The latest leaked internal memo from Apple reveals how the company is trying to distance itself from the recent rash of Mac-specific malware.
According to a document obtained by ZDNet security reporter Ed Bott, Apple is now instructing its AppleCare support staff to entirely avoid helping customers who call in complaining that their computers have been infected with the MacDefender Trojan.
A fake antivirus program, MacDefender tries to convince users that their systems are infected with malware, and that the only way to fix the problem is to purchase the bogus MacDefender software. Discovered in early May, the fake program has been quickly spreading, drawing an uptick in customer complaints, an AppleCare support rep told SecurityNewsDaily.
Don't remove malware
The May 20 confidential memo, which Bott says was sent to him by from an Apple support rep who wishes to remain anonymous, tells support reps to send customers "an article about what malware is and is not," and clearly lists items support staff must "never do" when fielding customer calls about MacDefender.
It reads: "You cannot show the customer how to force quit Safari on a Mac Defender call. You cannot show the customer how to remove from the Login Items. You cannot show the customer how to stop the process of Mac Defender in their Activity Monitor. You cannot refer the customer to ANY forums or discussions boards for resolution (this includes the Apple.com forums)."
The Apple.com discussion boards have been rife with pleas for help from MacDefender victims as well as suggestions on how to rid your system from the invasive Trojan.
Apple's motives unclear
Apple's revised security policy comes one week after a May 16 internal memo, also leaked to Bott, instructed AppleCare staff to neither "confirm or deny" the presence of MacDefender on a customer's computer, and to direct callers to the Apple Online Store to purchase third-party antivirus programs.
Apple's stance, however, does not appear to be borne out of malice. The company is likely trying to avoid liability should a support staff member accidentally damage a customer's computer during an attempt to remove MacDefender.
The memo justifies Apple's avoidance policy by explaining, "According to the client the point of this is to empower the customers to become more internet and security savvy."
Who will come to the rescue?
As Apple attempts to avoid culpability, it is also potentially missing a lucrative chance to help protect frustrated customers.
Its policy of directing malware victims to purchase third-party antivirus software, however, may greatly benefit antivirus software vendors.
A comment to Bott's article reads, "Alternate title would read 'Best Buy readies for massive Virus Removal traffic as Apple ignores its customers.'"
Apple did not return calls and emails for comment.