Update: Excuses on iPod virus not credible

Security and quality assurance experts reacted negatively to Apple Computer's efforts Tuesday to blame manufacturing problems that resulted in iPod MP3 players shipping with a virus that affects Microsoft's Windows operating system.

Security professionals, including Microsoft's own product release virus scanning chief, called Apple's efforts to deflect blame onto Microsoft misleading and said the batch of factory-infected iPods reveals a troubling lack of thoroughness in the company's manufacturing process.

On Monday, Apple released a statement on its Web site noting that a "small number of video iPods shipped with a Windows virus," which the company identified as RavMonE.exe. The number of affected iPods is small -- less than 1 percent of all Video iPods available for purchase after Sept. 12, 2006, the company said in its statement, adding "as you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."

That statement drew criticism from security experts, including Jonathan Poon, the man in charge of scanning Microsoft products for viruses before they ship.

"It's not a matter of which platform the virus originated [on]. The fact that it's found on the portable player means that there's an issue with how the quality checks, specifically the content check, was done," Poon wrote in a blog entry.

James "Randy" Abrams, who held Poon's job for more than a decade at Microsoft and is now director of technical education at ESET, agreed.

"The Apple iPod incident was not about Microsoft having a hardy operating system, it was all about security and process," Abrams told InfoWorld in an e-mail message.

Viruses on Microsoft's network weren't unusual when Abrams was testing that company's products before shipping them, he said.

"I released software in an environment surrounded by Windows machines. Many machines on the corporate network were infected. We never introduced a virus into the software in the release or manufacturing processes because we had a professional understanding of what it took to release what we were supposed to," he said.

"That Apple would blame Microsoft demonstrates a lack of understanding of remedial security and manufacturing processes. Virus was only a symptom of the problem. Apple didn't know what they were shipping," Abrams said.

Greg Joswiak, vice president of iPod product marketing at Apple declined to comment in detail about the iPod infections, but did acknowledge that around 25 systems were infected by a Windows system that was used during manufacturing to test compatibility with the devices. The RavMonE virus did not spread to the system through a network connection, but was installed by a peripheral device, he said.

Joswiak declined to speculate on whether the worm was intentionally introduced, or whether it was spread from an iPod to the machine.

He did, however, defend the company's manufacturing and quality control procedures.

"It was an exception to our process," he said. "We believe we have a good process and we're going forward."

Joswiak also stood by the company's statement regarding Windows.

"Isn't that true?" he responded when asked about the company's statement about Windows not being robust in the face of viruses.