Forgot your password?
typodupeerror
Security Upgrades Apple

Apple Pushes Unwanted Software To PCs, Again 267

Posted by kdawson
from the just-updates-please dept.
itwbennett writes "Blogger Steven J. Vaughan-Nichols wags his finger at Apple for indiscriminately pushing the iPhone Configuration Utility 2.1 update out to Windows users, since it is a tool for business system administrators to set up and administer corporate iPhones — the blogger himself (and practically every other iPhone user) not being of the corporate iPhone user persuasion. But more than just unnecessary, the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing 'not just a configuration program, but the Apache Web server as well,' says Vaughan-Nichols. 'A Web server like the one Apple [is] adding to your PC... [is] a gateway just asking to be hammered on by an attacker. Managed properly Apache is as safe a Web server as you'll ever find, but ordinary PC users shouldn't try to manage it, and even an expert can't do anything with it if they don't know it's there.'" Reader CWMike notes that Apple pulled the iPhone Configuration Utility from the update list after a few hours.
This discussion has been archived. No new comments can be posted.

Apple Pushes Unwanted Software To PCs, Again

Comments Filter:
  • Not really... (Score:3, Informative)

    by Darkness404 (1287218) on Monday September 28, 2009 @08:18PM (#29574429)

    the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing

    Millions? Lets see here, the update was only recommended for a few hours and was quickly pulled. How many people do you think update constantly? If Windows updates are any indication (and most just install in the background with almost no user interaction) chances are very few. We aren't talking about "millions" but a few thousand in the worst case.

  • pushes? (Score:3, Informative)

    by Anonymous Coward on Monday September 28, 2009 @08:22PM (#29574473)
    I'm not so sure if asking me if I'd like to update/install something is the same as having it "pushed" to me. I had the Apple Software Update thing pop up on me the other day, I unchecked the items I didn't want (the iPhone Config Util being one of them), and I went ahead and updated the software that I did want. So how exactly are they "forcing" this one me?
  • Re:Not really... (Score:5, Informative)

    by Anonymous Coward on Monday September 28, 2009 @08:24PM (#29574497)
    I'm sorry, but this is NOT even close to true. It has been offered for at least a week, and came up again on my machine last night. I've had it "offered" several times now on both machines. I don't know who first said it was only a few hours but that is just dead wrong.
  • Re:Not really... (Score:5, Informative)

    by Colonel Korn (1258968) on Monday September 28, 2009 @08:25PM (#29574509)

    the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing

    Millions? Lets see here, the update was only recommended for a few hours and was quickly pulled. How many people do you think update constantly? If Windows updates are any indication (and most just install in the background with almost no user interaction) chances are very few. We aren't talking about "millions" but a few thousand in the worst case.

    Well iTunes has been installing the Apple Updater Thingy by default for a long time, so the question is how often that checks for updates. And according to Ars Technica (http://arstechnica.com/apple/news/2009/09/apple-pushes-unwanted-enterprise-tool-to-windows-users.ars) the update was actually pushed "earlier this month" and only came to the attention of the online media today. It sounds like it was pulled a few hours after it hit half the computer-related news sites, not a few hours after it was pushed out to users.

  • by zn0k (1082797) on Monday September 28, 2009 @08:33PM (#29574567)

    I have the iPhone Configuration Utility installed on a work machine as we support a few dozen iPhones at work. Just checked, and there's no Apache process (just an iPCU.exe) when running the app. One of the links in the summary also mentioned using a browser against localhost:3000 for configuration, netstat shows no process listening on that port.

  • Re:Not really... (Score:5, Informative)

    by MichaelSmith (789609) on Monday September 28, 2009 @08:36PM (#29574603) Homepage Journal

    My sister in law runs itunes on her windows laptop. When she bought it I installed firefox for her to use then she called me to report some strange behavior. She had somehow started running Safari. Firefox had disappeared. So either it happened automatically or she was tricked into installing it.

  • Re:Not really... (Score:3, Informative)

    by dreamt (14798) on Monday September 28, 2009 @08:37PM (#29574619)

    Thank you. And in addition, it was listed in a check-box list of items. True, it was enabled by default, but the user still had to hit the button to install it.

  • by Intron (870560) on Monday September 28, 2009 @09:07PM (#29574921)
    They push Yahoo! toolbar unless you uncheck the box.
  • Try again... (Score:4, Informative)

    by spywhere (824072) on Monday September 28, 2009 @09:10PM (#29574955)
    Sun was pushing the Bing toolbar with a pre-checked box until last week... now they're pushing Carbonite 30-day trialware the same way.
  • by sbeckstead (555647) on Monday September 28, 2009 @09:26PM (#29575071) Homepage Journal
    No I can't find the Apache server other than the one I installed on purpose.
  • by Derwood5555 (828126) <derwood@naebu n n y .net> on Monday September 28, 2009 @09:36PM (#29575185)
    Quicktime Alternative, FTW.. No iTunes, no iPhone, no iToilet...
  • by Jaktar (975138) on Monday September 28, 2009 @09:48PM (#29575301)
    Even better, VLC media player. Hardly a need to install anything! http://www.videolan.org/vlc/ [videolan.org]
  • Re:Not really... (Score:5, Informative)

    by Brian Gordon (987471) on Monday September 28, 2009 @09:53PM (#29575351)

    Defending Apple? In my slashdot?

    This was a stupid move and Apple's not as innocent as you claim. Defaulting the box to checked is almost equivalent to installing it without consent and Apple knows it. In both cases you end up with users loaded down with crap they don't need and distrusting updates, which has real dollar costs. The only difference is that in the former case the tech crowd squeals a little less, so that's the route they choose.

    Honestly, even if they were really stupid enough to not see any problem when they did it the first time, they have no excuse for doing it a second time. Why would they put it out and then withdraw it a few hours later? Did they forget the user backlash from the first time?

  • by fermion (181285) on Monday September 28, 2009 @09:53PM (#29575355) Homepage Journal
    Except that we are not talking about OS X. We are talking about MS Windows, which does not come with Apache, so that is why it might be installed.I see not documentation on it being installed. I see a number of items that must be installed to support the utility.
  • Re:Not really... (Score:3, Informative)

    by NibbleG (987871) on Monday September 28, 2009 @09:56PM (#29575377)
    I don't have an iPhone either, I do have a iPod Touch, but both the iPhone Config are checked when iTunes has an update. Safari is ALWAYS checked, even though I have never installed it.
  • Re:Likely Accidental (Score:2, Informative)

    by iMouse (963104) on Monday September 28, 2009 @10:32PM (#29575687)

    Maybe you just failed to notice that Bonjour, QuickTime, and MobileMe are all tied to iTunes for functionality.

    MobileMe is tied in to iTunes for iPhones, Bonjour is for iTunes Sharing, and QuickTime is required for iTunes functionality.

    Safari has been known (recently) to prompt for optional installation, but is not checked for installation by default. Your wife would have to check the box and click the install button to "accidentally" install Safari. Also, she is prompted to install these items because the Apple Software Updater process is running on startup. Whoever installed iTunes failed to read and uncheck the box for it to not be installed.

  • Re:Not really... (Score:3, Informative)

    by node 3 (115640) on Monday September 28, 2009 @10:43PM (#29575775)

    Hahaha. Patently false.

    "Patently false" and "here's a minor detail you left out" are *not* synonymous.

    What's more, your "minor detail" is, itself (ironically) patently false. It wasn't in the "update" section, because there wasn't an update section at that time. The "Updates" and "New Software" sections were put in in response to people complaining (rightly so, but a bit hyperbolically in tone) about it.

  • by Kalriath (849904) * on Monday September 28, 2009 @11:52PM (#29576197)

    Since when has "virtually no" meant "no"? IIS6.x has had eight vulnerabilities in its seven years of existence (only seven if you search CERT). Less than one a year. IIS7.x has had two in two years (three if you search CERT, plus one "unreliable"). One a year. Apache 2.0.x has had TWENTY-FIVE, and Apache 2.2.x has had TWENTY SEVEN.

  • by KGIII (973947) * on Tuesday September 29, 2009 @12:40AM (#29576489) Journal

    By the same token you can click on Microsoft's updates and, you know, actually read what they are for and what they do. They even have a link to tell you.

    Err... Most of the time.

    Fairness in our bashing would go a long ways.

  • Re:Not really... (Score:4, Informative)

    by Achromatic1978 (916097) <robert AT chromablue DOT net> on Tuesday September 29, 2009 @02:44AM (#29577155)

    And you want to compare this to Microsoft? The company that hands you Windows Media Player like it was a security patch, and hogties your system with so much DRM that you need a cabal of starving Russian crackers just to restore your fair use rights?

    Yes, I do. Because Apple installs Quicktime when you install iTunes. iTunes when you install Quicktime. Safari when it thought it could get away with it when you installed iTunes.

    And when you tell Quicktime to not be the default audio / video player, good luck. It'll still be there. As will iPodService.exe as a kernel-level service, even when you've never used an iPod.

  • Re:Likely Accidental (Score:3, Informative)

    by TheThiefMaster (992038) on Tuesday September 29, 2009 @03:24AM (#29577371)

    Safari used to be checked by default.

    I remember being quite annoyed at it.

  • by ground.zero.612 (1563557) on Tuesday September 29, 2009 @11:36AM (#29581145)

    I think it's a sekrit ploy by Steve Jobs to focus the negative virus/malware based attention away from Apple and toward Microsoft.

    What better way to add fuel to the "Apple doesn't get viruses" lie than to have Apple install not just an exploitable software, but a fucking web server, which can be used to proliferate more worms/malware/viruses on the Windows machines.

    I would say that's exactly what is happening, especially when a different post here mentions that this "update" was "intended" for corporate IT administrators... I'm a systems administrator; do you have any fucking clue how pissed off I would be to find out that Apple just turned my network of workstations into a network of web servers? Thankfully we don't have any automatic updates turned on, and every time I update our images I intentionally neglect iTunes and Quicktime.

"Don't discount flying pigs before you have good air defense." -- jvh@clinet.FI

Working...