Apple Usurps Oracle As the Biggest Threat To PC Security

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?

Really? Quicktime? Seriously?

[Derekloffin]

I haven't had cause to even install Quicktime in... years. Where are these people going that quicktime is so popular?

Re:

[Hadlock]

Valid question. I used to install Quicktime... 4? On my Pentium 2 MMX 200mhz computer back in the mid 1990's so I could watch movie trailers on Apple's website in middle school. That's the last time I installed Quicktime that I can remember. I'm honestly curious what purpose it serves today? Is it a web browser plugin or what? I haven't even thought of Quicktime in YEARS.... let alone had a reason to use it...

Re:Really? Quicktime? Seriously?

[Yaztromo]

Valid question. I used to install Quicktime... 4? On my Pentium 2 MMX 200mhz computer back in the mid 1990's so I could watch movie trailers on Apple's website in middle school. That's the last time I installed Quicktime that I can remember. I'm honestly curious what purpose it serves today? Is it a web browser plugin or what? I haven't even thought of Quicktime in YEARS.... let alone had a reason to use it...

My understanding is that versions of iTunes prior to 10.5 required Quicktime. Quicktime has always been more than a video player -- it's an entire multimedia framework, with APIs for doing a whole host of multimedia playback, editing, and conversion capabilities. It was the main multimedia framework for Mac OS X up until 10.7 (Lion).

iTunes would have used it for both media playback, as well as for transcoding video from various formats/sizes for various Apple devices (iPhone, AppleTV, etc.). Newer versions no longer require Quicktime so far as I'm aware -- however, this article is about people who aren't keeping their software up-to-date, so it wouldn't be surprising to learn that they're still running older OS's and older versions of iTunes.

Yaz

Re:

[AmiMoJo]

Do newer versions of iTunes uninstall Quicktime when you upgrade? If not, it seems likely that a lot of people would have it installed for no reason when they could easily reduce the attack surface.

Re:

[drinkypoo]

Do newer versions of iTunes uninstall Quicktime when you upgrade? If not, it seems likely that a lot of people would have it installed for no reason when they could easily reduce the attack surface.

Do you really think that many people have gone that long without having to reinstall Windows?

And in reply to the sibling AC comment, while I'm here:

Unless you have Linux distro-like package management, there's no easy way for the iTunes updater to know whether Quicktime is used by some other application.

Of course there is. Programs get to register to say that they are using a shared DLL. You check to see if your DLL is marked as being in use, and if not, then you uninstall.

Re:

[OolimPhon]

There's an important distinction in English between "is used by" and "is in use by".

"Is used by" means that a program which might not currently be running requires the use of that software, whereas "is in use by" means that that program is running.

You can detect the former, but without some kind of well-designed central registry (!) you can't detect the latter.

Re:

[angel'o'sphere]

Of course there is. Programs get to register to say that they are using a shared DLL. You check to see if your DLL is marked as being in use, and if not, then you uninstall.

How is that supposed to work? A quick googeling for "windows register DLL sharing" give hits for registirng DLLs, but it seems for a different purpose: only registered DLLs are loaded. There is no "registration of a DLL _for_ an EXE" etc. Also this Feature seem only to exist since Vista ...

Re:

[drinkypoo]

How is that supposed to work?

Well, upon additional research, it looks like I was mistaken. Some programs seem to manage it, so maybe they're maintaining an internal registry of anything which has used the program previously.

Re:

[angel'o'sphere]

Most programs bring their own version of required DLLs and just install them together in the same directory or a subfolder where the program is installed.

So cleaning up is easy.

If you would want a thing like your idea you could use hardlinks to a centralized repository of libs ... which ofc breaks as soon as you have more than one disk or partition ...

Re:

[jader3rd]

Do you really think that many people have gone that long without having to reinstall Windows? That depends on if you count upgrading to the next major version as a reinstall. I know for myself, ever since I got my first Win98 PC, back in 2000, that I've never reinstalled Windows. It's either been OS upgrades, or when I get new hardware, which about once every five years.

Re:

[sabbede]

They do not. The Apple Update software is responsible for all updates, and it will try to install QT, never remove it.

Re:

[thegarbz]

Quicktime offers an API which allows other programs to display video. A very simple one which is why so many programs used it for such a long time. You will also find a lot of support for the MOV container format in video cameras, and baked in support in many image editing suites e.g. Adobe Lightroom (because the line between video camera and still camera is nonexistent these days).

I have it on my computer only because I have a program which depends on it. I don't know anyone who uses it as a media player a

Re:

[spire3661]

Valve requires quicktime to use their Source video editor and the replay generator in TF2.

Re:

[Zocalo]

Many video editing and conversion tools claim that they "require" that QuickTime be installed during installation (although in many cases it's not actually required depending on the individual's specific needs), and then proceed to either download and install the current version or install an almost certainly out of date version from installation media. Since a basic version of a video editing tool is included with most devices with video capable cameras, I suspect this is probably responsible for bumping

Re:

[alzoron]

You mean there's no supported and regularly updated version of Safari for Windows. Just because Apple stopped supporting it on Windows doesn't mean it was completely wiped out of existence.

In fact, people running older unsupported versions of Safari actually fits right into the vibe of what this article is all about

Annoying update process

[fintux]

The reason why I'm stalling sometimes with the updates is that the whole process is interfering with my computer usage. There are annoying popups requiring attention at about 30 s - 1 min intervals, activating a random time after computer boot and trying to install 3rd party software, so I need to be in a mood for installing those updates. Not even to mention that every software has its own update software with its quirks. And Windows also now notifies you to disable "unnecessary" start up software, which often includes these update checkers. These should all come from a single source and be handled much more like they are handled in Linux distributions or mobile app stores.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Blaskowicz]

Windows 10 added built-in support for that - package repositories. Although I have no idea what Apple, Oracle, Adobe etc. have done or intended to do with it.
A safe bet would be to wait for the release of Windows Server 2016, then in that time frame there should be more maturity and support, along with the ssh client.

Re:

[Electricity Likes Me]

Judging by Oracle's previous updater efforts, nothing. This is the same company which couldn't be bothered to make a Java updater which could check for updates without producing a UAC pop up.

Re:

[laurencetux]

a better way to do this is with NINITE

Re:

[sabbede]

I find that update notifications for QT are just a reminder that I have to uninstall it. Can't think of a single reason to have it on a PC.

Re:Annoying update process

[rhazz]

The problem with iTunes is how often they modify the UI or key functions. At my peak iTunes usage I probably only used it once a month. Every single time there was a new update waiting, and every time I allowed the update it would modify the UI in some non-intuitive way, and it would take an onerous amount of time trying to figure out where they moved a particular command. So eventually I only updated when a particular function stopped working entirely. Honestly, if you have to refactor your UI every time you add a feature, start from scratch and design something more scalable.

Re:

[Bert64]

Doesn't work if you're running the applications as an unprivileged user...

Re:

[jedidiah]

...if you are doing that then chances are that your box is being managed by someone else and they are using a 3rd party tool that acts like a Linux package manager (or they should be).

Not fatigue

[Anonymous Coward]

I was so excited when I got my iPhone 4. It's old, I know. Everything worked so well.

Now... itunes has changed so much I can barely use it. It's always losing playlists, stopping play because it sees a cloud icon when the downloaded version is right underneath it, etc. Don't get me started about the hidden File Edit menus. My iphone barely works anymore. Browsers slow, maps is a joke, switching tasks takes a while.

The last thing in the world I want to do is update itunes and IOS. Each time it gets more and more unusable, each time the experience stops 'just working'. I won't upgrade either again. Too scared. Too much time to remake all those playlists. Too worried about the lag from the new OS or insanely strange UI of itunes.

It's too bad we can't just stick with a version that works, but this 'one size fits all' approach isn't working great.

Updates too often mean 'dependency hell'

[waterbear]

I was so excited when I got my iPhone 4. It's old, I know. Everything worked so well.

Now... itunes has changed so much I can barely use it.

This is just so true.

It's as if incompatibility is the new compatibility, and many updates break other things.

Too often, agreeing to an update means you just clicked on 'enter dependency hell here'.

-wb-
 

Re:

[Anubis IV]

I agree with your general assertions regarding iTunes making changes for the worse. That said, let me offer a few answers/responses to some of your gripes (many of which I share or have shared), from one frustrated user to another:

Don't get me started about the hidden File Edit menus.

It's a setting in Windows these days. Ctrl+B toggles hiding/showing the menu bar by default. Otherwise you need to press Alt to get it to appear on-demand.

stopping play because it sees a cloud icon when the downloaded version is right underneath it

Regarding the cloud stuff, that should only happen if you have two separate copies of the track. The best solution is to get r

Re:

[drinkypoo]

I can't decide if I'm better off here, with my old Android phone permanently stuck in the 19th century with no updates in sight.

Which phone is it? Are there really no custom ROMs? There's still someone making new ROMs for the transformer prime, for chrissake. And last I checked, still ROM development on the Xperia Play!

Re:

[drinkypoo]

I have an Elocity tablet. It's stuck on Android 2.2.

This is why we don't mess with niche brands unless they have an exceptional record for customer support... Sure, the mainstream vendors may well also screw you, but it's somewhat less likely. I did buy a Tronsmart MK908 way back when, but that taught me my lesson. At least it got up to JB.

Install numbers

[andymadigan]

These statistics are meaningless without actual install numbers. Of the computers scanned, how many actually had QuickTime installed? How many had Java?

I do wish Apple would stop pushing QuickTime, I don't have it installed on my Windows PC and I don't use it on my Mac.

Latest versions...

[Darinbob]

Never get the latest versions. They may fix bugs, but they add unwanted and ill meaning new features.

Re:

[Fire_Wraith]

This was why I stopped using Apple software on Windows in general. I got tired of having it download a bunch of superfluous, unwanted things (like Bonjour), never mind just how slow and awful iTunes for Windows was.

But it's definitely not worth leaving buggy, outdated software on your machine. If you care about it being secure, then either update it, with all the good and bad, or get rid of it.

Oh, Windows, Quicktime, Java?

[rrohbeck]

What does that have to do with PCs?

Yes, update fatigue

[johannesg]

Plus we're tired of being tricked into accidentally downloading unwanted virusscanners (flash), toolbars (java), and whatever other crap they want to bundle. We are tired of running two dozen automatic update tools at all times, all fighting for internet access and all using memory and CPU time. Sure, it's very little and it mostly ends up in swap anyways - but it adds up. And we are certainly tired of having to deal with that crap every time we boot the machine.

It's a great mystery to me why Windows does not have a unified update service (like Windows Update, but also including tools from 3rd parties). It doesn't even have to go through Microsofts servers - just let programs register their own server with the update service, and then let the update service do updates at times when it is convenient to me.

I've solved at least part of this problem by simply not having QuickTime or Java installed. Flash is installed, but only runs on demand (which is actually far less often than you'd imagine). Windows Update I've shut down after Microsoft started pushing spyware and adware as "important updates". So now I run a risk of "hackers". So far they've proven less of a nuisance than actual vendors...

Re:

[thegarbz]

Oh lucky you, I've got too much crap which depends on Java and Quicktime to rid myself from it.

Reboot fatigue

[swb]

I just get tired of non-system updates which require a reboot.

I just built a new workstation system based on Server 2012R2 (to get the server-level features) and one thing I put off was installing Acrobat Reader. It finally became just too annoying to use Chrome as a PDF reader, so I broke down and installed it -- from Adobe's web site. And sure enough, two days later, it's blinking at me on the taskbar to fucking reboot due to some update.

For a system which runs off SSDs isn't that time consuming individ

Re:

[jedidiah]

Quicktime always did more than just decode video. It's also a sort of programming environment. For people that bother to use it, it can be very slick. It's like having all of the nonsense that you get on DVDs but in your MP4 file.

Each of these "grave" threats are development platforms. So you have to deal with "bad programs" and not just bad data.

Same problem as macro laden msword files.

i'm surprised, it's not flash

[unami]

it's just unbelievable, how often flash needs to be updated. i usually disable autoupdates and only install the new version whenever i need it. but still, you can't use the computer for a couple of days without flash getting deactivated by safari because there's a newer version. how many bugs/security holes can one poece of software have?

Re:

[93 Escort Wagon]

No, it's still Flash. But you don't get article clicks by talking about what a buggy piece of crap Flash is - everyone already knows it.

Re:

[cfalcon]

> how many bugs/security holes can one poece of software have

All of them

Users View Updates from Apple as Risky

[jafiwam]

Users view updates from Apple as risky.

Here is what one can expect with an update to iTunes:

-four or five "yes I agree" click-throughs, one for each service the user hasn't signed up for or ever used
-longer load time and general bloat
-random UI changes that make it an exercise in "what will they think of next" to do basic stuff like sync a phone
-an army of snotty "senior" "helpers" explaining the problem is not a problem, most of whom just don't bother to read
-a SECOND set of random UI changes and feature removals for media organizing, moving or removing stuff like menus and ability to manage play lists, some of which represents hours and hours of tinkering with it.
-"Careful, don't do that" advice from people who lost their whole library, or had to reinstall and couldn't find the library on the hard drive again.

For Quicktime, it's about the same, only the user doesn't use the program much beyond obscure or old porn

Apple has a BIG PROBLEM trying to push their UI bullshit into an environment where their UI bullshit stands out as particularly retarded. There's NO FUCKING REASON to remove the standard word based drop down across the top of the program. More space? People already have more screen space (or second, or third screens) than they know what to deal with. Doesn't look good to emo-fags? How about a toggle to turn it off? (which leaves it on by default)

The actual risks for a slight chance for a security exploit are meaningless compared to the guaranteed fist-smashing-keyboard frustration of a simple update. I have actually helped users disable updates from Apple because they were so afraid of said bullshit or their old iPod or iPhone suddenly not working with it.

If Apple wants to get people to update on Windows, they need to stay within the expected design parameters of Windows better and just let the program look different on different platforms.

Re:Users View Updates from Apple as Risky

[upuv]

I have to completely agree.

Apple software installs effectively trash your carefully configured machine. How many WTF moments have I had just after a simple update and realise that my personal content has now magically moved. To where? Pictures and Videos I take of the family all of a sudden are assimilated into the Apple sphere. My preferences for video audio, homepage, picture, editing etc all trashed.

And in most case it's damn near impossible to remove. Thus being relegated to un-used software that is slowly dying in a dark corner of the hard-drive.

Re:

[jader3rd]

Apple software installs effectively trash your carefully configured machine.

That's because they want you to get frustrated with your current experience and switch to an Apple computer.

Re:

[cfalcon]

> If Apple wants to get people to update on Windows, they need to stay within the expected design parameters of Windows better and just let the program look different on different platforms.

Amen. And even if you LIKE the Apple UI, you probably don't want it updated underneath you to function totally differently, and in some cases you don't want to stop workflow and figure out the workaround to the latest moved (or even deleted) feature.

I update iTunes when it won't work with a new version of some Apple

I'll be that guy

[Rob MacDonald]

I'm gonna go ahead and call this flamebait. I'm no fan of Apple but that's more about their business practices and less about the quality of their hardware and software... but I'm struggling to blame Apple for people not keeping quicktime updated. Who the F@CK uses quicktime? I know back to the future day has passed, so clearly we aren't travelling back to 1998, so wtf is quicktime even doing on most peoples machines?

Re:

[cfalcon]

I'm pretty sure that some .MOV files don't play in VLC, or don't play correctly. I'm not 100% sure if that's still true, but it was absolutely the case two years ago.

Re:

[thegarbz]

Who the F@CK uses quicktime?

People who use software that:
Software that didn't bother writing their own video playing engine and hooked into quicktime.
Software that did write it's own video playing engine but didn't realise that maybe people have figured out how to play MOV containers without having quicktime installed.

I wish this was some no-name software I'm talking about, but unfortunately it's the single most popular image editing tool on the market that requires quicktime in order to preview video files and copy them off cameras.

N

Re:

[SvnLyrBrto]

QuickTime is more than just the QuickTime player. It's libraries are used by Finder for previews of media files, iTunes for playback of movies and music (That's why if you want to add ogg support, you put the codec in /Library/QuickTime and not /Library/iTunes.), and various third-party programs call on its functions as well. Also, it does more than just playback and encoding. It supports subtitles, branching, chapters, and most of the other features you'd fine on DVD to BluRay. That's how movies purcha

The Bane of the I.T. department...

[__aaclcg7560]

Many Fortune 500 companies prohibit the use of iTunes on the corporate network. Some users have huge iTunes libraries that make it difficult to defrag the hard drive or transfer user data to the network server in a timely manner. As a help desk technician, I have to tell them that I can't backup their iTunes library and won't fix their computer until they remove iTunes. Some users are understanding, most are not.

Re:

[jader3rd]

Is an ITunes library a giant file, or just a collection of mp3's?

Re:

[__aaclcg7560]

It's a folder structure with a database file and MP4 files.

According to data from Secunia

[nickweller]

According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security

No, it's the underlying WinTEL platform that's the biggest threat to PC security, and has been since forever ...

Not update fatigue... crappy update fatigue

[sigmabody]

At some point, software vendors are going to need to address the issue that when they make crappy updates, people don't apply them.

Consider mobile app store updates: they rarely install other unrelated crapware, don't reconfigure your device settings, and don't require reboots... and users typically install them automatically. Conversely, Apple's PC software updates typically do all of the above, and people regularly decline them as a result.

Hence it's not a problem with update fatigue, it's just a problem

Re:

[Anonymous Coward]

Why would Apple NOT update it's insecure Windows software ? Anyone ?

A more poignant question would be why do users not update their insecure third party Windows software regularly? There is an amazing array of PCs out there that are running pretty antiquated software of third party software. It does not matter how diligently pushes updates, there isn't a damn thing they can do to motivate their user base to update any more often than the user can be bothered which is usually close to never. If the vendor changes the settings of their software update services to apply patch

Re: It's a business opportunity!

[John Allsup]

If the vendor has not managed to produce a properly written, secure, bug free piece of software by the 10th attempt, what faith should one have in the 11th. Software updates have lead to bloat, bug tolerance and laziness. If vendors were required to ship working software, rather than anything they liked, we would have less software, but far less low quality software. Oracle, Apple and Adobe have some amazingly well written code lurking in their products, but it is buried under tons of bloated rubbish that should never have been considered fit to release.

Re: It's a business opportunity!

[TheRaven64]

If the vendor has not managed to produce a properly written, secure, bug free piece of software by the 10th attempt, what faith should one have in the 11th

Name one piece of software that is over 50,000 lines of code and is bug free after any number of attempts.

If vendors were required to ship working software, rather than anything they liked, we would have less software, but far less low quality software

We would have far less software. seL4 is the most complex piece of formally verified code and is around 10,000 lines of code. NICTA estimates that the cost of developing it is around 30 times the cost of developing the equivalent software with best-practice feature and regression testing and code review. The cost of making a nontrivial modification to seL4 is almost as great as the cost of writing it in the first place.

Oh, and when seL4 was open sourced, it took under 24 hours before someone found an exploitable security hole in it, because their formal verification hadn't verified the property that the attacker was looking for.

Eudora

[justthinkit]

Eudora is so good, so rock-solid stable, they stopped development and have given it away [softonic.com] for the past 9 years.

Re:

[harperska]

https://en.wikipedia.org/wiki/... [wikipedia.org]

True, however that is a very special case as TeX is still actively supported, yet hasn't had a new feature added in over 25 years. I know it's moving goalposts slightly, but name a piece of software over 50,000 lines of code which is bug free and actively being enhanced. Or to look at it another way, TeX only reinforces GP's point, that it takes 25 years of patches without any feature enhancements to make a large codebase bug-free.

Re:

[TheRaven64]

TeX may be bug free, but that's only because it is a small VM that does very little. If you actually want to use it, you need to use a load of other packages, which do contain bugs.

Re:

[neoritter]

Are you an idiot?

Re:

[Ol Olsoc]

If the vendor has not managed to produce a properly written, secure, bug free piece of software by the 10th attempt, what faith should one have in the 11th. .

Windows OS?

Re:It's a business opportunity!

[Bert64]

The problem is the "updaters", and these only exist because windows doesn't provide a centralised update system for applications to hook into.

You end up with a load of background updater processes wasting resources at all times, so they end up getting turned off.
And because the update process happens in userland, unprivileged users (ie most corporate installs) cannot apply the updates or run the updater.
Most corporate deployments won't update these applications centrally because doing so is a painful process.

Re:

[mrbester]

Another problem is that they are bug ridden heaps of crap that can't even be bothered to follow application guidelines that everybody else was capable of following for over a decade but instead force their own ideal of an interface that only looks good in one OS.

Re:It's a business opportunity!

[AmiMoJo]

Mozilla and Google have solved the update problem in a nice way. They install services that do the updating, but don't run most of the time. When the app detects an update it wakes up the service, which does the installation.

That means that the updater uses zero resources when not actively updating, and because it was installed as a service doesn't need further UAC prompts or admin level elevation to work. In other words, limited users can update.

Re: It's a business opportunity!

[Anonymous Coward]

Which is fucking great until someone takes over your privileged service that's running in the background.

Re:

[del_diablo]

Also, that isn't even the core problem. The problem is that other applications will copy the Chrome approach. At some point in a few years, it could be possible at all your applications are doing this. All of them. Even if all of them end up as the final version.
Thats quite a few services to take over.

Re:

[hudsucker]

True for Mozilla, but not for Google. It has a Google updater that runs independently of Chrome and other Google apps.

The reason non-admin users can update on Windows is that Google subverts the security model by installing applications into the user's profile.

Re:

[armanox]

That's not really subverting when users have traditionally been able to do this themselves.

Re: It's a business opportunity!

[Karlt1]

You end up with a load of background updater processes wasting resources at all times, so they end up getting turned off

That's not true for Apple's update. It creates a scheduled task for Windows Task Manager. Windows Task Manager launches the update checker I believe once every 24 hours. The updated is not constantly in memory.

Personally, I don't keep iTunes up to date on my Windows PC because I never use it. I back up my phone using iCloud, pictures automatically get downloaded to my computer using the iC

Re:

[nine-times]

You end up with a load of background updater processes wasting resources at all times, so they end up getting turned off.

Even more often, they don't get turned off, and instead you end up with 10 different updaters running on 10 different schedules, each using up resources, each popping up and nagging the user, and half of which are going to ask for a reboot. As someone who runs IT support for a few thousand computers, this is a problem that I've been looking for an elegant solution to for decades now, without any luck.

I really don't see why Apple and Microsoft can't design a system-wide package manager that allows 3rd part

Re:

[Grishnakh]

Even if they did make such a system, I'll bet many of these software vendors wouldn't bother to use it and would instead want to push their own spyware-laden updater.

Re:

[jader3rd]

these only exist because windows doesn't provide a centralised update system for applications to hook into.

Microsoft is afraid that if they did provide that, that when things go wrong with downloads via that channel, that people will blame Microsoft, not the vendor.

Re:

[Pentium100]

Because updates are inconvenient and sometimes they contain something else beside the security patches.

Updating is a distraction, even if I am not using the program at the moment. Say, I am watching a movie and Java update pops up. Will I pause the movie to install a newer version of Java? Unlikely. After watching the movie, I will have forgotten about the update. It's even worse with updates that require a reboot. I pretty much never reboot my main PC because I "lose my place". Servers are a bit different

Re:

[Somebody Is Using My]

I do not have to "update" my car (made in 1982), tape deck or radio, unless some component wears out or just fails. Why does software come so unfinished and so full of defects?

Actually, you probably did did...

Ford E350 [fordforumsonline.com]
Product Recalls for Chevrolet S10 in 1982 [automd.com]
Product Recalls for Ford Granada in 1982 [fordforumsonline.com]

(there were probably more, but those were three I found in just a quick Google search)

Oh sure, they're called "recalls" instead of updates but they are essentially the same thing: you get your product "patched" to

Re:

[Pentium100]

Compare the number of car recalls to the number of critical patches for software.

Yes, my car (Mercedes W123) has some design problems, however, those problems only showed themselves a long time after the car was made (various water leaks resulting in rust, bad plastic in the radiator, resulting in the part snapping off after 30 years of use, alternator not designed for using headlights all day (a bit too weak) etc).

Re:

[Somebody Is Using My]

You're moving the goalposts.

Your initial argument was that other products (automobiles, in this case) don't need to be "patched". I gave evidence that they do. Now you've changed the argument that they do not need to be patched as often or as soon.

I could probably find recalls for brand new cars if I really cared to. And doubtlessly a lot of minor issues - largely cosmetic - don't warrant a recall, leaving the customer to deal with it on their own (I remember a car where the pleather started peeling off the

Re:

[Pentium100]

I was talking about critical problems - like bursting into flames (or the PC being taken over by hackers). If I do not "update" my car (again, with the exception of mechanical parts that are worn out - same for a failed PC hardware) - most of the time I only encounter small problems. The design of my car was not updated in 30 years, I can still be safe on the road, sure, the newer cars may be better and safer, but my car is no less usable now than it was when new. Hell, a 50 year old car (assuming it is no

Re:

[Ol Olsoc]

Compare the number of car recalls to the number of critical patches for software..

Compare the intertooze to the same amount of time that autos were on the road. I'd say car tech around 1905 or so (depending when you considered commercial autos were commercial)

Regardless, We've had autos well over a hundred years now, Internet software and personal computers for much less time.

And cars are still recalled all the time.

Re:

[Pentium100]

Aren't cars recalled more now than they were a couple of decades ago? Seems that the practice of "do whatever then patch it" of software design leaked into car hardware design.

Take games for example, in the past, there was no convenient way of updating it, so you either got it right the first time or the game was considered bad and you lost money. Now you can patch it on the go, so the companies started using their customers as playtesters that not only do not need to get paid, but pay the company for the p

Re:

[Pentium100]

My car was built properly the first time, it did not need continuous replacement of parts because the original ones had design/manufacturing defects. Due to being mechanical. some parts did wear out or failed in the years after the car was made though.

And if I replaced the tape deck with a radio that had internet connection, while the radio could be hacked, the rest of my car would not be. So why in modern cars you can use a hacked radio to hack the rest of the car?

Software, on the other hand, especially cu

Re:

[neoritter]

My car was built properly the first time, it did not need continuous replacement of parts because the original ones had design/manufacturing defects.

Oh look...
http://www.popularmechanics.co... [popularmechanics.com]
http://www.bankrate.com/financ... [bankrate.com]

Re:

[plover]

You're confusing automotive engineering, software engineering, and security engineering. With automotive engineering, you can produce V1.0 of a car, and as long as it gets the occupants from A to B most of the time, it's good enough. Later, you realize it's not very fuel efficient, so you iterate upon it and release v2.0. You then discover some component doesn't wear well, and redesign it for v3.0, perhaps add some safety equipment, improve crash survivability, etc.

With software engineering, you similarly r

Re:

[bkr1_2k]

Because third party Windows software, especially from Apple, keeps losing features that users want/like. Upgrading to lose capability is stupid. Add to that the incredible amount of bloat and shit like embedded advertising and users have very little incentive to "upgrade" to new versions.

Re:

[jellomizer]

I blame Microsoft, more than Apple.
Qucktime and Java, were Microsoft's biggest threats at one time, so Microsoft did little to embrace such tools, and actively went to making them suck on the windows environment. Forcing Apple and Sun (now Oracle) to get creative on distribution of its software. Microsoft could had realized that these competing software was popular on their platform, and it may be a good idea, to allow Apple and Sun/Oracle to post updates straight to Microsoft so it would be part of the s

Re:

[neoritter]

hahahahahahahahahahhahaaha
OMG, the ignorance....

Re:

[Carewolf]

AV scanners on Android would be for Trojans intentionally placed in things you buy. It doesn't fit the conventional profile of malware and certainly isn't comparable to the Windows situation.

The virus scanners that Linux and MacOS have are to clean WINDOWS viruses.

No, OS X has plenty of viruses now. Linux has had worms but they mostly targets servers.

That's a name I haven't heard in a long time.

[Thud457]

holy crap.
Quicktime ?
RealPlayer?

What is this 2001 ?

Re:

[Anonymous Coward]

The Java holes that won the award for least secure software ever were in the Java plugin sandbox. Enterprise Java is not using the sandbox.

The credit card stealing holes in big enterprise systems are more likely to be holes in the software handling the credit cards, rather than Java itself.

Re:

[Anonymous Coward]

Right, because you never encounter a non-technical CEO-type person who insist on having his iCrap connected to the corporate network. Nope, never. And they certainly don't ask the supporters to jump through hoops in order their make their bling authenticate against the AD-servers, nope wouldn't happen, ever /sarcasm.

Really, considering my workplace is supposed to be a Windows-only-shop, we spend an inordinate amount of time messing around with dysfunctional Apple-software because boss-types want to be down

Re:Quicktime upgrade pushes other shit

[Z00L00K]

The same goes for a lot of software - clog your computer with bloatware like Chrome and whatever that I never use.

And at every upgrade the software package asks me to confirm that I agree to the current license version instead of just installing the update in the background silently to ensure that I get the latest security updates.

In addition to that Windows also enforces the UAC to make you confirm that the update installation is permitted. But in many cases this is problematic since it won't help many users that are out there, especially those with limited computer knowledge who either clicks "No" on everything or "Yes" on everything. In both cases it leads to bad results.

Re:

[AmiMoJo]

What bloatware does Chrome install?

Chome is actually one of the best apps I've seen for a long time. It installs without admin permissions to the user's local folder. It updates automatically and silently, which while annoying for some nerds it a massive boon for normal users. You never get prompted with new EULAs for any other fatigue inducing stuff like that. It runs at the lowest possible permissions, heavily sandboxed, Security fixes are prompt,

Re:

[Alumoi]

What bloatware does Chrome install?

You mean besides itself?

Re:

[spire3661]

Installing without admin privs in the user folder is something to be damned, not praised. If you want to use portable Chrome in the user folder, great, but standard Chrome breaks all the rules. You think its a great app because you are ignorant.

Re:

[Z00L00K]

Chrome is bloatware added to some software packages.

Re:

[Z00L00K]

Yet another that didn't understand that Chrome was the bloatware added to another software.

Re:

[Grishnakh]

It's not just Google, every big company is like this.

If the retards at Microsoft had their way, everyone would have a Windows Phone, own a Surface Pro, use a PC with Windows 10 and use Metro apps all day long with a touchscreen and get gorilla arm and need physical therapy on a regular basis for it, and would have invasive background check processes running all the time, which would never be turned off, and they'd be using Windows' built-in keylogging spyware.

If the retards at Apple had their way, everyone

Re:

[spire3661]

UAC works exactly like password prompts on OSX do, save for the dimming of the screen. Its there for you to realize, "hey im doing a system-level change, is everything correct?"

Re:

[Behrooz Amoozad]

sometimes back in the today

FTFY. It broke something in my friends computer today.

Re:

[gameboyhippo]

This. It's like the PlayStation 3 of software.

Re: first

[fyngyrz]

From TFS, the biggest infection vector isn't "Apple", it is simply users who have failed to update.

Clickbait nonsense. Dice. But I repeat myself.