Denial
05-20-11
Based on art by fleky_lude
I’m allergic to stupid people. Within minutes of exposure I start to feel woozy, then I start to cough. Shortly after that I become uncomfortable and irritable. Pills don’t help. My only relief comes from removing the stupid people. Educating them would be ideal, but stupid people are usually remarkably resistant to facts. Other forms of removal are generally out of the question due to social conventions or legal limitations. The second best treatment seems to be comic relief.
Today, in a matter of minutes, I was exposed to nearly fatal doses of stupidity. Apparently the recent bout of malware at Apple has produced an unusually high outpouring of unintelligence. Enjoy my anecdotal antidote: a collection of stupidity, mingled with facts.
Apple to their support agents: Do not confirm or deny that any such software has been installed.
Can you imagine that support call?
Customer: “Hi, I think I just installed that new Mac virus they’ve been talking about. I installed some official looking Mac software yesterday, now today while my 6 year old was on the computer, it kept popping up p*** and I can’t get it to stop.”
Apple Support Rep: “Sorry, I can neither confirm nor deny whether your computer was infected.”
Customer: “Does that mean you don’t know?”
Apple Support Rep: “I can neither confirm nor deny that.”
Customer: “I just want to know if I have a virus.”
Apple Support Rep: “Macs don’t get viruses”
Customer: “Worm then?”
Apple Support Rep: “We have no worms”
Customer: Then what do you call the current “Mac Defender” outbreak?
Apple Support Rep: “A fluke”
Harvey Lubin: There are NO Mac viruses…There are many great freeware anti-malware utilities for Mac OS X.
Alternate Translation: There is no such thing as aliens. Why don’t you buy one of these lovely tinfoil hats? It will protect your mind from being scanned and controlled be the aliens. Yes, the aliens that don’t exist. That’s right. Very important to protect that mind, can’t be too careful. If you don’t protect it, you might end up becoming a stupid person like me.
Harvey Lubin: Windows [users] might think that the “sky is falling” for Mac users, but nothing is further from the truth. Mac OS X has ALWAYS been free of viruses…Mac users…know that the sky is NOT falling.
This Harvey fellow is quite a guy. With so much to choose from, I had a hard time limiting myself to just his best bits. Here, have a cultural reference:
[The Emperor walks into the street wearing sandals, a crown, and nothing in the middle]
Citizen: Look! The Emperor has no clothes!
Harvey Lubin: Of course the emperor has clothes. He has a whole closet full at home that we’ve seen plenty of times. Our Emperor always wears clothes.
Citizen: But he isn’t wearing any now.
Harvey Lubin: Of course he is. Sandals and a crown are both clothing. Our Emperor always wears clothes.
Citizen: But he isn’t wearing anything in between.
Harvey Lubin: Of course he is. You are just to stupid to see the clothes. You’re so stupid, you probably lock your door and have an antivirus installed on your computer. Stupid people can’t see the Emperor’s clothes, but our Emperor always wears clothes.
Here’s a quarter Harvey, go call a shrink. Either do something about that denial (denial isn’t healthy) or do something about those sartorial hallucinations (which are really unhealthy).
Arminw: There has NEVER been one, I repeat, even one VIRUS for OS X in the wild, although an exceptionally talented hacker has been able to penetrate OS X, by enticing a cooperative user into deliberately visiting a rigged website.
This makes me wonder what username arminw would consider to be a virus. At the most recent “pwn2own” (an annual competition where you get the computer and/or a bounty if you can break into it remotely, with no user interaction beyond visiting web sites) Mac/Safari was the first to fall. Here’s the conversation I imagine having with Arminw:
Me: So, what about that Mac/Safari exploit that was used at pwn2own
Arminw: Not a virus
Me: But they executed arbitrary malicious code on the Mac without the user’s consent
Arminw: Not a virus
Me: But they could have erased the hard drive.
Arminw: Not a virus
Me: They could have injected a remote control program cutting off all user controls and giving all mouse and keyboard control to Fidel Castro.
Arminw: Not a virus
Me: Fidel could have then used the computer as part of a network of zombies to hack the US DoD network.
Arminw: Not a virus
Me: Fidel could have gotten on your Facebook and sent all your friends a link to the web site that infected your computer, claiming that it is a link to a video of Obama singing in the shower?
Arminw: …Not a virus
Me: What if the injected program posted the link on Facebook all by itself (no Fidel needed)?
Arminw: ……………….Not……yeah, not a virus
Me: Why not?!?!
Arminw: Because my friends won’t get infected until they get on Facebook and click the link to watch the video.
Me: So what if there were also a security hole in Facebook at the same time that allowed the injected program to post a link that would redirect people without them having to click on it.
Arminw: But there isn’t a security hole like that on Facebook.
Me: But what if there was.
Arminw: ….um…..hm……well……….still not a virus, because my friends would have to log into Facebook.
Me: OK, whatever, so we’ll say it isn’t a “virus”, this injected program is still bad right?
Arminw: Yes.
Me: You don’t want it running on your computer right?
Arminw: Right.
Me: So don’t you think you should at least install an Antivirus solution on your Mac?
Arminw: No. Macs don’t get viruses.
Info-Dave: No, there aren’t any Mac bot nets.
Vulpine: Actually Info-Dave, there is one consisting of about 60,000 machines.
ScorpioBlue and Info-Dave: You are making this up.
pk 7: http://lmgtfy.com/?q=mac+botnet
Pwned.
Chorus of Mac users in denial: But there are NO Mac viruses. There never have been, there never will be.
How’s that fortune telling gig working out for you?
http://lmgtfy.com/?q=list+of+mac+viruses+2010. Pwned again! I think it’s time for you to find a new career. Preferably something far far away from technology, that won’t require you to use Google, and won’t inconvenience you with facts. Perhaps something at Burger King?
Now that I have my happy face back, let’s talk a moment about this outbreak. Do you know the last time I encountered a PC virus that displayed random P***? That’s right, never. Do you know how long it takes antivirus vendors to stop a major virus outbreak? Less than 24 hours. I’ll pick a random example that was easy to find on Google: Mydoom.BB was a major virus that hit PCs in 2005. The virus was discovered late February 16th. By midnight some AV solutions had already pushed updates protecting against it. By the following morning the majority of AV solutions had pushed updates, and before the end of the day on the 17th EVERY significant AV had pushed virus definitions. In other words, the “epidemic” (if you can call it that) lasted a day, then ended. After 24 hours only the handful of users who didn’t have an AV were still affected.
Compare this to the MacDefender outbreak. This malware was first encountered by support reps a couple of weeks ago. Rather than being stopped and over, the number of infections is still rising, and the rate of new infections is still rising. Why? Because Apple has built an empire on the sandy foundation of “you don’t need an antivirus if you run a Mac.” This works only until someone writes a virus; then it’s the BP oil spill all over again.
Denial is not an appropriate security strategy. Yes, you need systems in place to prevent the worst, but then you need more systems to stop the bleeding in case the worst happens; because it will happen.
In parting, I leave you with this final wisdom:
Customer: Why doesn’t this house have any locks on it?
Apple: Don’t worry, this is a safe neighborhood. You don’t need a lock because we don’t get break-ins.
Customer: What about that family that was found murdered in their sleep two weeks ago?
Apple: That wasn’t a break-in. The intruders just walked in the already open door. Nothing was broken.
Would you buy the house?
