Finger Pointing Over iPod Windows Virus

rs232 writes sent us some choice quotes in the finger pointing over the iPod's that recently shipped with a virus on them. "It's not a matter of which platform the virus originated [on]. The fact that it's found on the portable player means that there's an issue with how the quality checks, specifically the content check, was done," Poon wrote in a blog entry. and "Steve, if you need someone to advise on how to improve your quality checks, feel free to contact me 8)."

Brilliant

[Slimnaper (971797)]

When I first heard about this, I thought brilliant. What better way for Apple to demonstrate how prone to viruses windows machines are, than to put a virus on an ipod that only affects windows machines.

Who cares?

[NineNine (235196)]

Who cares how it happened? It's Apple's problem. It's Apple's fault. End of discussion. Apple's comment was childish and absolutely un-called for. Apple should apologize publically, announce that they will improved their QA, and move on.

Re:Who cares?

[thestudio_bob (894258)]

Yeah, Apple should now come out and say how they made huge quality control improvements by removing all Window's machines from their production line and replaced them with Mac's and Linux machines. Brilliant!

Re:

[NineNine (235196)]

Again: who cares? It doesn't matter what they use to make their products. The point is that the end product not only should work, but should NOT cause additional damage to other products that people already own.

Re:Who cares?

[NineNine (235196)]

There will be problems, but you pay them the money for it, so it's their problem. If you buy a toaster, and it catches on fire, and the company says, "It's the fault of Taiwan Wire, Inc. who provided us with faulty wire", who is going to be blamed? It's the fault of the toaster company, because they used defective materials. In this case, it's the fault of Apple, because one of their vendors/manufacturers screwed up. People aren't concerned with the thousands of steps it takes to get to the iPod, nor should they be. That's what manufacturing companies do. They put together hundreds if not thousands of components together, and the final product is what you're buying. You're not buying wire, and an LCD screen and buttons and batteries and paint and plastic. You're not buying transporation from China to the US. You're not buying trucking services. You're not buying packaging. You're not buying pallets to put the cases of boxes on. You're not buying warehouse space. You're not buying ink to print the packaging. You're not buying silicon for the circuit boards. You're not buying iron to make the steel headphone jack. You're buying an iPod.

Re:Who cares?

[quanticle (843097)]

What!?

That's like saying, "Only a tiny percentage of criminals use guns. But one hundred percent of the cops they shoot will be injured or killed unless they have third-party protection (in the form of a bullet-proof vest). Therefore the fault lies with cops for not wearing bullet-proof vests."

It doesn't matter that Windows is vulnerable. Its still Apple's fault that they shipped a product that will damage the data on my PC. The responsibility lies on Apple's poor QA process that allowed this kind of damaging infection to get on their product.

Re:

[jbengt (874751)]

They said they use the MS Windows machines to test compatibility issues, doesn't sound like they could get rid of them completely, as long as there's a need to connect iPods to macines with MS OSs.

Re:Who cares?

[by Anonymous Coward]

From www.apple.com/support/windowsvirus [apple.com]:

We recently discovered that a small number - less than 1% - of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus. This known virus affects only Windows computers, and up to date anti-virus software which is included with most Windows computers should detect and remove it. So far we have seen less than 25 reports concerning this problem. The iPod nano, iPod shuffle and Mac OS X are not affected, and all Video iPods now shipping are virus free. As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

I don't see anything childish about that. Maybe if you selectively edit a quote from the above by removing it from its context, you can get something arguable. But in context, no.

For those that do not think Windows viruses are a big problem, consider my experience as a tech. I re-install Windows on clients computers due to viral infections at least once or twice a week. Generally these are older computers they have not had me work on and have failed to heed my advice w.r.t. needing anti-virus software on a Windows computer (same does not apply to the Mac OS X computers I work on). You know what really sucks, once the anti-viral software is installed and made effective (auto-scanning of every file that is touched) the whole system slows down. What could have been a relatively fast Windows computer is made slower just by having to have commercial anti-virus software (don't talk to me about OSS solutions, these installs have to be idiot proof with auto-scheduling, active scanning, and so on). Argh.

Re:Who cares?

[fossa (212602)]

I disagree; it's very childish. Any adult should know it's "fewer than 25 reports", not "less".

Re: "Mac vs. PC counseling ad, part 2"

[TaoPhoenix (980487)]

Therapist: "Okay, now it is time to address frustrations. Mac, express a frustration about PC. "
Mac: "I'm really upset that you proved vulnerable to the virus we somehow loaded onto our flagship product."
Therapist: "I see. PC, express a frustration about Mac."
PC: "Mac, Why did you try to get me sick in the first place?"

Therapist: "Mac, maybe you'd better come in twice a week to deal with your anger-displacement issues."

Daaamn!

[commisaro (1007549)]

Oh SNAP! Steve Jobs got TOLD, son. Damn, that burn was off the heezy, fo'-sheezy! Now he needs to come back with "Yo, Poon. I improved your MOM's quality control." HOT DAMN!

Re:Daaamn!

[iggy_mon (737886)]

crap... that was WAAAAY over my head.

I need to brush up on my dumbass-a-nese.

:-)

Um, no

[by Anonymous Coward]

Only a very small number of a specific model of iPod were affected by these Windows viruses. The entire blame rests with the factory making the iPods for Apple and putting the software image Apple prepared in advance not following good practices with respect to how they set up the empty drives before Apple's software went on them. The problem has been entirely fixed and you cannot even buy one of these infected iPods in the retail market today.

In other words, this is old news. And the size of the problem (the number of units affected) was so small, I would put good money down that we would not even know about the existence of this Windows virus problem if Apple had not disclosed it.

Well, that's what happens..

[Channard (693317)]

.. when you outsource your operations to McDonalds.

ill-advised comment, but not Apple's fault

[ummit (248909)]

Apple shouldn't have seemed to blame Microsoft, it's true. That's gotten the Windows partisans all riled up, although if you read what Apple wrote, they didn't explicitly blame Microsoft, just expressed annoyance -- and they expressed more annoyance with themselves for not noticing.

And everybody's blaming them for not noticing. But if you think about it, it was a pretty absurd thing for them to have had to "notice". As I understand it, the virus was implanted by one infected machine among a number of machines at a Chinese manufacturing shop they'd contracted iPod manufacture to. Apple said, "here's a thing that looks like an external disk: please put these bits on it for us". A simple and straightforward enough task, one would think -- but in a world where autorun exists and is or has been enabled by default, perhaps not so straightforward.

It's as if I had a letter to mail to 1000 of my customers, and I took one original down to my friendly print shop and asked them to make 1000 copies, and I or the print shop used an automated machine to fold the 1000 copies and stuff them in envelopes and mail them, and only after they were mailed out and opened by my customers did we start discovering that for some strange reason 1% of them had "FUCK YOU, ASSHOLE" overprinted on page 2. And then found out that the "strange reason" was that one of the copy machines at the print shop, among the several that the print shop divided my job among, was "infected" by a "virus".

If that happened to me, I'd be annoyed, too. (It'd be even more annoying if I were accused of ignorance for not having protected myself against this "obvious" threat, that evidently everybody else knows about and makes allowances for.) And I know my response would not be to ask the print shop to be more careful next time, or to run an "antivirus" soluton, or something. I'd take my business elsewhere, and more importantly insist that my future printing contractors use a different brand of copier, one that's not susceptible to preposterous failure modes like that, because even if there is some alleged way of papering over that particular flaw, who knows how many other equivalently egregious bizarre flaws it's got that haven't been discovered and papered over yet?

Re:ill-advised comment, but not Apple's fault

[laird (2705)]

From what's been announced, the disk duplication step of manufacturing was fine. Ironically, it sounds like the virus got onto the iPods as a post-manufacturing quality check where the manufacturer connected a few iPods to PC's to check them, and some of those iPods got infected from an infected PC. But this apparently affected a very small number if iPods.

To keep this in perspective, in 1995, the first Word macro virus -- now called Concept -- was massively distributed by Microsoft on a CD-ROM called Microsoft Windows 95 Software Compatibility Test. The shipment went to hundreds of companies in August 1995. And MS has distributed viruses on CD's to huge numbers of their customers numerous times. (http://www.soci.niu.edu/~crypt/other/onestop.htm, http://www.f-secure.com/v-descs/wazzu.shtml [f-secure.com], http://pcworld.com/article/id,101930-page,1/articl e.html [pcworld.com]) So while I am sure that MS' quality control has gotten better, I think that MS isn't in much of a position to play "holier than thou" on the issue of distributing viruses in their products.

Re:ill-advised comment, totally Apple's fault

[DingerX (847589)]

The buck stops with the label on the cover. Sorry, whoever you contract to do stuff with is your business; when you're selling something with your trademark on it, any problems are between YOU and the CUSTOMER. In Apple's case, their problems are between APPLE and the CUSTOMER. Blaming third-parties, whether those contracted to, or those completely uninvolved (Microsoft), is just unprofessional. I know Apple was itching to score points at an easy target like Microsoft, but guys: this is a screwup, APPLE's name is on the front, not whatever podunk assembly in the Hunan Province, and not Microsoft. Even a "minor" attack like, "Bad Microsoft, Worse Us" is out of place in PR copy. Leave that bit of trollwork to professionals, like Dvorak.

Re:ill-advised comment, totally Apple's fault

[ummit (248909)]

The buck stops with the label on the cover... any problems are between YOU and the CUSTOMER.

Absolutely agree. So the remaining question is: aside from the ill-advised potshot, has Apple done right or wrong by those customers? Have they (a) disavowed all responsibility, told customers it's their problem, told them to go talk to the "podunk assembly plant in Hunan Province" if they need help, or (b) done everything they can to mitigate and prevent future recurrences of the problem?

Re:ill-advised comment, totally Apple's fault

[DingerX (847589)]

The difference is that Dell's press releases don't mention Sony batteries, but _their_ batteries, which Sony happened to manufacture. Ford sold trucks with Goodyear-branded tires, and recalled same.

I repeat, for those fanboys who are hard of hearing: it's the job of the professional media trolls to place the blame. Apple coulda scored tons by just profusely apologizing for the Windows virus getting into their distribution system. There are plenty of press hacks who will "go the extra mile" and explain why Windows sucks. This has nothing to do with fanboys and everything to do with business sense. Sorry, Apple screwed up. Don't cry too much, or your tears might crack your G4 cube.

Reality check

[mattr (78516)]

It's not just the iPod, viruses on shipped hardware seem to be getting more common. For example see below. Can't give other documented articles, but remember similar cases this past year. Anyone? The swipe at Microsoft sounds a lot like Jobs, looks like his personality has infected the company too. But Apple could win this by instating new controls over subcontractors and making a PR campaign in which they force them to use Macs or otherwise emphasize steps they've taken to minimize infection from Microsoft-based hardware. :)

Quote from article [digitalmusicnews.com]:

Earlier, McDonald's and Coca-Cola faced a similar problem in Japan during an MP3 player giveaway, though the events are unconnected. The iPod virus only affects Windows machines, and does not alter the behavior of the portable device itself or Mac operating systems.

Simple fix

[kop (122772)]

I used to work for a small company that made CD-ROM's
Only after we recieved 3000 copies of our free handout Amsterdam nightlife CD-ROM did we discover that there was a windows virus on all of them.
We simply slapped a "MAC only" sticker on them and handed them out!

lame

[cosminn (889926)]

Common, your product gets infected because of some slopiness, and you blame another company??

If Jobs doesn't like it, then stop making the iPod work on Windows. How would he like it if all of a sudden the iPod would be "disabled" by MS? He'd sue the living hell out of them (and for good reason).

Take the responsability for the screw up and fix it.

Why not prepare on OS X?

[xjerky (128399)]

For one thing, though I just bought an 80GB iPod, this didn't affect me, since the first thing I did was attach it to my G5 at work, so it was re-formatted into HFS the moment I started up iTunes.

But, I have to wonder why Apple prepares them on Windows machines in the first place. OS X has native support for FAT32 filesystems, so why not just prep them on OS X in the first place? And furthermore, why even have HFS iPods anyway? FAT32 iPods work fine on OSX.

Re:OK, I have to ask

[ColdWetDog (752185)]

How can something like this happen?! I just don't get it!

Not sure exactly what you are referring to. The virus infected iPoid? That's easy, somebody got sloppy.

The inane submission (quotes from another discussion board about a quote from a blog getting posted on another submission board). That's easy too, it's Slashdot Sunday!

Re:OK, I have to ask

[X0563511 (793323)]

No, it wasn't a virus for the iPod. It's a windows virus sitting on the iPod's filesystem.

Completely different beast.

Re:OK, I have to ask

[spvo (955716)]

The surprising thing is that the worst of the quotes, "As you might imagine, we are upset at Windows for not being more hardy against such viruses...", is still unchanged on the apple web page. Anyway, http://www.apple.com/support/windowsvirus/ [apple.com] has removal instructions for anyone who thinks they may have been affected by one of these ipods.

Not the full quote

[RetiredMidn (441788)]

The full sentence on the Apple website as of now (leaving room for the possibility that they've modified it since the uproar) is:

"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."

(Emphasis mine.)

...the full interpretation being that they place more blame on themselves and/or hold themselves to a higher standard.

If the "more upset with ourselves" phrase was in the original quote and people left it out to make Apple look [more] arrogant [than they actually are], shame on them.

Re:

[piquadratCH (749309)]

What's so bad about that quote? That it is nothing but truthful?

It's truthful, but classless. Apple screws up big time, and they have no better idea than to insult Microsoft? Common, that's so cheap...

Re:What's so bad about that quote?

[bealzabobs_youruncle (971430)]

Hardly a cheap shot really, if the OS wasn't such an open door this wouldn't be possible. I dock a poratble hard drive and get an exploit? Not a single prompt from the OS that something is going on? An application asserts itself as a start up process with zero sanity check? If Windows treated this properly it wouldn't try to manipulate files on removable media with no input from the user. If someone could craft an auto-executing file for other OSs, on OS X it would ask me for a password at least and name the process in question; Linux would do the same thing, or just fail silently. Doesn't happen on any other platform, it is a giant shortcoming of Windows as a platform. Stuff like this was supposed to be resolved in SP2.

No, it's a cheap shot

[Jay Clay (971209)]

If I make a product that screws up something in a typical environment that it's supposed to be in, then it's my fault and no one else's, no matter how cruddy that environment is. This isn't like an unknown flaw or something that's unforseen. Windows is what it is, and if a known shortcoming isn't worked around by your product, then your product is at fault.

Re:What's so bad about that quote?

[e2d2 (115622)]

Although it's true that windows has security flaws, this is true of most platforms. For instance if Apple had released a worm that exploited SSH instead, would we be arguing who's fault it was?

I'm sorry but as a developer myself I see this as extremely irresponsible. Admiting your faults is a core fundamental of software, you acknowledge and adjust. You don't finger point or make excuses for your own blunder, that's what amateurs do.

Re:What's so bad about that quote?

[MobileTatsu-NJG (946591)]

"...if the OS wasn't such an open door this wouldn't be possible."

If they had better QC in place, this wouldn't have happened. *Nix (including OSX) aren't 100% secure and never will be.

Re:What's so bad about that quote?

[nutshell42 (557890)]

Oh, and if your point was that OSX or Linux wouldn't auto-execute anything instead of "wouldn't auto-execute as root", most people would click OK on a dialog that reads "Clicking the OK button below will format your harddisk. Are you sure?"

If the user is bright enough not to click OK he's also bright enough to install an anti-virus tool.

Re:What's so bad about that quote?

[Quevar (882612)]

Not necessarily. I've had people ask me if it is okay to type in a password for various things. Anytime I help someone with OS X, I tell them to think about what they are doing whenever it brings up a dialog box asking them to do something.

I helped one of my friends who was very scared of computer a couple years back. I setup a limited access account in OS X and told them to try to mess it up, change the background, mess with all the preferences and just click on things and see what happens. I came back a week later and all the settings were changed. She didn't necessarily like all the settings, but when I actually setup her permanent account, she was much less fearful of changing settings. At this point, I told her to think twice about typing in a password when it asks. She has done very well and I haven't had to help her out with a computer at all in three years. She went from being scared of changing anything to pretty independent and safe at the same time.

So, my point is that there are a lot of people that do actually pay attention to these dialog boxes. I'd much rather have a few dialog/password boxes that are actually relevent than none. At least there is a chance that the person will think about it. Assuming people will click through the dialog without thinking is a rather negative view of users.

Re:What's so bad about that quote?

[lilfields (961485)]

It doesn't matter what the operating system is; if it's XP, Vista, OSX, Linux, the next Windows or even the next, it's Apple's responsibility to put checks in place to prevent such things from happening. This is just as much Apple's fault (more so in my opinion) as it is Microsoft's. What if the reverse had been true? What if the Zune shipped with OSX viruses, I bet the tune of Apple would be completely different.

Re:

[thestudio_bob (894258)]

Why is this classless? I finally applaud a company coming out and stating the obvious! MS opererating system is horribably insecure and easy to exploit. Sure a person can make it stronger, but the problem is that 90% of the population doesn't know how to do this. You have to be an ./ to figure it out. Why can't MS patch the holes? I wish more companies would actually put some pressure on them to fix the thing already. And maybe this media attention will help do that. And how is this "screwing up big time"?

Re:What's so bad about that quote?

[fbjon (692006)]

Bullshit. Microsoft has got nothing to do with this. Nothing! What matters is that malware found its way onto the iPods during production. It doesn't matter what the malware was, what purpose it had, or for what platform it was designed.

Putting Microsoft in the spotlight is shoehorning at best, and criminally hypocritical spin at worst, IMHO.

Sounds so familiar

[PopeRatzo (965947)]

When I first read that quote from Apple it really gave me the creeps.

I like Apple as a company too much to want to hear this kind of spin from them. I understand that they are embarrassed by having infected products going out to customers, but that doesn't excuse using that old Republican technique of trying to point fingers in order to deflect blame.

For example, the GOP tried to pin the entire Foley/Page sex scandal on the Democrats and George Soros, but that appears to have backfired as most people dislike that sort of scummy avoidance of responsibility. If Foley isn't writing emails and IMs trying to get into the drawers of congressional pages, there's no scandal, period. Nothing the Dems or George Soros did afterward have any bearing on that fact.

I don't want to see Apple doing that same sort of ugly spinning, but I guess that's what happens when the marketing people take over. I watched "Thank You For Smoking" last night, and the whole movie was about this very issue. It's a great flick by the way.

Re:But how is it an insult?

[WilliamSChips (793741)]

Insults don't have to be false. Actually, in general, if they're clearly false they're rarely insults.

Re:What's so bad about that quote?

[kubevubin (906716)]

So, by your logic, somebody who is shot and killed is immediately at fault because he/she isn't immortal? Oh, and the killer gets to insult the victim, too!

Re:What's so bad about that quote?

[Merle Darling (33121)]

Hey, it works in FPSs. =)

Re:

[CDPatten (907182)]

It happened because even Apple needs Windows at some point to make their products.

Appearently they used an affected windows machine at some point in the IMAGE process, and the virus infected the image. Most likely the image is built/cloned using Windows, but I won't go into that since I'm already going to be flamed for speaking against apple.

Re:

[NF6X (725054)]

According to TFA, the infected Windows machine was used for compatibility testing. Do you work for Apple? How do you know what kind of machines they use in their iPod manufacturing process?

Re:OK, I have to ask

[1u3hr (530656)]

It happened because even Apple needs Windows at some point to make their products.

It happens because Apple doesn't make their products. Subcontracters do. Apple doesn't have any factories.

It's a subtle bug, not obvious to solve

[goombah99 (560566)]

I've read that the underlying problem was more subtle, which might explain some of Apple's expressed frustration with MS. I can't confirm this but it may have been that the infected PC got the infection from a blank, formatted, drive from the drive manufacturer. Even if that is not true in this case, there is nothing stopping it from being true.
It's a pretty subtle bug that, until now of course, I know would have bitten me since I would not have looked for it. I, and the technicians who do jobs for me, often replace burned hard drives in my clusters and computers with units straight out of the box. In some cases we have pre-formatted hot-swap spares still in the shrink wrap sitting on the shelf waiting to go in.

On my macs and linux machines, I sometimes use external USB drives to share with Windows PCs. I don't usually reformat these specifically because I don't entirely trust that the macintosh disk formatting program will create a prisitine PC FAT format. In all likelihood it can, I just don't have the ability to know. And I have reason to doubt: past experience has shown that when one OS provider emulates another's native formats (e.g. Samba or UFS or HFS++ or ZFS or NFS) that the emulation is usually less than complete or has artifacts.

It would be a major hassle and expense, to have to reformat every drive in a rack of clusters one is upgrading. But apparently that is now the requirement to be sure the manufacturer did not ship you a virus on the "blank" harddrive.

The problem is perhaps more diabolical than it seems. Imagine some Apple engineer putting out some specs for the process standards the Chinese manufacturer must follow. He's paranoid they won't have good practices with keeping their windows boxes clean. He also wants to assure the peripheral performance is comaptible with the ipod loading software and to assure the integrity of the data transfers to the ipod. So he decides that the sure way to do this is to make absolutely certain the box has never been on the internet, and to spec every part, so the machine has to be built at the chinese factory from scratch. They then load in the special Apple approved Windows software CD with apples programs and data. Seems foolproof. But it's not.

One might argue that to actually eliminate you have to boot from a trusted CD and then format the drives. But wait, this does not solve the problem. Isn't the problem of creating a trusted CD or and ipod install the problem we started out trying to solve? So one has to some how have a system that one can trust to do this. And that system has to be available to the manufacturer. It's kinds slippery.

If you were about to suggest "well just use Linux" to format the drive, well then apparently you just emitted the same faux paux apple did. Blaming Windows for the problem.

Re:It's a subtle bug, not obvious to solve

[1u3hr (530656)]

If you were about to suggest "well just use Linux" to format the drive

According to some quotes in TFA, the Windows machines are used to check for compatibility, as iPods can connect to Windows as well as Macs, not for the manufacturing process itself. Perhaps the low number of infections (said to be 5%) means only a few iPods were given that check (normal QC wouldn't require every one to be checked for a consumer item).

For the same reason it's always happened...

[by Anonymous Coward]

Profit.

More specifically, it's because both Apple and Microsoft need to cut corners on their products to make a suitable return.

Microsoft ends up releasing low-quality software that has serious security glitches. Such glitches allow for malicious software to easily harm systems and propagate throughout networks.

Apple, on the other hand, cuts down the quality of their hardware manufacturing processes. And with that decrease in quality, we see incidents like this happening.

Notice that some of the highest qual

Re:For the same reason it's always happened...

[nine-times (778537)]

Apple, on the other hand, cuts down the quality of their hardware manufacturing processes. And with that decrease in quality, we see incidents like this happening.

This isn't a "hardware manufacturing" problem. The iPods got hooked to a Windows machine, probably during some QA process, and got infected. The hardware is fine.

Re:OK, I have to ask

[nine-times (778537)]

I can think of two basic ways this could happen. First, it could be sabotage. Some guy might be infecting these things with a virus for some reason. It doesn't seem like an effective way to spread viruses, though. But you know, maybe there's just some guy at the iPod factory who is a dick and thinks it's funny to put viruses on them.

The other way I can imagine this could easily happen to a small number of iPods is if there's a QA process that involves hooking a random sample of iPods to Windows machines, and some worker was using one of these machines had managed to get it infected with a virus. It could even come from a machine that is supposed to scan for viruses, if the virus scanner was compromised or out-of-date.

If you RTFA (which is short), it indicates which of the two Apple believes happened.

Re:Can Someone Tell Me

[Space cowboy (13680)]

It doesn't.

Since the device appears like a hard-drive to Windows, Windows will run any code set to auto-execute as soon as the disk is plugged in. The ipod just acts as a carrier in this instance.

It appears that one of the QA machines used to test windows compatibility had the virus on it, so when the randomly-sampled fully-finished ipod was plugged in for a QA compatibility test, the virus was uploaded onto the ipod's hard disk by Windows, and just sat there waiting until it was plugged into another Windows PC. None of this involves any activity by the ipod itself, it's all being done by Windows.

Not that I think Apple's comment was all-that-great, and they'll have to deal with the fall-out, but I could see Apple being just a tad frustrated about this...

Simon.