Slashdot Mirror
iPods Come Complete With Windows Virus
kaufmanmoore writes "Cnet is reporting that some video Ipods made after September 12th have the RavMonE virus loaded onto it. In Apple's announcement they take a swipe at Windows security and encourage Windows users to install anti virus applications."
Apple's products are made (and to some degree, designed) in China just like everybody else's. I wonder how many other memory products (that is, USB mass storage devices) have similar issues.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Now I come to think about the PC guy in the Mac commercials who whines about viruses on Windows systems. Steve Jobs is so keen on pointing out that Mac is free from viruses (and Windows is not), but this blunder has got to shut him up about that for a while.
Full Tilt
Apple is selling ipods with a virus on them and they're taking it as an opportunity to bash Microsoft??
I'm sorry, but that just seems ass backwards to me. This one is not Microsoft's fault, and I hope people realize that.
Everything I need to know I learned by killing smart people and eating their brains.
I'm not one to try and defend Windows security with a straight face, but this is apples fault for shipping infected ipods. They failed to protect their customers, regardless of windows lack-lustre security
5468652047616D65
If I just distributed a device with a virus on it I would not be throwing stones at the security practices of another company.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Wow...trying to deflect some of the blame, huh?
-Hey! Whatcha lookin' at fool? -The Duk
and this is why in the long run, apple wins? Simply because MS can't do anything like this back to Apple.
those apple people are genius'
The class of Apple to complain about Windows being susceptible to viruses that Apple Quality Control fails to catch. Maybe Apple QC should install AV as well when they develop for windows?
...like, that puzzle game with the apple logo! I beat it, but it's still fun...
"it was traced to a particular Windows machine in the manufacturing lines of a contract manufacturer " and "Very few units actually went through that particular station"
Why is a Windows machine ever connected to an iPod during manufacturing? I'd think for a high volume product like the iPod, there would be dedicated disk duplicators to format/populate the drives, and testing would likewise be done with purpose-designed hardware. Using a Windows PC to do either seems like a crude, inefficient way to do things.
"National Security is the chief cause of national insecurity." - Celine's First Law
As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.
I own an iBook. The Apple IIe was my first computer (unless you count a breadboard, some dip switches, and two numeric LED displays). I own Apple stock. I think Mac OS X is the bees knees.
That said, Apple needs to take their collective heads out of their asses. If an executable shell script was "accidentally" included as simple as:
#!/bin/sh
rm -rf /
You need to make it autorun (I won't tell you how, but it can be done, and is quite handy for non-malicious uses). No antivirus software would detect this, no Windows machines would be affected, and every Mac you plugged that iPod into would be royally fucked, even if not run as root.
Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
...anti-Apple hateboys taking preemptive strikes at Apple apologists that haven't even spoken up yet. Welcome to another fun-filled Apple thread at Slashdot.
Libertarians somehow believe that private businesses should be stronger than governments but weaker than individuals.
(emphasis added)
It's nice that they're "upset with themselves for not catching it" in the last part of that statement, but what's that first part in bold all about? Oh yeah, it's the part where they shirk complete responsibility for this by half-blaming Microsoft for the virus Apple introduced in its own hardware. It's the most half-assed way of apologizing imaginable.
In other news, rapists who blame their victims will now be in charge of issuing Apple's PR statements on their website.
What I find interesting is the potential for this type of distribution to be the vector for a zero-day exploit.
Imagine the scenario: an unscrupulous individual happens across an unannounced vulnerability, and develops an exploit. Rather than building it into a worm/botnet replication mechanism, he finds a way to load it onto a consumer electronics device (mp3 player, flash drive, camera, etc) and lets the well-established merchandise distribution network take it from there. Weeks/months later, at a predetermined time, an attack can be launched simultaneously from hundreds/thousands of locations, and we have a nasty problem on our hands.
An object at rest cannot be stopped!
Cue the wavy-dream-sequence-announcing-television animation....
Somehow, in an economic fluke, the Apple II flourishes and paves the way for a GUI operating system code-named..OS I. Incredibly, as years go by, Microsoft remains a niche player in the market, known mostly for its creative pieces of software, and Apple owns 98% of the desktop scene.
Even more incredible is how much smarter the Apple devs are than any alternate universe where, say, Microsoft would be in their position, and despite the efforts of all the l33t haxxors out there, Apple's products, now up to OS X, remain completely virus free. Who'd a thunk it?
I'd like to see Apple own even 75% of the market share and not have major issues with viruses and those who write them. It is easy to sit back and take pot shots at the leader when you are a very distant, distant second place runner in the game. If only those devs at Apple had been smart enough to create something better than Windoze back in the early 90's, they might find themselves in a similar situation.
Bad form, Apple, or should we change your name to Sour Grapes?
iPods Come Complete With Windows Virus
It's not an outsourcing problem, because a lot of people are also reporting this "Windows" virus showing up on their mac when they run the BootCamp installer.
The theory of relativity doesn't work right in Arkansas.
No. There is no defense against an executable installed by a trusted vendor. If a virus gets installed due to user action - connecting an iPod, for example - and the user agrees to whatever official-looking prompts the installation creates, there is no reasonable security model on earth that can prevent the malicious code from running.
/" example above is a straightfoward example.
The "rm -rf
Apple is completely, unilaterally responsible, just like Sony was responsible for the CD rootkit cock-up.
I'd prefer to think along the lines of "why you can't get anybody at Apple to care." It doesn't affect Macs, after all.
Still, it does give food for thought. I can easily see it as an act of malice as much as a QA failure.
I recall a *brand new* Sandisk flash drive that loaded & installed its own software (including Skype, its own little menu system, utilities, etc.) onto my computer the moment I plugged it in.
How much would it be worth to a spammer/botnet group to infect the image that gets copied to all these devices? Enough to pay sufficiently large sums of money to subvert employees at the manufacturing plant?
It's still inexcusably sloppy of Apple, but my real concern isn't in the companies involved: It's that it will likely happen elsewhere as well. Flash drives, DVD's with 'extended' PC content... stuff like that.
Anywhere media with readable content is replicated can be a vector for viruses.
-- Sometimes you have to turn the lights off in order to see.
Because this is Slashdot and everything is China's fault.
If apple are going to make products for use with windows, then it is their responsibility to ensure that those products don't contain virii for windows systems. Suggesting that the virus being present in their product that they're shipping (regardless of the susceptibility of Windows to that virus) is the fault of Microsoft is passing the buck in a most horrible way.
The simple fact is that they choose to make their device work with Microsoft Windows systems, and they are damned sure responsible for ensuring that their device will not cause problems with those systems, regardless of the flaws or vulnerabilities of Microsoft systems.
I quite like Mac hardware and software, and have previously been glad that they may be gaining market share, but frankly if they are going to continue to market themselves by making stabs at Microsoft (and no I'm not suggesting the virus was placed intentionally), rather than by marketing their products' strengths and features, I'm not so sure I will continue to feel the same way.
The FDA is reporting that some of Apple's produce shipped after September 12th as having the E. coli bacteria. In Apple's announcement they take a swipe at Intelligent Design, "As you might imagine, we are upset at God for not making human beings more hardy against such bacteria and viruses, and even more upset with ourselves for not catching it."
That's like MacDonald's importing meat infected with Mad Cow Diease, then blaming the FDA for not catching it.
Bad analogy. It's like McDonald's (no a) selling burgers infected with MCD, and then blaming the humans for being vulnerable to it. Except that unlike humans in the real world (who are all susceptible to MCD), the humans in this crazy analogy universe have a choice between different bodies: one that's not only vulnerable to MCD, but every other disease out there, and has to be constantly immunized against them, and even then performs terribly, stops breathing and loses conscienceness occasionally, and is ugly to boot; and a few other bodies that are naturally immune to every known disease, are stronger and live much longer, don't need sleep, and are very attractive. Only the idiots who chose the ugly, disease-infested bodies get MCD so McDonald's justifiably tries to assign them some of the blame for making a bad choice.
Especially not when you live here...
Inexcusable? Hardly. It would certainly be inexcusable if they didn't take action here, but for a simple mistake? I think everyone is overstating how big a problem this is.
/were/ widespread viruses for Apple, they'd likely be just as problematic. The only thing that 'hardens' Apple against viruses, other than obscurity, is the fact that users don't run as Admin by default, so they have to type in their password for the virus to do any significant damage. Since we're training users to do this, it seems likely that a virus would still be able to wreak havoc on a Mac. We'd just call it a trojan, first.
And before people start saying, "Well if it was Microsoft, we'd be jumping down their throats about this!" consider that Apple isn't exactly a company with a long history of security flaws.
I do think that the statement "As you might imagine, we are upset at Windows for not being more hardy against such viruses" is absurd. If there
I guess Autorun on by default is another flaw in Windows, but I wasn't aware that USB devices would autorun by default. Are iPods presenting themselves as CDRoms now?
Seriously. People look at a company like Apple and they imagine that there's some middle-aged guy in a turtleneck personally checking every iPod and somehow he slipped up and missed this. Nope. It's some grunt in a factory somewhere trying to meet a quota, and of course they're going to cut corners. Apple hasn't screwed up yet--we'll have to see how they handle this situation to find out whether their actions are "inexcusable."
But in the end, it's an Apple product and Apple is responsible. Sure, mistakes happen, and they did apologize, I'll give you that. The little jab at Microsoft was completely uncalled for, though. It makes Apple look far worse in my eyes than the accident did in the first place.
Microsoft should ship each Zune with a Mac virus.
Weaselmancer
rediculous.
I'd prefer to think along the lines of "why you can't get anybody at Apple to care." It doesn't affect Macs, after all.
True enough. They should care though, they like to pitch themselves as the 'good' computer company and this little effort is hardly better than the Sony rootkit debacle writ small.
I am just wondering how things would go around here if the situation were reversed - like if a Microsoft product came preinstalled with some software that caused damage to OSX systems. Something tells me that the mob with torches, pitchforks and turtlenecks wouldn't be storming Apple's headquarters...
Read Pynchon.
The description of OSX.Leap.A.:
The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.
This is not a real virus. It's a hybrid between Trojan horse and a worm. The victim must un-tar the software to find an application disguised as a JPG file with the Preview icon. Then it used iChat to try to spread itself. Though Sophos categorized it as a worm on the account that it tried to spread itself, you actually needed to consciously un-tar and double-click the app. Sophos is selling security solution for OS X and it makes less impact to call this a Trojan horse.
It's not really acceptable to just say 'hey, go out and buy some antivirus software because the products we sell have viruses'. If I buy a bloody ipod it shouldn't ruin my computer. Though I imagine they have some legal agreement stating that I can't sue for lost data if my ipod destroys my computer...
Congratulations. That's the most ignorant comment I've read in this thread so far, and let me tell you, it's up against some pretty stiff competition.
From the McAfee site linked to in TFA:
Infection occurs when a removable storage device or a mapped drive hosting a copy of W32/Rjump.worm is accessed and the user agrees to the auto run prompt for execution of the worm.
Yes, that's right, you have to agree to install the dammed thing. Now, if you plug an MP3 player into your computer and it prompts you to ok a software installation, there are only two reasons to agree to do it:
1) You trust the vendor in question, and are happy to install their software, even if you aren't too sure exactly what it is.
2)You really have no idea what this prompt is, you're not too interested either, and you just blindly click ok because you think if you don't you're new toy won't work.
Now, just supposing you were using Linux, and the phrase "click ok" was replaced with "enter root password", what would happen? I'll tell you what would happen. The same people who clicked OK would just tap in their passwords.
The problem here is not windows insecurity. The problem is that a trusted vendor was shipping infected hardware. End of story.
"I realise this is not a very popular opinion but it's the truth, and there for needs to be said" -Bill Hicks
Well, not really. OS X doesn't have any sort of Autorun functionality like Windows, so it's far, far easier to write a simple worm like this one on Windows and have it be effective. You could write one for OS X, but it would never get executed automatically; hardly a worm.
Also, that fact that it's a python script doesn't say anything about its portability. It's obviously using Win32 bindings to read and write to mapped network shares.
ENDUT! HOCH HECH!
"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."
They blame Windows, but they blame themselves more.
How is this passing the buck?
http://lkml.org/lkml/2005/8/20/95
please note it was a contract manufacturer. which means apple probably didn't regularly (if they even did) audit them. which means this COULD have been deliberate along with the possible theory of a random infection
Dunno about Apple, but if I were mass producing those things, I would _not_ build the thing empty, connect it to a Mac by hand, transfer the stuff to it slowly via Firewire, etc. That kind of "let's connect a cable, launch this handy application and click here to transfer the files" is ok for a mom-and-pop shop, but when you're mass producing stuff you just want to shave the last penny off the manufacturing costs.
So the way it's done is you take the working prototype, make an image of its hard drive, and write that on every hard drive before it's even assembled into the iPods.
Think, basically, how your IT department doesn't come with a suicase full of install CDs for Windows, Word, etc, for each PC. They just make an image off one workstation and then install that on all others. Much faster.
Same thing here, only more automated.
So if that image was made from a HDD with the virus on it, the assembly line will mindlessly churn thousands of copies of that.
A polar bear is a cartesian bear after a coordinate transform.
No no no, it's like McDonald's giving out USB devices with a trojan on them and... wait a second.
Nope, it's not fishy. It actually happened to my iPod. At the time I just thought my antivirus program was on crack, and it couldn't possibly be a real virus, so this story was quite a shock to me.
Yeah, it's a real shame that Microsoft's Zune Player is windows-only.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Still, this is a case in which the use of a non Microsoft system for pre-loading the iPods would be the appropriate solution at the manufacturing end. Since all that's needed is the ability to create and write to a FAT32 filesystem, I don't see why Linux isn't used; it can even be done automatically on a headless machine that does the loading upon USB insertion.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Bullish Machine Tzar
I know iTunes is a crappy application (on Windows), but I don't know if I'd go so far as to call it a virus...