Apple Pushes Unwanted Software To PCs, Again 267
itwbennett writes "Blogger Steven J. Vaughan-Nichols wags his finger at Apple for indiscriminately pushing the iPhone Configuration Utility 2.1 update out to Windows users, since it is a tool for business system administrators to set up and administer corporate iPhones — the blogger himself (and practically every other iPhone user) not being of the corporate iPhone user persuasion. But more than just unnecessary, the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing 'not just a configuration program, but the Apache Web server as well,' says Vaughan-Nichols. 'A Web server like the one Apple [is] adding to your PC... [is] a gateway just asking to be hammered on by an attacker. Managed properly Apache is as safe a Web server as you'll ever find, but ordinary PC users shouldn't try to manage it, and even an expert can't do anything with it if they don't know it's there.'" Reader CWMike notes that Apple pulled the iPhone Configuration Utility from the update list after a few hours.
Not really... (Score:3, Informative)
the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing
Millions? Lets see here, the update was only recommended for a few hours and was quickly pulled. How many people do you think update constantly? If Windows updates are any indication (and most just install in the background with almost no user interaction) chances are very few. We aren't talking about "millions" but a few thousand in the worst case.
pushes? (Score:3, Informative)
Re:Not really... (Score:5, Informative)
Re:Not really... (Score:5, Informative)
the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing
Millions? Lets see here, the update was only recommended for a few hours and was quickly pulled. How many people do you think update constantly? If Windows updates are any indication (and most just install in the background with almost no user interaction) chances are very few. We aren't talking about "millions" but a few thousand in the worst case.
Well iTunes has been installing the Apple Updater Thingy by default for a long time, so the question is how often that checks for updates. And according to Ars Technica (http://arstechnica.com/apple/news/2009/09/apple-pushes-unwanted-enterprise-tool-to-windows-users.ars) the update was actually pushed "earlier this month" and only came to the attention of the online media today. It sounds like it was pulled a few hours after it hit half the computer-related news sites, not a few hours after it was pushed out to users.
Re:Any verification on the Apache web server? (Score:5, Informative)
I have the iPhone Configuration Utility installed on a work machine as we support a few dozen iPhones at work. Just checked, and there's no Apache process (just an iPCU.exe) when running the app. One of the links in the summary also mentioned using a browser against localhost:3000 for configuration, netstat shows no process listening on that port.
Re:Not really... (Score:5, Informative)
My sister in law runs itunes on her windows laptop. When she bought it I installed firefox for her to use then she called me to report some strange behavior. She had somehow started running Safari. Firefox had disappeared. So either it happened automatically or she was tricked into installing it.
Re:Not really... (Score:3, Informative)
Thank you. And in addition, it was listed in a check-box list of items. True, it was enabled by default, but the user still had to hit the button to install it.
Re:Apple haters ahoy! (Score:3, Informative)
Try again... (Score:4, Informative)
Re:Any verification on the Apache web server? (Score:3, Informative)
Re:Any verification on the Apache web server? (Score:2, Informative)
Bvllshit. http://httpd.apache.org/security/vulnerabilities_22.html [apache.org]
Quicktime Alternative (Score:3, Informative)
Re:Quicktime Alternative (Score:3, Informative)
Re:Not really... (Score:5, Informative)
Defending Apple? In my slashdot?
This was a stupid move and Apple's not as innocent as you claim. Defaulting the box to checked is almost equivalent to installing it without consent and Apple knows it. In both cases you end up with users loaded down with crap they don't need and distrusting updates, which has real dollar costs. The only difference is that in the former case the tech crowd squeals a little less, so that's the route they choose.
Honestly, even if they were really stupid enough to not see any problem when they did it the first time, they have no excuse for doing it a second time. Why would they put it out and then withdraw it a few hours later? Did they forget the user backlash from the first time?
Re:Any verification on the Apache web server? (Score:3, Informative)
Re:Not really... (Score:3, Informative)
Re:Likely Accidental (Score:2, Informative)
Maybe you just failed to notice that Bonjour, QuickTime, and MobileMe are all tied to iTunes for functionality.
MobileMe is tied in to iTunes for iPhones, Bonjour is for iTunes Sharing, and QuickTime is required for iTunes functionality.
Safari has been known (recently) to prompt for optional installation, but is not checked for installation by default. Your wife would have to check the box and click the install button to "accidentally" install Safari. Also, she is prompted to install these items because the Apple Software Updater process is running on startup. Whoever installed iTunes failed to read and uncheck the box for it to not be installed.
Re:Not really... (Score:3, Informative)
Hahaha. Patently false.
"Patently false" and "here's a minor detail you left out" are *not* synonymous.
What's more, your "minor detail" is, itself (ironically) patently false. It wasn't in the "update" section, because there wasn't an update section at that time. The "Updates" and "New Software" sections were put in in response to people complaining (rightly so, but a bit hyperbolically in tone) about it.
Re:Any verification on the Apache web server? (Score:4, Informative)
Since when has "virtually no" meant "no"? IIS6.x has had eight vulnerabilities in its seven years of existence (only seven if you search CERT). Less than one a year. IIS7.x has had two in two years (three if you search CERT, plus one "unreliable"). One a year. Apache 2.0.x has had TWENTY-FIVE, and Apache 2.2.x has had TWENTY SEVEN.
Re:Risking karma here but shovelware? You can opt (Score:4, Informative)
By the same token you can click on Microsoft's updates and, you know, actually read what they are for and what they do. They even have a link to tell you.
Err... Most of the time.
Fairness in our bashing would go a long ways.
Re:Not really... (Score:4, Informative)
Yes, I do. Because Apple installs Quicktime when you install iTunes. iTunes when you install Quicktime. Safari when it thought it could get away with it when you installed iTunes.
And when you tell Quicktime to not be the default audio / video player, good luck. It'll still be there. As will iPodService.exe as a kernel-level service, even when you've never used an iPod.
Re:Likely Accidental (Score:3, Informative)
Safari used to be checked by default.
I remember being quite annoyed at it.
Re:Risking karma here but shovelware? You can opt (Score:2, Informative)
I think it's a sekrit ploy by Steve Jobs to focus the negative virus/malware based attention away from Apple and toward Microsoft.
What better way to add fuel to the "Apple doesn't get viruses" lie than to have Apple install not just an exploitable software, but a fucking web server, which can be used to proliferate more worms/malware/viruses on the Windows machines.
I would say that's exactly what is happening, especially when a different post here mentions that this "update" was "intended" for corporate IT administrators... I'm a systems administrator; do you have any fucking clue how pissed off I would be to find out that Apple just turned my network of workstations into a network of web servers? Thankfully we don't have any automatic updates turned on, and every time I update our images I intentionally neglect iTunes and Quicktime.