Apple Pushes Unwanted Software To PCs, Again 267
itwbennett writes "Blogger Steven J. Vaughan-Nichols wags his finger at Apple for indiscriminately pushing the iPhone Configuration Utility 2.1 update out to Windows users, since it is a tool for business system administrators to set up and administer corporate iPhones — the blogger himself (and practically every other iPhone user) not being of the corporate iPhone user persuasion. But more than just unnecessary, the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing 'not just a configuration program, but the Apache Web server as well,' says Vaughan-Nichols. 'A Web server like the one Apple [is] adding to your PC... [is] a gateway just asking to be hammered on by an attacker. Managed properly Apache is as safe a Web server as you'll ever find, but ordinary PC users shouldn't try to manage it, and even an expert can't do anything with it if they don't know it's there.'" Reader CWMike notes that Apple pulled the iPhone Configuration Utility from the update list after a few hours.
Any verification on the Apache web server? (Score:5, Insightful)
No one else reporting on this "issue" (it was a mistake folks - chill out) has mentioned installing Apache, which would definitely be a huge issue.
Has anyone here independently seen this supposed Apache installation?
Re:Not really... (Score:2, Insightful)
So that's why I get this "iPhone configuration utility" on my PC when I don't even have an iPhone.
Obviously Apple has learned that installing software without user consent will only earn a slap on the wrist from the users at the very best.
Re:Not really... (Score:2, Insightful)
Re:Any verification on the Apache web server? (Score:2, Insightful)
EVERY Mac OS X installation comes with Apache [oreillynet.com]. It's off by default and you're never asked to turn it on (you can turn it on system preferences though). If the mere existence of a web server on a computer is security risk, then everyone with a mac is screwed!
Re:pushes? (Score:4, Insightful)
Not everyone is a slashdotter. In fact, you'd be less vulnerable even if you install it just because you're a techie and post on a site that bills itself as 'News for Nerds'. So, the name (iPhone Config Util) itself sounds like something an iPhone user would want.
pulled, not pushed. (Score:3, Insightful)
Re:Not really... (Score:5, Insightful)
The big problem I had with it was what it was called which was "iPhone Configuration Utility" and the kicker is she owns an iPhone. Which confused me because she had nothing installed on there for her iPhone, only her iPod. So there I was debating on whether or not to install this for her because it sounded applicable and useful to her. I didn't install it but if I did, I would pissed to know that her five year old piece of crap Windows machine is now running an Apache server. Additionally, I had to uncheck Safari. Then I have to go into msconfig and uncheck the damned Quicktime (try installing iTunes without that!) run on startup shit that is always reset when you install iTunes. Because everyone wants that running non stop in the background especially when you have only 512 MB of SDRAM. So I did the little dance and I've bitched about it before but no one seems to care. It's bloatware and it sucks. Her computer can't even run iTunes videos, she just uses it for music but no one seems to care about that. Apple's the king of usability, design and interface chic!
Now we get this story where someone points it out. Do we see people roll in and viciously attack Apple like we all would attack Microsoft if IE8 had Bing's Javascript Attackable Toolbar checked by default on installation? Or Microsoft's indexing service that eats up all your cycles whenever it feels like it? No, no, what we get is "there were maybe a thousand people, relax" or "it's not pushing, you could have unchecked it" or "the Windows people don't know how to update anyway."
Unbelievable. How many free passes does Apple get before you start to question their infallibility? Hey, everyone makes mistakes but you guys are dreaming up probables and likely scenarios that somehow excuse Apple. Why?
Re:Likely Accidental (Score:4, Insightful)
Incorrect. Apple Updater has been popping up every time my wife opens iTunes (and sometimes even when she doesn't) asking her to install Bonjour, Safari, MobileMe, QuickTime and the iPhone Configuration Utility.
Can't argue with that!
And aren't we aware of Apple's iPhone in the enterprise push with IT buyers? Apple would love to say, "With over 10 million installs, the iPhone Configuration Utility is widely adopted by corporate IT departments". Nevermind that 99% of those are due to the "accidental" installation.
You also have to ask yourself, have they ever done anything to indicate their shyness with regard to software installation? QuickTime takes over every single audio/video playback association, both in Explorer and with browser-embedded media, and even gets its own system tray and desktop icons. Same goes for iTunes with its "uncheck if you don't want it" policy for the apps mentioned above.
I just don't see why we'd give Apple the benefit of the doubt on this one.
Typical Apple... pushing crapware (Score:4, Insightful)
(I also install Flash and Java in front of the customer, so I can show them the "already checked box" scam).
Re:Not really... (Score:5, Insightful)
Do you seriously not understand the difference between having something show up on a list of updates that are available and actually having it download and install behind your back?
How much research do you think people do before checking a box in an iTunes dialog? The onus is on Apple to not offer stupid things that would coincidentally inflate the installed base of an enterprise utility.
Do you seriously not understand the use case of a typical end-user, e.g. teenager, that thinks they want the 'iPhone Configuration Utility' since it's offered by Apple iTunes and they ... have an iPhone? "Hey, I might want to configure my iPhone. And I've always downloaded every other iTunes update with iPhone in the title." (Anyone that can read the description and decipher that it's for enterprise device management doesn't fit the definition of "typical end-user".)
The results speak for themselves: millions of users installed this software because it looked like a standard iPhone update.
Re:Not really... (Score:5, Insightful)
My sister in law runs itunes on her windows laptop. When she bought it I installed firefox for her to use then she called me to report some strange behavior. She had somehow started running Safari. Firefox had disappeared. So either it happened automatically or she was tricked into installing it.
Or she just went ahead and clicked OK. It's OK to admit that your sister in law might have done that.
She is not sophisticated enough to understand the implications. iTunes should manage music. Not the operating system.
Re:Not really... (Score:5, Insightful)
Users don't read dialog boxes. It could've had red flashing lights around it, and it wouldn't have mattered. It would still have remained checked by default and users would click the "OK" button to make the thing go away.
Also, think about the actual action they'd need to perform to not install the software. Sure, it's easy to say "just uncheck it," but think about what that means. Unchecking the dialog box means that you have to know what the iPhone Configuration Utility is and why you absolutely don't need it. Unchecking it means risking that something will go wrong, because you didn't install something that your computer told you you needed.
*That* is why it's a problem.
Re:Not really... (Score:1, Insightful)
Quicktime is the exact reason why I run iTunes in its own Virtual Machine.
MSIE is the exact reason why I run Windows in its own Virtual Machine.
Re:Not really... (Score:5, Insightful)
Why an F'ing music syncing application needs something like 8 persistently running services is absolutely beyond me.
Re:pushes? (Score:3, Insightful)
Re:Not really... (Score:2, Insightful)
The # of Free Passes (Score:5, Insightful)
How many free passes does Apple get before you start to question their infallibility?
Probably about as many as there are strawman constructions of people's conceptions of Apple as a company.
Re:Not really... (Score:3, Insightful)
I had that happen too
I was at my sister's house this weekend and Saturday at around 11 am CST I saw it pop up on her old Dell machine.
The big problem I had with it was what it was called which was "iPhone Configuration Utility" and the kicker is she owns an iPhone. Which confused me because she had nothing installed on there for her iPhone, only her iPod. So there I was debating on whether or not to install this for her because it sounded applicable and useful to her. I didn't install it but if I did, I would pissed to know that her five year old piece of crap Windows machine is now running an Apache server. Additionally, I had to uncheck Safari. Then I have to go into msconfig and uncheck the damned Quicktime (try installing iTunes without that!) run on startup shit that is always reset when you install iTunes. Because everyone wants that running non stop in the background especially when you have only 512 MB of SDRAM. So I did the little dance and I've bitched about it before but no one seems to care. It's bloatware and it sucks. Her computer can't even run iTunes videos, she just uses it for music but no one seems to care about that. Apple's the king of usability, design and interface chic!
Now we get this story where someone points it out. Do we see people roll in and viciously attack Apple like we all would attack Microsoft if IE8 had Bing's Javascript Attackable Toolbar checked by default on installation? Or Microsoft's indexing service that eats up all your cycles whenever it feels like it? No, no, what we get is "there were maybe a thousand people, relax" or "it's not pushing, you could have unchecked it" or "the Windows people don't know how to update anyway."
Unbelievable. How many free passes does Apple get before you start to question their infallibility? Hey, everyone makes mistakes but you guys are dreaming up probables and likely scenarios that somehow excuse Apple. Why?
Re:Not really... (Score:5, Insightful)
Yes, operating systems should periodically pop up cryptic dialogues asking you to solve an obscure computer science problem, and if you get it wrong then it changes your wallpaper and your file type associations.
There's no reason to make it harder than it has to be, which is what Apple's doing by presenting users with an option they didn't ask for and don't know how to answer.
Re:Not really... (Score:5, Insightful)
Thank you. And in addition, it was listed in a check-box list of items. True, it was enabled by default, but the user still had to hit the button to install it.
About 95% of all adware/malware crap, like those browser toolbars, uses precisely this technique to get installed. It has long stopped being considered adequate. The default for any "extra software" should always be off (Google, I'm looking at you, too).
Risking karma here but shovelware? You can opt out (Score:1, Insightful)
-----------------
Description of the update:
iPhone Configuration Utility lets you easily create, maintain, encrypt, and install configuration profiles, track and install provisioning profiles and authorized applications, and capture device information including console logs.
Configuration profiles are XML files that contain device security policies, VPN configuration information, Wi-Fi settings, APN settings, Exchange account settings, mail settings, and certificates that permit iPhone and iPod touch to work with your enterprise systems. For instructions on how to use iPhone Configuration Utility, see the iPhone and iPod touch Enterprise Deployment Guide, available for downloading at http://www.apple.com/support/iphone/enterprise/ [apple.com]
-----------------
It requires user intervention to install and it comes with a full text description of what the tool does. I know it's popular to hate Apple but insisting they are 'shoving this down users throats' is a misrepresentation. They offer the install and the user has to either leave it checked or uncheck it. If you've properly educated your family and friends (reading below it appears that at least some have), they simply uncheck it and ignore it if they don't know what it is. I've taught my family about software updaters. They simply called me about this one and I told them it wasn't needed and to uncheck it. Problem solved.
That said, Apple should do the right thing and disable these by default or better yet, not even offer them. Any admin worth their salt would be able to find this software if needed in about 3 Google seconds. There is no reason this should be offered in the updater except perhaps if the user already has a previous version installed. I can easily see where a user who does have an iPhone might be tempted to install this without understanding what it does, but a quick read of the update description should clue most people in that this isn't something they could use for day to day use or at least prompt them to ask someone more knowledgable.
As to the Apache software itself, does anyone know if it's enabled by default, or locked down? Apache is actually a pretty secure product if properly configured. I know the knee jerk urge to bash Apple, but does anyone know how it's configured, and if it's enabled by default? For example, every Mac comes with a built in FTP, Print Server, and Web Server, but they are all disabled by default. I know this is on the Windows platform, but surely there are ways to secure an Apache server even on that OS?
Re:The # of Free Passes (Score:2, Insightful)
Exactly. Apple has never gotten a free pass on Slashdot, but that doesn't stop people from claiming that (and at the same time getting modded +5 without fail).
Re:Risking karma here but shovelware? You can opt (Score:5, Insightful)
This makes owning and supporting a computer more difficult for users. I don't have time to answer questions from my friends every time a software publisher pushes out a new update. I've taken to telling them, "If it's a Microsoft auto update, install it. If it's an Apple auto update, install it. If it's an Adobe auto update, install it." When Apple starts pushing out software that is not necessary as part of their update process, it adds unnecessary confusion and software bloat. Like another poster above said, he only has Quicktime installed but the Apple updater is pushing iPhone utilities and Safari onto his desktop. Doing that is just bad form, no matter how descriptive the accompanying text is.
Re:Not really... (Score:5, Insightful)
There's no reason to make it harder than it has to be, which is what Apple's doing by presenting users with an option they didn't ask for and don't know how to answer.
It's almost as if Apple is trying to make Windows look hard to use...
Re:Risking karma here but shovelware? You can opt (Score:5, Insightful)
Time to weild a big hammer (Score:4, Insightful)
It looks like the only way to get Apple to start behaving responsibly would be for Microsoft to put Apple Software Update on the list of targets for the Windows Malicious Software Removal Tool, until Apple eliminates the default checkboxing of "updates" to software the user hasn't installed.
Re:Not really... (Score:4, Insightful)
And NO I don't want Safari for the 10 Billionth time, Apple. Dunno why people prefer them over MS so much - on the scale of evil, I'd rate them roughly equal and on the scale of software features and implementation, I think MS is much better, hands down. IMHO, it's all marketing, which is supposedly something we geeks can't stand.
Re:Risking karma here but shovelware? You can opt (Score:3, Insightful)
The point that I'm trying to make is that I want people to be able to trust software publishers to only deliver updates that they need. I want to be able to tell my friends and family, "If Apple sends you an update, you can install it. You don't have to second guess it." With Apple pushing software updates on users who don't need them, I can't tell people to trust what Apple is asking them to install. That is the problem.
Re:Risking karma here but shovelware? You can opt (Score:5, Insightful)
Additionally, in my experience, these Apple updates happen mostly when launching iTunes.
Picture it, if you will: A user wants to play some music, download a sitcom, or just sync their iPhone. So they launch iTunes, just like they have before. And instead of getting to do those things, they get an annoying thing that won't fucking ever go away until they press OK. Sure, they can cancel it (but then it just comes back), or they can read it and deselect things, but why should they be forced to do these things?
They just want to instruct the computer to provide some manner of entertainment. Instead, the computer ends up instructing them.
This, I think, the paradigm which bothers me most: That the computer switches from being told by the user what it should be doing, to telling (or at least suggesting to) the user what to do.
Re:Not really... (Score:4, Insightful)
I'll wager you that roughly the same percentage of Windows users have ever gone into Services with the intention of disabling unneeded services as OS X users do the same via /etc/rc.d. i.e. NOT F*CKING MANY.
Only a few percent at top would probably be aware of the existence thereof.
Security by obscurity doesn't work, and neither does, nor should "functionality by obscurity". "Oh, that's easily remedied, all you needed to do was disable it in Control Panel & Administrative Tools & Services, didn't you know?" is not what anyone would call acceptable.
Re:The # of Free Passes (Score:3, Insightful)
How the fuck was the GP post a strawman?
Darkness404 made an argument defending Apple. It's apparently not a correct argument, but in the course of that argument, nowhere did they say "Apple is infallible." In fact, almost nobody says or believes anything like that. As a rule, even people with a high degree of enthusiasm for Apple's products generally have some gripes. But the post I replied to essentially asked why the person who made the argument persisted in believing in Apple's infallibility. That's attribution of a position there's no apparent evidence for. This is pretty much what constructing a straw man is.
Really too bad. eldavojohn's response was otherwise fairly useful as an anecdote.
Re:Saw this update a week ago! (Score:5, Insightful)
So ninjas are visible and easily disabled in your world, eh?
In my world, if a program is called 'iPhone Configuration Utility' yet it does not perform configurations relevant to the average owner of an iPhone, then its big-time ninja.
...without any method of preventing it, or any notification that that was happening.
And for the record, it has only been a single year since the iTunes update (version 8) installed...
Apple Mobile Device Support
Bonjour
MobileMe
You claim that I am filled with nerd rage, eh? I claim that you are fucking ignorant.
Re:pushes? (Score:3, Insightful)
So how exactly are they "forcing" this one me?
In that case, explain me why when I update Safari with the latest version on Windows, and I uncheck the Bonjour checkbox, it installs Bonjour anyway ?
Re:Not really... (Score:3, Insightful)
You mean like iSync? The separate sync application that comes with OSX? Yes. I do think that it's ridiculous that the iPhone syncs through iTunes.
Re:Not really... (Score:3, Insightful)
Why an F'ing music syncing application needs something like 8 persistently running services is absolutely beyond me.
Why I need "an F'ing music syncing application" to transfer audio files onto a flash device via USB, when every other similar device allows me to just drag some files onto the drive in explorer, is absolutely beyond me.
Re:Any verification on the Apache web server? (Score:2, Insightful)
Why do I have to know them personally? Silliest argument ever.
That's the equivalent of saying a tree in a forest falling down doesn't make any noise if there is no one there to hear it. Open source is transparent whether or not people routinely take advantage of it's transparency. However it's obvious that some people do take a keen interest in changes, and if there is ever any doubt about what is in apache or a patch, then it's there for anyone to see, and the full trail of changes will be for years thanks to SCM.