Slashdot Mirror
Finger Pointing Over iPod Windows Virus
rs232 writes sent us some choice quotes in the finger pointing over the iPod's that recently shipped with a virus on them. "It's not a matter of which platform the virus originated [on]. The fact that it's found on the portable player means that there's an issue with how the quality checks, specifically the content check, was done," Poon wrote in a blog entry. and "Steve, if you need someone to advise on how to improve your quality checks, feel free to contact me 8)."
When I first heard about this, I thought brilliant. What better way for Apple to demonstrate how prone to viruses windows machines are, than to put a virus on an ipod that only affects windows machines.
Who cares how it happened? It's Apple's problem. It's Apple's fault. End of discussion. Apple's comment was childish and absolutely un-called for. Apple should apologize publically, announce that they will improved their QA, and move on.
Oh SNAP! Steve Jobs got TOLD, son. Damn, that burn was off the heezy, fo'-sheezy! Now he needs to come back with "Yo, Poon. I improved your MOM's quality control." HOT DAMN!
Only a very small number of a specific model of iPod were affected by these Windows viruses. The entire blame rests with the factory making the iPods for Apple and putting the software image Apple prepared in advance not following good practices with respect to how they set up the empty drives before Apple's software went on them. The problem has been entirely fixed and you cannot even buy one of these infected iPods in the retail market today.
In other words, this is old news. And the size of the problem (the number of units affected) was so small, I would put good money down that we would not even know about the existence of this Windows virus problem if Apple had not disclosed it.
Not sure exactly what you are referring to. The virus infected iPoid? That's easy, somebody got sloppy.
The inane submission (quotes from another discussion board about a quote from a blog getting posted on another submission board). That's easy too, it's Slashdot Sunday!
Faster! Faster! Faster would be better!
.. when you outsource your operations to McDonalds.
The surprising thing is that the worst of the quotes, "As you might imagine, we are upset at Windows for not being more hardy against such viruses...", is still unchanged on the apple web page. Anyway, http://www.apple.com/support/windowsvirus/ has removal instructions for anyone who thinks they may have been affected by one of these ipods.
It happened because even Apple needs Windows at some point to make their products.
Appearently they used an affected windows machine at some point in the IMAGE process, and the virus infected the image. Most likely the image is built/cloned using Windows, but I won't go into that since I'm already going to be flamed for speaking against apple.
Profit.
More specifically, it's because both Apple and Microsoft need to cut corners on their products to make a suitable return.
Microsoft ends up releasing low-quality software that has serious security glitches. Such glitches allow for malicious software to easily harm systems and propagate throughout networks.
Apple, on the other hand, cuts down the quality of their hardware manufacturing processes. And with that decrease in quality, we see incidents like this happening.
Notice that some of the highest quality and most secure software products are those developed by organizations that have little care for outrageous profit. I'm talking about OpenBSD, for instance. Instead of focusing on matters of financial accounting, they focus on putting out damn fine software. Security problems of this magnitude become a once-in-a-lifetime occurrence for a project like OpenBSD, as they end up putting many measures in place to prevent repeats.
And everybody's blaming them for not noticing. But if you think about it, it was a pretty absurd thing for them to have had to "notice". As I understand it, the virus was implanted by one infected machine among a number of machines at a Chinese manufacturing shop they'd contracted iPod manufacture to. Apple said, "here's a thing that looks like an external disk: please put these bits on it for us". A simple and straightforward enough task, one would think -- but in a world where autorun exists and is or has been enabled by default, perhaps not so straightforward.
It's as if I had a letter to mail to 1000 of my customers, and I took one original down to my friendly print shop and asked them to make 1000 copies, and I or the print shop used an automated machine to fold the 1000 copies and stuff them in envelopes and mail them, and only after they were mailed out and opened by my customers did we start discovering that for some strange reason 1% of them had "FUCK YOU, ASSHOLE" overprinted on page 2. And then found out that the "strange reason" was that one of the copy machines at the print shop, among the several that the print shop divided my job among, was "infected" by a "virus".
If that happened to me, I'd be annoyed, too. (It'd be even more annoying if I were accused of ignorance for not having protected myself against this "obvious" threat, that evidently everybody else knows about and makes allowances for.) And I know my response would not be to ask the print shop to be more careful next time, or to run an "antivirus" soluton, or something. I'd take my business elsewhere, and more importantly insist that my future printing contractors use a different brand of copier, one that's not susceptible to preposterous failure modes like that, because even if there is some alleged way of papering over that particular flaw, who knows how many other equivalently egregious bizarre flaws it's got that haven't been discovered and papered over yet?
It's not just the iPod, viruses on shipped hardware seem to be getting more common. For example see below. Can't give other documented articles, but remember similar cases this past year. Anyone? The swipe at Microsoft sounds a lot like Jobs, looks like his personality has infected the company too. But Apple could win this by instating new controls over subcontractors and making a PR campaign in which they force them to use Macs or otherwise emphasize steps they've taken to minimize infection from Microsoft-based hardware. :)
Quote from article:
Earlier, McDonald's and Coca-Cola faced a similar problem in Japan during an MP3 player giveaway, though the events are unconnected. The iPod virus only affects Windows machines, and does not alter the behavior of the portable device itself or Mac operating systems.
I can think of two basic ways this could happen. First, it could be sabotage. Some guy might be infecting these things with a virus for some reason. It doesn't seem like an effective way to spread viruses, though. But you know, maybe there's just some guy at the iPod factory who is a dick and thinks it's funny to put viruses on them.
The other way I can imagine this could easily happen to a small number of iPods is if there's a QA process that involves hooking a random sample of iPods to Windows machines, and some worker was using one of these machines had managed to get it infected with a virus. It could even come from a machine that is supposed to scan for viruses, if the virus scanner was compromised or out-of-date.
If you RTFA (which is short), it indicates which of the two Apple believes happened.
The blame for this lies entirely at the feet of Microsoft.
Who created the Operating System which will execute arbitrary code -- for that matter, arbitrary code which ought to require administrator privileges -- without the say-so of the user? Microsoft did.
That is the problem. For sure, they had a reason to do that -- they wanted to hide "difficult" decisions from the user in order to make their operating system beginner-friendly. Their model seems to be "Programmers know what they are doing, users don't." Unfortunately for everyone concerned, that has well and truly bitten them in the arse.
If Vista is more secure than Windows XP, then it will necessarily be harder to use. The only way it could be more secure than XP while remaining as easy to use, is if only certain trusted parties are allowed to write software for it. (Which is effectively what you've almost got with some OSes; anyone is allowed to write software, but software distributors -- who may well be independent of the software creators -- maintain a catalogue of what is "safe", based on their own judgement after reading the Source Code. Tech-savvy users can check the Source Code for themselves. Non-tech-savvy users know they can rely on the software distributor's judgement. Any distributor who does a bad job by distributing dangerous software loses custom.) But that would create a monopoly, or at best a cartel.
Je fume. Tu fumes. Nous fûmes!
What's so bad about that quote? That it is nothing but truthful?
The fact of the matter is that Windows should be far more resilient to malicious software, regardless of whether the vector is a network, an email attachment, or a piece of Apple hardware.
Don't forget that there's nothing Apple can do but make such facts public knowledge. Considering how Microsoft limits access to the Windows source code and development process, there's basically nothing Apple could do to help improve the situation. If Microsoft's software is so readily vulnerable to exploits, then the only party to blame is Microsoft.
Therapist: "Okay, now it is time to address frustrations. Mac, express a frustration about PC. "
Mac: "I'm really upset that you proved vulnerable to the virus we somehow loaded onto our flagship product."
Therapist: "I see. PC, express a frustration about Mac."
PC: "Mac, Why did you try to get me sick in the first place?"
Therapist: "Mac, maybe you'd better come in twice a week to deal with your anger-displacement issues."
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I used to work for a small company that made CD-ROM's
Only after we recieved 3000 copies of our free handout Amsterdam nightlife CD-ROM did we discover that there was a windows virus on all of them.
We simply slapped a "MAC only" sticker on them and handed them out!
The buck stops with the label on the cover. Sorry, whoever you contract to do stuff with is your business; when you're selling something with your trademark on it, any problems are between YOU and the CUSTOMER. In Apple's case, their problems are between APPLE and the CUSTOMER. Blaming third-parties, whether those contracted to, or those completely uninvolved (Microsoft), is just unprofessional. I know Apple was itching to score points at an easy target like Microsoft, but guys: this is a screwup, APPLE's name is on the front, not whatever podunk assembly in the Hunan Province, and not Microsoft. Even a "minor" attack like, "Bad Microsoft, Worse Us" is out of place in PR copy. Leave that bit of trollwork to professionals, like Dvorak.
Microsoft will ship it's upcoming media player "Zune" with Mac OS 7 (or System 7) viruses, trying to prove that Mac users (of 10 years ago) are susceptible to viruses and that it's all Apple's fault for how they got on there and how insecure the Mac OS really is.
Never monkey with another monkey's monkey.
According to TFA, the infected Windows machine was used for compatibility testing. Do you work for Apple? How do you know what kind of machines they use in their iPod manufacturing process?
It happens because Apple doesn't make their products. Subcontracters do. Apple doesn't have any factories.
Absolutely agree. So the remaining question is: aside from the ill-advised potshot, has Apple done right or wrong by those customers? Have they (a) disavowed all responsibility, told customers it's their problem, told them to go talk to the "podunk assembly plant in Hunan Province" if they need help, or (b) done everything they can to mitigate and prevent future recurrences of the problem?
I've read that the underlying problem was more subtle, which might explain some of Apple's expressed frustration with MS. I can't confirm this but it may have been that the infected PC got the infection from a blank, formatted, drive from the drive manufacturer. Even if that is not true in this case, there is nothing stopping it from being true.
It's a pretty subtle bug that, until now of course, I know would have bitten me since I would not have looked for it. I, and the technicians who do jobs for me, often replace burned hard drives in my clusters and computers with units straight out of the box. In some cases we have pre-formatted hot-swap spares still in the shrink wrap sitting on the shelf waiting to go in.
On my macs and linux machines, I sometimes use external USB drives to share with Windows PCs. I don't usually reformat these specifically because I don't entirely trust that the macintosh disk formatting program will create a prisitine PC FAT format. In all likelihood it can, I just don't have the ability to know. And I have reason to doubt: past experience has shown that when one OS provider emulates another's native formats (e.g. Samba or UFS or HFS++ or ZFS or NFS) that the emulation is usually less than complete or has artifacts.
It would be a major hassle and expense, to have to reformat every drive in a rack of clusters one is upgrading. But apparently that is now the requirement to be sure the manufacturer did not ship you a virus on the "blank" harddrive.
The problem is perhaps more diabolical than it seems. Imagine some Apple engineer putting out some specs for the process standards the Chinese manufacturer must follow. He's paranoid they won't have good practices with keeping their windows boxes clean. He also wants to assure the peripheral performance is comaptible with the ipod loading software and to assure the integrity of the data transfers to the ipod. So he decides that the sure way to do this is to make absolutely certain the box has never been on the internet, and to spec every part, so the machine has to be built at the chinese factory from scratch. They then load in the special Apple approved Windows software CD with apples programs and data. Seems foolproof. But it's not.
One might argue that to actually eliminate you have to boot from a trusted CD and then format the drives. But wait, this does not solve the problem. Isn't the problem of creating a trusted CD or and ipod install the problem we started out trying to solve? So one has to some how have a system that one can trust to do this. And that system has to be available to the manufacturer. It's kinds slippery.
If you were about to suggest "well just use Linux" to format the drive, well then apparently you just emitted the same faux paux apple did. Blaming Windows for the problem.
Some drink at the fountain of knowledge. Others just gargle.
Insults don't have to be false. Actually, in general, if they're clearly false they're rarely insults.
Please, for the good of Humanity, vote Obama.
It doesn't.
Since the device appears like a hard-drive to Windows, Windows will run any code set to auto-execute as soon as the disk is plugged in. The ipod just acts as a carrier in this instance.
It appears that one of the QA machines used to test windows compatibility had the virus on it, so when the randomly-sampled fully-finished ipod was plugged in for a QA compatibility test, the virus was uploaded onto the ipod's hard disk by Windows, and just sat there waiting until it was plugged into another Windows PC. None of this involves any activity by the ipod itself, it's all being done by Windows.
Not that I think Apple's comment was all-that-great, and they'll have to deal with the fall-out, but I could see Apple being just a tad frustrated about this...
Simon.
Physicists get Hadrons!
Apple are *not* blaming the users of the ipod (the "drivers"), they are expressing some anger at the ultimate cause of how it happened ("the tire manufacturers"), and you better believe that if tires started randomly blowing out on cars, and there was an avenue of blame available, then Ford damn well would lay that blame firmly at the tire-manufacturers feet.
Since they're also volunteering this information, announcing a way for users to completely recover ("new body cloning device" ?), and expressing even more anger at themselves for not catching it, I don't really see the big deal.
Simon
Physicists get Hadrons!
When I first read that quote from Apple it really gave me the creeps.
I like Apple as a company too much to want to hear this kind of spin from them. I understand that they are embarrassed by having infected products going out to customers, but that doesn't excuse using that old Republican technique of trying to point fingers in order to deflect blame.
For example, the GOP tried to pin the entire Foley/Page sex scandal on the Democrats and George Soros, but that appears to have backfired as most people dislike that sort of scummy avoidance of responsibility. If Foley isn't writing emails and IMs trying to get into the drawers of congressional pages, there's no scandal, period. Nothing the Dems or George Soros did afterward have any bearing on that fact.
I don't want to see Apple doing that same sort of ugly spinning, but I guess that's what happens when the marketing people take over. I watched "Thank You For Smoking" last night, and the whole movie was about this very issue. It's a great flick by the way.
You are welcome on my lawn.
If the "more upset with ourselves" phrase was in the original quote and people left it out to make Apple look [more] arrogant [than they actually are], shame on them.
If I make a product that screws up something in a typical environment that it's supposed to be in, then it's my fault and no one else's, no matter how cruddy that environment is. This isn't like an unknown flaw or something that's unforseen. Windows is what it is, and if a known shortcoming isn't worked around by your product, then your product is at fault.
Common, your product gets infected because of some slopiness, and you blame another company??
If Jobs doesn't like it, then stop making the iPod work on Windows. How would he like it if all of a sudden the iPod would be "disabled" by MS? He'd sue the living hell out of them (and for good reason).
Take the responsability for the screw up and fix it.
The difference is that Dell's press releases don't mention Sony batteries, but _their_ batteries, which Sony happened to manufacture. Ford sold trucks with Goodyear-branded tires, and recalled same.
I repeat, for those fanboys who are hard of hearing: it's the job of the professional media trolls to place the blame. Apple coulda scored tons by just profusely apologizing for the Windows virus getting into their distribution system. There are plenty of press hacks who will "go the extra mile" and explain why Windows sucks. This has nothing to do with fanboys and everything to do with business sense. Sorry, Apple screwed up. Don't cry too much, or your tears might crack your G4 cube.
According to some quotes in TFA, the Windows machines are used to check for compatibility, as iPods can connect to Windows as well as Macs, not for the manufacturing process itself. Perhaps the low number of infections (said to be 5%) means only a few iPods were given that check (normal QC wouldn't require every one to be checked for a consumer item).
For one thing, though I just bought an 80GB iPod, this didn't affect me, since the first thing I did was attach it to my G5 at work, so it was re-formatted into HFS the moment I started up iTunes.
But, I have to wonder why Apple prepares them on Windows machines in the first place. OS X has native support for FAT32 filesystems, so why not just prep them on OS X in the first place? And furthermore, why even have HFS iPods anyway? FAT32 iPods work fine on OSX.
A sentence you'll never see on an Internet discussion board: "You know what? You're right."
No, it wasn't a virus for the iPod. It's a windows virus sitting on the iPod's filesystem.
Completely different beast.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
"Common, that's so cheap..."
It's both common and cheap (much like this comment). The great unread mass of kids today. Just another sign of the apocalypse.
Of course not.
Apple wouldn't allow PC QA equipment now, would they?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
SONY. BATTERIES.
Who got the blame ? Was it only Dell, Fujitsu and their friends ?
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]