Finger Pointing Over iPod Windows Virus

rs232 writes sent us some choice quotes in the finger pointing over the iPod's that recently shipped with a virus on them. "It's not a matter of which platform the virus originated [on]. The fact that it's found on the portable player means that there's an issue with how the quality checks, specifically the content check, was done," Poon wrote in a blog entry. and "Steve, if you need someone to advise on how to improve your quality checks, feel free to contact me 8)."

Re:OK, I have to ask

[spvo]

The surprising thing is that the worst of the quotes, "As you might imagine, we are upset at Windows for not being more hardy against such viruses...", is still unchanged on the apple web page. Anyway, http://www.apple.com/support/windowsvirus/ [apple.com] has removal instructions for anyone who thinks they may have been affected by one of these ipods.

Re:OK, I have to ask

[nine-times]

I can think of two basic ways this could happen. First, it could be sabotage. Some guy might be infecting these things with a virus for some reason. It doesn't seem like an effective way to spread viruses, though. But you know, maybe there's just some guy at the iPod factory who is a dick and thinks it's funny to put viruses on them.

The other way I can imagine this could easily happen to a small number of iPods is if there's a QA process that involves hooking a random sample of iPods to Windows machines, and some worker was using one of these machines had managed to get it infected with a virus. It could even come from a machine that is supposed to scan for viruses, if the virus scanner was compromised or out-of-date.

If you RTFA (which is short), it indicates which of the two Apple believes happened.

Re:Who cares?

[jbengt]

They said they use the MS Windows machines to test compatibility issues, doesn't sound like they could get rid of them completely, as long as there's a need to connect iPods to macines with MS OSs.

Re:What's so bad about that quote?

[nutshell42]

Oh, and if your point was that OSX or Linux wouldn't auto-execute anything instead of "wouldn't auto-execute as root", most people would click OK on a dialog that reads "Clicking the OK button below will format your harddisk. Are you sure?"

If the user is bright enough not to click OK he's also bright enough to install an anti-virus tool.

EXACTLY!

[Anonymous Coward]

this other post [slashdot.org] proves the point. MS managed to print virsues on one of their own CDs. Empirically it is hard to find a virginal safe point when working with Windows.

Re:Can Someone Tell Me

[Space cowboy]

It doesn't.

Since the device appears like a hard-drive to Windows, Windows will run any code set to auto-execute as soon as the disk is plugged in. The ipod just acts as a carrier in this instance.

It appears that one of the QA machines used to test windows compatibility had the virus on it, so when the randomly-sampled fully-finished ipod was plugged in for a QA compatibility test, the virus was uploaded onto the ipod's hard disk by Windows, and just sat there waiting until it was plugged into another Windows PC. None of this involves any activity by the ipod itself, it's all being done by Windows.

Not that I think Apple's comment was all-that-great, and they'll have to deal with the fall-out, but I could see Apple being just a tad frustrated about this...

Simon.

Re:Who cares?

[644bd346996]

Your analogy is reasonable right up to the point where you blame people with AIDS for the disease that weakens their immune systems. Windows users can stop using windows whenever they want (with a little bit of effort to switch) but AIDS sufferers cannot cure themselves.

Full disclosure and an apology is an appropriate response to a mistake like this. So is holding the contractor responsible. In this case, Apple would be foolish not to demand that the contractor stop using windows machines to test the ipods.

You have to keep in mind that the vulnerability that allows the ipods to infect user's pcs is the same flaw that infected the contractor's pcs in the first place. Apple is right to be upset that their contractors were using a competitor's inferior product.

Re:What's so bad about that quote?

[Quevar]

Not necessarily. I've had people ask me if it is okay to type in a password for various things. Anytime I help someone with OS X, I tell them to think about what they are doing whenever it brings up a dialog box asking them to do something.

I helped one of my friends who was very scared of computer a couple years back. I setup a limited access account in OS X and told them to try to mess it up, change the background, mess with all the preferences and just click on things and see what happens. I came back a week later and all the settings were changed. She didn't necessarily like all the settings, but when I actually setup her permanent account, she was much less fearful of changing settings. At this point, I told her to think twice about typing in a password when it asks. She has done very well and I haven't had to help her out with a computer at all in three years. She went from being scared of changing anything to pretty independent and safe at the same time.

So, my point is that there are a lot of people that do actually pay attention to these dialog boxes. I'd much rather have a few dialog/password boxes that are actually relevent than none. At least there is a chance that the person will think about it. Assuming people will click through the dialog without thinking is a rather negative view of users.

Re:What's so bad about that quote?

[Rytr23]

And of course no one mentioned the second part of that line.. That apple is even more upset with itself for not having caught it prior to going out the door. Why would they put it in context.. People are really jackasses.

Re:ill-advised comment, but not Apple's fault

[Anonymous Coward]

What apple FAILED to do was verify that the contents of the disk are identical to the image that they were created from. It's THAT SIMPLE.


You do realize that the virus was added during that verification process right?

Yeah, not going to find that in print. Why? The selection and distribution of defective batteries is a result of Dell's poor supply chain management (not really that poor), not Sony's. Sure Sony's batteries sucked, and they blow up, but you do not see Dell making snide remarks at Sony for providing the faulty battery.


Why shouldn't dell have been snide about sony? If I contract with you to make batteries for me, I expect you to make batteries to my specifications. Why should I have to hold your hand the whole way to ensure what you are contracted to do gets done? The batteries were sony's fault full stop and blaming Apple, Dell or IBM is blaming the wrong person

Re:What's so bad about that quote?

[BearRanger]

I doubt if Apple would care if the Zune shipped with OS X viruses. Like most Microsoft products the Zune doesn't work with the Mac.

As to the quote, maybe the second half should have been included. The part that says "and even more upset with ourselves for not catching it." I personally think the comment is valid. Appple should have caught it, and Windows shouldn't be so security challenged.

Re:Um, no

[I'm Don Giovanni]

Would that Apple had simply said what you said, rather than tossing out the cheap-shot against Windows. It's that cheap-shot that blew this thing out of proportion.