecture, the end result is....?
Apple contract out manufacturing to an external contractor. They will specify everything: allowable percentage of defects, the finish on the plastics, quality control levels, acceptable losses in production etc. In essence, the level of quality of manufacture is specified, and the contractor will quote a price that reflects this.
The contract between Apple and the manufacturers should (and almost certainly does, but we'll never see it as it'll be under an NDA) also specify what the disks used in the ipods should contain - viz, the "OS" for the ipod in the form of the data Apple supply as the load - and bugger-all else.
This would seem to be a clear cut case of contractor negligence.
I cannot imagine how lax a manufacturer's process must be if they can allow stuff like this to happen. It's so 90s. When was the last time a gold master of a major application or OS came with a malicious payload included? It doesn't happen very often for big companies.
Note that I am aware that it happens sometimes and am not looking for a slashdotter to prove me wrong for points!
Nice semantic monkey dance you did there. In describing that Leap [not-a-real] virus, you also described pretty much every virus that spreads via email/IM on Widnows. By your logic, I guess those aren't real viruses either then?
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Apple (like just about everyone) contracts out production. One of their contractors did all of the above.
Ipod production is contracted out, like much other consumer electronics. There are multiple such contractors. That's why the iPod packaging reads "designed by Apple".
One of these contractors used Windows and infected some number of the iPods during the production process.
All the "Apple's using Windows *snicker*" messages from people who can't read for content just reinforce the "slashdork" meme.
I personally can't stand it - but it does help retards who buy software on a CD, shove it in the drive and sit there wondering why nothing is happening.
Seeing as I'm more capable of turning autoplay off, than my parents are to turn it on - I can see why it defaults to on.
I think I'm basically just making fun of you posting on slashdot that you can't work out how to turn it off.
except what you say simply doesn't match the facts given. You apparently didn't read either the article or the post to which you were responding.
If the virus were present on some kind of master disk image, that image would have been used by multiple stations on the production line. The article specifically references a single station. The only thing that fits that claim is that iPods were being mounted as drives on Windows PCs during production, and one of those stations got a virus. It sounds like, instead of using a high speed disk duplicator, they are connecting iPods to Windows PCs and running some program.
I'm not sure how current iPods are shipped, but it used to be that they all came formatted for the Mac (HFS), and iPods to be used with Windows had to be reformatted for FAT (the process was made somewhat invisible to the user by iTunes, though). If that's still the case, using Windows PCs in production makes even less sense. And how does a Windows virus end up on an HFS volume, and how could that possibly infect an end user's Windows computer, since Windows can't (natively) mount an HFS disk?
"National Security is the chief cause of national insecurity." - Celine's First Law
Yeah, it's a real shame that Microsoft's Zune Player is windows-only.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Windows XP Pro SP2, in my experience of three separate PCs I use (work, home, laptop) will automatically open up an explorer window of the files when I insert a SD card. In fact, if the card has photos only, it offers to start a slideshow of photos.
That is autorun behaviour. I had not considered the implications, but I presume if an SD card with a valid autorun.inf was inserted, then it would autorun in the conventional fashion.
On the two desktops I am using a USB SD card reader. The laptop has a built in non-USB memory card adaptor.
-- *~()____) This message will self-destruct in 5 seconds...
They're not. A virus is self replicating, and requires no human interaction to spread (other than sending or giving a potentialy infected file to another or exposing anothers files to your virus). That is, a virus should be able to attach itself to any innocuous file and replicate through the host system. A file specificaly crafted to be malicious and whose purpose is to be malicious which requires a user to actualy attempt to run the file is a Trojan.
T Money
World Domination with a plastic spoon since 1984
Infection occurs when a removable storage device or a mapped drive hosting a copy of W32/Rjump.worm is accessed and the user agrees to the auto run prompt for execution of the worm.
*if* that is enabled.
There is a good deal of software (Quickbooks is the pre-eminent example) which are practically impossible to install and use without Admin privs. Technically, you can do it by granting permission to each of the obscure registry keys that QB needs access to, but unless you've got an extremely knowledgable and patient IT guru willing to blow hours on each workstation that needs the software, it ain't going to happen. If only Quickbooks were the only piece of software like this!
My favorite part is the "As you might imagine..." bit. Actually I wasn't imagining that at all. When Apple puts viruses on Windows, I don't imagine that Apple will be the one that's upset. Why does Apple think we are all feeling bad for them whenever THEY mess up and get some bad press?
C'mon guys, you do a lot of things right, but you can make some mistakes and have some class/balls about it.
Still, this is a case in which the use of a non Microsoft system for pre-loading the iPods would be the appropriate solution at the manufacturing end. Since all that's needed is the ability to create and write to a FAT32 filesystem, I don't see why Linux isn't used; it can even be done automatically on a headless machine that does the loading upon USB insertion.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Saying that all data you want to keep must be backed up is a vast (and harmful) oversimplification. It's the type of simplification that makes a person come off as a raving lunatic and tends to drive people away. A much better approach is simply to get people to think about the factors involved. How much time would it take you to rebuild all of the data on your hard disk? Given that x% of hard disks fail over n years, what is the likelihood that you will need to rebuild your data in the expected lifetime of your computer? Give most people a hard number and they can judge for themselves whether or not backing up is worth it to them.
Bullish Machine Tzar
This actually happened to me. I had iTunes 6 loaded, plugged in my brand new video ipod and it told me I had to update to iTunes 7. I reluctantly download and start installing iTunes 7 when my virus software kicks in! I killed the download, tried redownloading iTunes but the apple site was down. After finding a md5 for the installer and verifying it, I try to reinstall from the original download and no problem. So from my point of view it was some sort of randnom virus. I'll definetely be reporting my encounter.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
"...Joswiak said it was traced to a particular Windows machine in the manufacturing lines of a contract manufacturer that builds the iPods for Apple..." Why on Earth would there be a Windows machine anywhere near the ipod assembly line? (and no - it shouldnt have anything to do with the fact that ipods are PC compatible now)
That's bazaar. Maybe it's an assault on Apple's DRM?
Great, I wonder how many future USB keys this will be a problem with. I just bought a set of 3 keys with some U3 crapola on it and it doesn't let me format it, comes with 2 partitions, on with auto-start, and the only way to remove them(because I have a usb hard drive and a usb cd drive) is to disconnect EVERYTHING usb except the key and run the format on it. Yeah, totally kills my day since a lot of my usb periphs are hooked up to the back of the comp and there's a mess of wires down there. If this had a virus on a write-protected overriding windows-formatting stuff, that'd be just great too.
Buy software/hardware get a virus?
We have spyware in video games, malware protecting them, Viruses on new handheld devices, rootkits on CDs. This is total bs.
I do have to admit apple's stance takes the cake, blaming PC users. A true low.
Thank you for posting this. This is needed every so often in /. debates.
Scratch that, all the time.
First time I've seen it though.
"The use-mention distinction" is not "enforced here."
I can (somewhat) understand the handful of moronic users out there that believe in Security through Obscurity - but if the parent company REALLY believes that!???? Some day there will be a MASSIVE wake up call for mac users - and, apparantly, Apple. Nu
Good for you. But recognize that your linux mailservers are running AV scans on email, to ensure that email is safe for *Windows* users. If absolutely no one that used your mail server used Windows, it wouldnt be remotely necesarry. (Well, ignoring for a moment that the people they sent email to or received it from might be running Windows). Try this - if no one anywhere used MS applications/platforms for email, scanning email for viruses would be unheard of.
If apple are going to make products for use with windows, then it is their responsibility to ensure that those products don't contain virii for windows systems. Suggesting that the virus being present in their product that they're shipping (regardless of the susceptibility of Windows to that virus) is the fault of Microsoft is passing the buck in a most horrible way.
Your two statements are not mutually exclusive. More than one party can be responsible for some result. Apple accepts blame for the incident and admits they are at fault. They also point out that this type of thing happens a lot due to flaws in Windows. I'm sorry but the fact that Windows viruses are so common (common enough that lots of random manufacturers have them on their drives) and yet MS has done very little harden Windows (so little that a major manufacturer did not easily detect it) is MS's fault.
I wish they mad more jabs at the weaknesses of Windows, maybe it would motivate MS to fix the problems. More than that, I wish the OS market were a competitive, free market instead of a monopolized one so MS would have real, financial incentive to fix the problems of their customers.
sure, it may be a windows user at the Ipod factory. But, it is Apples responsibility to test ipods, maintain quality etc.. No, it is Apple's fault.
A Good Troll is better than a Bad Human.
There ya go then, it's confirmed. I don't bring much new software into my collection via CDROM so I only see it maybe twice a year. I could only remember that when I put in my DVDR's it would ask if I wanted it to play the mp3's etc. and was pretty sure it did the same for autorun.
0x09F911029D74E35BD84156C5635688C0
Here's an interesting idea... perhaps the computer has --- *drum roll* --- more than one use!!!
The revolution will not be televised... but it will have a page on Wikipedia
I work under the, perhaps naive, assumption that if virus code is not actually executed, it is harmless.
If infected files are lying on an iPod, which does not execute any Windows code itself, then wouldn't it be harmless to have the virus there?
The last time I configured an iPod I don't remember seeing any files on it other than a basic directory structure, and certainly no executable files.
This worm would be entirely harmless unless:
* Someone mounted the iPod as a disk, as opposed to its more common media player use.
--AND--
* Someone clicked on an executable file that was on the iPod
It seems to me that this would very rarely happen. I would assume that the virus was caught by virus scanning software running on the host PC, which would of course detect and remove it. However, if someone with this virus on the iPod had no virus scanning software, the odds are extremely high that it would just sit on the disk and never be triggered.
This is a stupid and embarassing thing to happen, but I'm not convinced it's dangerous. I'm open to having my mind changed, though, so go ahead and see what scenerios you can devise that would make this truly dangerous to more than a handful of people.
D
I can't believe that Apple recommended that infected customers should *buy* AV software! Apple infected their computers, Apple should supply the software to remove the virus.
Points for taking time trying to enlighten another person. :-)
Way to go twitter, nothing like an opportunity to do your "M$ windoze" routine. Are they letting you post again after all your troll and flamebait moderations? And why are you back on it again?
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
I know iTunes is a crappy application (on Windows), but I don't know if I'd go so far as to call it a virus...
...whether technically it fits the classic/correct defenition of a computer 'virus'. It's malware. The parent was replying to a post that didn't even call it a virus, so I don't understand the point other than to try and minimize the issue.
If you go by strict definition, there are no "viruses" for computers any more for Windows or Mac.. There are worms, trojans, and hybrids of the two.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Operating systems are appliances for running other programs. If those other programs require the operating system to be logged in as root, then for all practical purposes the operating system must be running as root. If the operating system is insecure when running as root, that is the fault of the operating system vendor, not the application vendor. Further, the operating system vendor can put a good deal of pressure on applications vendors to avoid this behavior. I dunno if Quickbook qualifies for the Designed for Windows XP logo, but if it does and it still exhibits such bad behavior, this is Microsoft's fault and is illustrative of the quality of their standards.
Windows XP at least, by default, autoruns on ALL removeable drives/media. I have external firewire and USB hard drives, it would try to autorun them too doing a scan of the drive contents to figure out what to run or what options to put into the menu it'll show you if it fails to find an autorun file. I also use Bestcrypt and it did the same thing on the virtual encrypted drives whenever they were mounted. Ditto for my USB flash drives. It really seems that Microsoft thinks everyone needs to have autorun because they're too stupid to figure out what to do with any removeable drive on their own.
The solution is to install TweakUI and disable autoplay on all drives. Then you don't have to worry about it anymore and it stops annoying the hell out of you. (It's damned annoying with external hard drives.)
And as long as we're linking to each other's posting history, here's my contribution. I guess you're still "laughing" at me, eh?
I suppose you can only post once a day now? Well, if you stop trolling maybe they'll let you post more. Bwahahaha. Run along now.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Hint: it WAS Apple's fault for not properly maintaining their systems, and allowing a virus to propagate. Yes, you can run Windows systems without viruses: for some reason, I would have assumed such a system would be far better maintained than it was.
By summer it was all gone...now shesmovedon. --
"you're soaking your fingers in it."
Apple blames Windows for the Virus...but who put it on th ipod?
Some windoze user at the factory, of course. Isn't that the normal way W32 filth propagates? If you had read the article, you would have seen:
So, unless Apple is lying to cover up, this was not some targeted attack but just the usual Windoze born disease propagation. M$ is like a plague, and it should avoided as such. Apple should be embarrassing to admit needing it in any part of the process outside developing W32 iTunes. The only way to keep W32 infestations away is to never use it or let a M$ machine touch a filesystem of yours that it can read.
Friends don't help friends install M$ junk.
bah humbug.
A Good Troll is better than a Bad Human.
Why are you posting the same thing again ?
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Twitter posted this exact same post elsewhere in this discussion, got modded down to -1 for it and is now reposting it to try and get some karma. Please don't indulge him.
By summer it was all gone...now shesmovedon. --