Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Oracle Security Windows Apple

Apple Usurps Oracle As the Biggest Threat To PC Security 320

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?
This discussion has been archived. No new comments can be posted.

Apple Usurps Oracle As the Biggest Threat To PC Security

Comments Filter:
  • I haven't had cause to even install Quicktime in... years. Where are these people going that quicktime is so popular?
    • by Hadlock ( 143607 )

      Valid question. I used to install Quicktime... 4? On my Pentium 2 MMX 200mhz computer back in the mid 1990's so I could watch movie trailers on Apple's website in middle school. That's the last time I installed Quicktime that I can remember. I'm honestly curious what purpose it serves today? Is it a web browser plugin or what? I haven't even thought of Quicktime in YEARS.... let alone had a reason to use it...

      • by Yaztromo ( 655250 ) on Friday October 30, 2015 @02:51AM (#50830819) Homepage Journal

        Valid question. I used to install Quicktime... 4? On my Pentium 2 MMX 200mhz computer back in the mid 1990's so I could watch movie trailers on Apple's website in middle school. That's the last time I installed Quicktime that I can remember. I'm honestly curious what purpose it serves today? Is it a web browser plugin or what? I haven't even thought of Quicktime in YEARS.... let alone had a reason to use it...

        My understanding is that versions of iTunes prior to 10.5 required Quicktime. Quicktime has always been more than a video player -- it's an entire multimedia framework, with APIs for doing a whole host of multimedia playback, editing, and conversion capabilities. It was the main multimedia framework for Mac OS X up until 10.7 (Lion).

        iTunes would have used it for both media playback, as well as for transcoding video from various formats/sizes for various Apple devices (iPhone, AppleTV, etc.). Newer versions no longer require Quicktime so far as I'm aware -- however, this article is about people who aren't keeping their software up-to-date, so it wouldn't be surprising to learn that they're still running older OS's and older versions of iTunes.

        Yaz

        • by AmiMoJo ( 196126 )

          Do newer versions of iTunes uninstall Quicktime when you upgrade? If not, it seems likely that a lot of people would have it installed for no reason when they could easily reduce the attack surface.

          • Do newer versions of iTunes uninstall Quicktime when you upgrade? If not, it seems likely that a lot of people would have it installed for no reason when they could easily reduce the attack surface.

            Do you really think that many people have gone that long without having to reinstall Windows?

            And in reply to the sibling AC comment, while I'm here:

            Unless you have Linux distro-like package management, there's no easy way for the iTunes updater to know whether Quicktime is used by some other application.

            Of course there is. Programs get to register to say that they are using a shared DLL. You check to see if your DLL is marked as being in use, and if not, then you uninstall.

            • There's an important distinction in English between "is used by" and "is in use by".

              "Is used by" means that a program which might not currently be running requires the use of that software, whereas "is in use by" means that that program is running.

              You can detect the former, but without some kind of well-designed central registry (!) you can't detect the latter.


            • Of course there is. Programs get to register to say that they are using a shared DLL. You check to see if your DLL is marked as being in use, and if not, then you uninstall.

              How is that supposed to work? A quick googeling for "windows register DLL sharing" give hits for registirng DLLs, but it seems for a different purpose: only registered DLLs are loaded. There is no "registration of a DLL _for_ an EXE" etc. Also this Feature seem only to exist since Vista ...

              • How is that supposed to work?

                Well, upon additional research, it looks like I was mistaken. Some programs seem to manage it, so maybe they're maintaining an internal registry of anything which has used the program previously.

                • Most programs bring their own version of required DLLs and just install them together in the same directory or a subfolder where the program is installed.

                  So cleaning up is easy.

                  If you would want a thing like your idea you could use hardlinks to a centralized repository of libs ... which ofc breaks as soon as you have more than one disk or partition ...

            • Do you really think that many people have gone that long without having to reinstall Windows? That depends on if you count upgrading to the next major version as a reinstall. I know for myself, ever since I got my first Win98 PC, back in 2000, that I've never reinstalled Windows. It's either been OS upgrades, or when I get new hardware, which about once every five years.

          • They do not. The Apple Update software is responsible for all updates, and it will try to install QT, never remove it.
      • Quicktime offers an API which allows other programs to display video. A very simple one which is why so many programs used it for such a long time. You will also find a lot of support for the MOV container format in video cameras, and baked in support in many image editing suites e.g. Adobe Lightroom (because the line between video camera and still camera is nonexistent these days).

        I have it on my computer only because I have a program which depends on it. I don't know anyone who uses it as a media player a

      • Valve requires quicktime to use their Source video editor and the replay generator in TF2.
    • by Zocalo ( 252965 )
      Many video editing and conversion tools claim that they "require" that QuickTime be installed during installation (although in many cases it's not actually required depending on the individual's specific needs), and then proceed to either download and install the current version or install an almost certainly out of date version from installation media. Since a basic version of a video editing tool is included with most devices with video capable cameras, I suspect this is probably responsible for bumping
  • by fintux ( 798480 ) on Friday October 30, 2015 @02:21AM (#50830755)
    The reason why I'm stalling sometimes with the updates is that the whole process is interfering with my computer usage. There are annoying popups requiring attention at about 30 s - 1 min intervals, activating a random time after computer boot and trying to install 3rd party software, so I need to be in a mood for installing those updates. Not even to mention that every software has its own update software with its quirks. And Windows also now notifies you to disable "unnecessary" start up software, which often includes these update checkers. These should all come from a single source and be handled much more like they are handled in Linux distributions or mobile app stores.
    • Comment removed based on user account deletion
      • Windows 10 added built-in support for that - package repositories. Although I have no idea what Apple, Oracle, Adobe etc. have done or intended to do with it.
        A safe bet would be to wait for the release of Windows Server 2016, then in that time frame there should be more maturity and support, along with the ssh client.

        • Judging by Oracle's previous updater efforts, nothing. This is the same company which couldn't be bothered to make a Java updater which could check for updates without producing a UAC pop up.

    • a better way to do this is with NINITE

    • I find that update notifications for QT are just a reminder that I have to uninstall it. Can't think of a single reason to have it on a PC.
    • by rhazz ( 2853871 ) on Friday October 30, 2015 @07:40AM (#50831485)
      The problem with iTunes is how often they modify the UI or key functions. At my peak iTunes usage I probably only used it once a month. Every single time there was a new update waiting, and every time I allowed the update it would modify the UI in some non-intuitive way, and it would take an onerous amount of time trying to figure out where they moved a particular command. So eventually I only updated when a particular function stopped working entirely. Honestly, if you have to refactor your UI every time you add a feature, start from scratch and design something more scalable.
  • Not fatigue (Score:4, Insightful)

    by Anonymous Coward on Friday October 30, 2015 @02:33AM (#50830791)

    I was so excited when I got my iPhone 4. It's old, I know. Everything worked so well.

    Now... itunes has changed so much I can barely use it. It's always losing playlists, stopping play because it sees a cloud icon when the downloaded version is right underneath it, etc. Don't get me started about the hidden File Edit menus. My iphone barely works anymore. Browsers slow, maps is a joke, switching tasks takes a while.

    The last thing in the world I want to do is update itunes and IOS. Each time it gets more and more unusable, each time the experience stops 'just working'. I won't upgrade either again. Too scared. Too much time to remake all those playlists. Too worried about the lag from the new OS or insanely strange UI of itunes.

    It's too bad we can't just stick with a version that works, but this 'one size fits all' approach isn't working great.

    • I was so excited when I got my iPhone 4. It's old, I know. Everything worked so well.

      Now... itunes has changed so much I can barely use it.

      This is just so true.

      It's as if incompatibility is the new compatibility, and many updates break other things.

      Too often, agreeing to an update means you just clicked on 'enter dependency hell here'.

      -wb-
       

    • I agree with your general assertions regarding iTunes making changes for the worse. That said, let me offer a few answers/responses to some of your gripes (many of which I share or have shared), from one frustrated user to another:

      Don't get me started about the hidden File Edit menus.

      It's a setting in Windows these days. Ctrl+B toggles hiding/showing the menu bar by default. Otherwise you need to press Alt to get it to appear on-demand.

      stopping play because it sees a cloud icon when the downloaded version is right underneath it

      Regarding the cloud stuff, that should only happen if you have two separate copies of the track. The best solution is to get r

  • These statistics are meaningless without actual install numbers. Of the computers scanned, how many actually had QuickTime installed? How many had Java?

    I do wish Apple would stop pushing QuickTime, I don't have it installed on my Windows PC and I don't use it on my Mac.
  • Never get the latest versions. They may fix bugs, but they add unwanted and ill meaning new features.

    • This was why I stopped using Apple software on Windows in general. I got tired of having it download a bunch of superfluous, unwanted things (like Bonjour), never mind just how slow and awful iTunes for Windows was.

      But it's definitely not worth leaving buggy, outdated software on your machine. If you care about it being secure, then either update it, with all the good and bad, or get rid of it.
  • What does that have to do with PCs?

  • Yes, update fatigue (Score:5, Informative)

    by johannesg ( 664142 ) on Friday October 30, 2015 @03:19AM (#50830881)

    Plus we're tired of being tricked into accidentally downloading unwanted virusscanners (flash), toolbars (java), and whatever other crap they want to bundle. We are tired of running two dozen automatic update tools at all times, all fighting for internet access and all using memory and CPU time. Sure, it's very little and it mostly ends up in swap anyways - but it adds up. And we are certainly tired of having to deal with that crap every time we boot the machine.

    It's a great mystery to me why Windows does not have a unified update service (like Windows Update, but also including tools from 3rd parties). It doesn't even have to go through Microsofts servers - just let programs register their own server with the update service, and then let the update service do updates at times when it is convenient to me.

    I've solved at least part of this problem by simply not having QuickTime or Java installed. Flash is installed, but only runs on demand (which is actually far less often than you'd imagine). Windows Update I've shut down after Microsoft started pushing spyware and adware as "important updates". So now I run a risk of "hackers". So far they've proven less of a nuisance than actual vendors...

    • Oh lucky you, I've got too much crap which depends on Java and Quicktime to rid myself from it.

    • I just get tired of non-system updates which require a reboot.

      I just built a new workstation system based on Server 2012R2 (to get the server-level features) and one thing I put off was installing Acrobat Reader. It finally became just too annoying to use Chrome as a PDF reader, so I broke down and installed it -- from Adobe's web site. And sure enough, two days later, it's blinking at me on the taskbar to fucking reboot due to some update.

      For a system which runs off SSDs isn't that time consuming individ

  • by unami ( 1042872 ) on Friday October 30, 2015 @03:42AM (#50830911)
    it's just unbelievable, how often flash needs to be updated. i usually disable autoupdates and only install the new version whenever i need it. but still, you can't use the computer for a couple of days without flash getting deactivated by safari because there's a newer version. how many bugs/security holes can one poece of software have?
  • by jafiwam ( 310805 ) on Friday October 30, 2015 @05:07AM (#50831069) Homepage Journal

    Users view updates from Apple as risky.

    Here is what one can expect with an update to iTunes:

    -four or five "yes I agree" click-throughs, one for each service the user hasn't signed up for or ever used
    -longer load time and general bloat
    -random UI changes that make it an exercise in "what will they think of next" to do basic stuff like sync a phone
    -an army of snotty "senior" "helpers" explaining the problem is not a problem, most of whom just don't bother to read
    -a SECOND set of random UI changes and feature removals for media organizing, moving or removing stuff like menus and ability to manage play lists, some of which represents hours and hours of tinkering with it.
    -"Careful, don't do that" advice from people who lost their whole library, or had to reinstall and couldn't find the library on the hard drive again.

    For Quicktime, it's about the same, only the user doesn't use the program much beyond obscure or old porn

    Apple has a BIG PROBLEM trying to push their UI bullshit into an environment where their UI bullshit stands out as particularly retarded. There's NO FUCKING REASON to remove the standard word based drop down across the top of the program. More space? People already have more screen space (or second, or third screens) than they know what to deal with. Doesn't look good to emo-fags? How about a toggle to turn it off? (which leaves it on by default)

    The actual risks for a slight chance for a security exploit are meaningless compared to the guaranteed fist-smashing-keyboard frustration of a simple update. I have actually helped users disable updates from Apple because they were so afraid of said bullshit or their old iPod or iPhone suddenly not working with it.

    If Apple wants to get people to update on Windows, they need to stay within the expected design parameters of Windows better and just let the program look different on different platforms.

    • by upuv ( 1201447 ) on Friday October 30, 2015 @05:42AM (#50831167) Journal

      I have to completely agree.

      Apple software installs effectively trash your carefully configured machine. How many WTF moments have I had just after a simple update and realise that my personal content has now magically moved. To where? Pictures and Videos I take of the family all of a sudden are assimilated into the Apple sphere. My preferences for video audio, homepage, picture, editing etc all trashed.

      And in most case it's damn near impossible to remove. Thus being relegated to un-used software that is slowly dying in a dark corner of the hard-drive.

      • Apple software installs effectively trash your carefully configured machine.

        That's because they want you to get frustrated with your current experience and switch to an Apple computer.

    • by cfalcon ( 779563 )

      > If Apple wants to get people to update on Windows, they need to stay within the expected design parameters of Windows better and just let the program look different on different platforms.

      Amen. And even if you LIKE the Apple UI, you probably don't want it updated underneath you to function totally differently, and in some cases you don't want to stop workflow and figure out the workaround to the latest moved (or even deleted) feature.

      I update iTunes when it won't work with a new version of some Apple

  • I'll be that guy (Score:4, Insightful)

    by Rob MacDonald ( 3394145 ) on Friday October 30, 2015 @06:24AM (#50831255)
    I'm gonna go ahead and call this flamebait. I'm no fan of Apple but that's more about their business practices and less about the quality of their hardware and software... but I'm struggling to blame Apple for people not keeping quicktime updated. Who the F@CK uses quicktime? I know back to the future day has passed, so clearly we aren't travelling back to 1998, so wtf is quicktime even doing on most peoples machines?
    • by cfalcon ( 779563 )

      I'm pretty sure that some .MOV files don't play in VLC, or don't play correctly. I'm not 100% sure if that's still true, but it was absolutely the case two years ago.

    • Who the F@CK uses quicktime?

      People who use software that:
      Software that didn't bother writing their own video playing engine and hooked into quicktime.
      Software that did write it's own video playing engine but didn't realise that maybe people have figured out how to play MOV containers without having quicktime installed.

      I wish this was some no-name software I'm talking about, but unfortunately it's the single most popular image editing tool on the market that requires quicktime in order to preview video files and copy them off cameras.

      N

    • QuickTime is more than just the QuickTime player. It's libraries are used by Finder for previews of media files, iTunes for playback of movies and music (That's why if you want to add ogg support, you put the codec in /Library/QuickTime and not /Library/iTunes.), and various third-party programs call on its functions as well. Also, it does more than just playback and encoding. It supports subtitles, branching, chapters, and most of the other features you'd fine on DVD to BluRay. That's how movies purcha

  • Many Fortune 500 companies prohibit the use of iTunes on the corporate network. Some users have huge iTunes libraries that make it difficult to defrag the hard drive or transfer user data to the network server in a timely manner. As a help desk technician, I have to tell them that I can't backup their iTunes library and won't fix their computer until they remove iTunes. Some users are understanding, most are not.
  • According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security

    No, it's the underlying WinTEL platform that's the biggest threat to PC security, and has been since forever ...
  • At some point, software vendors are going to need to address the issue that when they make crappy updates, people don't apply them.

    Consider mobile app store updates: they rarely install other unrelated crapware, don't reconfigure your device settings, and don't require reboots... and users typically install them automatically. Conversely, Apple's PC software updates typically do all of the above, and people regularly decline them as a result.

    Hence it's not a problem with update fatigue, it's just a problem

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...