The Hamburglar Meets the iPod

General

14

The Hamburglar, http://en.wikipedia.org/wiki/Hamburglar, was the crook in some old McDonald's commercials. It appears that Hamburglar has returned to steal information from McDonald's customers. Don't worry, you would have to be one of 10,000 winners (in Japan) to get this special treatment, the rest of us losers keep our passwords.

McDonald's unfortunately put their trust in a supplier who does not have much understanding of quality assurance or quality control. Potentially McDonald's should have caught the problem, but they are not technology experts.

There is only one way that software (or hardware with software on it) releases with the wrong data (malware is the wrong data). That is if the company releasing the data doesn't know what they are releasing.

Now comes news that Apple released iPods with a windows virus on them http://news.zdnet.com/2100-1009_22-6126804.html?tag=zdfd.newsfeed.

McDonalds promptly apologized and set up a help line for affected users. Apple promptly blamed Microsoft and apologized. Apple doesn't seem to get it. It isn't that there was a virus on the iPods, the issue is that they did not know what they were releasing. I don't expect McDonalds to understand technology, but Apple should.

McDonalds did the responsible thing and accepted responsibility. Apple tried to deflect blame by pointing fingers at Microsoft. The problem was not that Windows wasn't hardy enough, the problem was that Apple didn't know what they were releasing. It didn't help that someone made extremely poor security decisions using a PC. We are not talking about a worm exploiting zero-day vulnerabilities in Windows, we are talking about a complete lack of security in a manufacturing environment. Additionally manufacturing completely failed to institute basic quality assurance and moderate quality control. But hey, why waste an opportunity to blame Microsoft for content on an iPod? That sounds so much better than admitting the obvious truth that they really didn't know if the iPods had viruses, porn, or evaluation copies of Windows Media Player on them!

I probably better point out that this is my opinion, and not necessarily the views of my employer or a techie I know in New Zealand!

Randy Abrams

Director of Technical Education ESET LLC

Author ESET Research, ESET

  • Nick

    I agree 100% on the iPod. Apple should be ashamed of themselves for doing it in the first place and even more ashamed for trying to deflect blame.

    BTW, you should see this blog in Safari. I had to switch to Opera to even read it. I don’t know whether that’s down to poor programming standards at Apple or whether this page isn’t web-standards compliant. (I haven’t checked the page at W3C.)

  • http://rixstep.com/ Rick

    Funny on the Safari thing. Using Safari here it looks pretty OK. Which is even more cause for worry if you think about it. As far as iPods go, yep – and Apple are certainly not acting out of character either.

  • yuzyu

    You expect Apple to understand technology?

  • Mat

    You’re quite right, Apple should have a decent quality control process in place which checks what goes out for sale – if they did this they wouldn’t be in this position. That said, I can see that it must be a little frustrating that their product is brought down by a ‘Windows problem’ i.e. malware. However, any frustration like that should have been kept private and not childlishly vented and associated with finger-pointing.

    I disagree with Jon Poon’s comment on this Apple advert though. Firstly, this advert was not released in response to this cock-up and secondly, the point it makes is fair enough – Windows is susceptible to viruses, OS X isn’t.

    (Incidentally, Safari is one of the most compliant web browsers out there – look at http://www.webstandards.org and take the Acid2 test. Running this page through HTML validation generates 81 errors…)

  • http://anti-virus-rants.blogspot.com/ kurt wismer

    @mat
    “I disagree with Jon Poon’s comment on this Apple advert though. Firstly, this advert was not released in response to this cock-up and secondly, the point it makes is fair enough – Windows is susceptible to viruses, OS X isn’t.”

    a) he wasn’t saying the video was in response to this problem, he was showing it as an example of how apple thinks about the virus problem (ie. “it’s not our problem”)…
    b) you are falling for apple’s snake oil on the virus susceptibility issue… there are 3 separate ways in which that message is false: first in that a mac is a general purpose computer it is susceptible to viruses by definition, second as mac osx is a flavour of unix it should be pointed out that the initial academic treatment of computer viruses had them operating on a professionally administered unix system, and third osx/leap (besides being a proof of concept and an instant messaging worm) is an overwriting virus that at least some people have seen in the wild on mac osx machines…

  • Mat

    @kurt
    I missed a crucial ‘that’ in Jon’s sentence, apologies.

    Ironically I just read your post about that Mac advert and then saw your comment. I agree that Mac owners can be part of the problem by not running suitable security software and thus allowing malware to pass through them. Your points about Macs, as computers being susceptible to viruses are obviously irrefutable. It would certainly be useful if Macs shipped with their Firewalls turned on etc. However, I still have sympathy with the advert.

    In real terms, if your average user does not want to be troubled by malware, they are better off buying a Mac with OS X. The advert is aimed at average users. Sure, my PC’s never been hit by a nasty virus that I couldn’t get rid of – but I’ve got up-to-date software, firewalls etc – it takes positive effort to keep my PC clean. My dad, who can just about use Word, doesn’t know how to keep his virus stuff up-to-date, doesn’t use anything other than Windows’ built-in firewall is a more average user. When he replaces his laptop (on which I’ve already had to reinstall Windows from scratch due to >800 virus-infected files), I’m not going to be encouraging him to get another PC. For him, the message of that advert true – buy a PC, [probably] get a virus; buy a Mac, [almost certainly] don’t. And as such, why shouldn’t Apple exploit what is undoubtedly a positive selling point of their systems?

  • Kerry

    “Sure, my PC’s never been hit by a nasty virus that I couldn’t get rid of – but I’ve got up-to-date software, firewalls etc – it takes positive effort to keep my PC clean.”

    With so many programs that self-update, I think the effort is becoming more and more minimal. I run antivirus, firewall, and antispyware, and I have all set to auto update. I don’t have my Windows updates set to auto install, but that’s only because I like to see what’s happening. I’ve not had any malware problems on my PCs in several years.

    Also, I think the lack of Mac viruses have everything to do with lack of interest in creating them. I’m surprised that, with all the “Macs don’t get viruses” ads, more virus writers don’t concentrate on Mac just to prove they can do it.

  • psyXonova

    @Mat
    With 96% percent of the users using some version of Windows, it’s obvious that the average user is the Windows one. So, Apple’s commercials target the Window user (and not the average user in general) since most people dont even know how OSX looks like.
    Same goes to the virus programmers. They are focusing to Windows because hundreds of million ppl are using it. A simple Google will show you that security flaws exist (besides windows) to other OSs too. In fact Apple has patched a several dozens of them since the initial launch of OSX. Some of them were really serious, kernel level flaws. And that without having all the hackers worldwide trying to break in.
    And the worst thing is that Apple is still advertising it has the most secure OS out there. In fact, all Mac users I know strongly believe that OSX is invunerable. None of them is using antivirus or firewall and they dont plan to ever use one (for them it will be like reverting to windows).
    This makes OSX *really* vulnerable. It wont take a long time before someone decides to attack Macs (some hackers allready started trying, again Google) and when this happens… it will spread in no time.
    So, instead of accusing Windows perhaps Apple should take care of its own products and stop helping the spread of viruses by delivering them inside a 400$ iPod.

  • http://anti-virus-rants.blogspot.com/ kurt wismer

    @mat
    their message is only true if/when you add the appropriate caveats to it (which they don’t)… without those caveats it gives consumers a false sense of security and so i call it snake oil…

    while the mac may be the ‘safer’ platform (for now), that doesn’t excuse snake oil or denial that the malware problem is a problem they need to be concerned with…

    by the way, have you ever considered linux for your dad? it’s probably a cheaper way to get a similar degree of ‘safety’ since it wouldn’t require purchasing an entirely new computer…

  • Sarah

    This is bad bad news for companies’ security. The threat endpoint devices pose is pretty scurry! GFI just issued an article in response to this Apple ipods shipping out with malware issue… it’s at: http://www.gfi.com/news/en/ipodvirus.htm – seems like threats are rising and keep on rising!

  • Pingback: Marc Liron - Microsoft MVP » Blog Archive » Apple Blame Microsoft?

  • JAMIE ALLEN

    I’M TRYING TO GET APPLES EMAIL ADDRESS SO I CAN SEND A INVOICE FOR $59.OO FOR THE WORK THE WANT TIO DO TO ENSURE THE IPOD THEY SENT ME IS OK.I FEEL THAT ALL IPOD USER SHOULD BE PAID TO INSPECT THESE IPODS.APPLE EMAILED ME,BUT WHY CAN’T I EMAIL THEM?

  • Sam

    ok… you left an extremely important piece of information… it was not apple that released the virus, the virus was on a windows computer at the testing facility in china. When the iPods were being processed, one of the workers would pull a random iPod out of the line, test it on a WINDOWS computer, then put it back into the line. The problem was that the virus on the computer infected anything that was plugged into it, in this case, any iPod… It was in the newspapers and on KCRA 3… It was a while back though…

    • David Harley

      According to Apple themselves, “less than 1% – of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus.” While I don’t necessarily fully agree with Randy’s harsh comments, surely Apple has some responsibility for problems with its products that may affect legitimate customers, even if the error didn’t take place in Cupertino?

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

5 articles related to:
Hot Topic
17 Oct 2006
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.